Starting June 1, 2024, New Zealand will enact the second phase of amendments to the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009. This second phase follows the first set of amendments that was enacted in July 2023. The upcoming third phase will be enacted on June 1, 2025.
Let's dive into the significant updates regarding reporting entities' obligations under these new regulations. Reporting entities must ensure they have the necessary systems and procedures to comply with the updated obligations.
If you're one of our Source customers, watch our informative video where our Source expert, Lisa Fernandes, gives you a step-by-step walkthrough on how you can set up your Source platform to ensure you continue to be compliant.
Risk assessments
Reporting entities must review and revise their risk assessments to include emerging technologies, products, or delivery mechanisms before adopting them.
For example, if your firm recently replaced Google searches with an external screening tool to find adverse information on clients or related parties, you should update the relevant inquiry in your risk assessment template accordingly.
Customer Due Diligence changes
Standard Due Diligence: Legal Persons (e.g. Private Companies)
The information collection requirement for customers categorised as legal persons/arrangements is expanded under the new regulations.
For legal persons like private companies or limited partnerships, reporting entities must collect and verify the following:
- Legal form
- Proof of existence
- Ownership and control structure
- Any governing powers and regulations
- For companies: existence and names of nominee directors and shareholders
- For limited partnerships: existence and names of nominee general partners
Standard Due Diligence: Legal Arrangements (e.g. Trusts)
For customers identified as legal arrangements such as trusts, reporting entities must collect and verify the following:
- Legal form
- Proof of existence
- Ownership and control structure
- Any governing powers and regulations
- For trusts: identify the settlor(s) and any protector(s) of the trust
Verification Procedures
Verification requirements vary based on the new information mandates. Reporting entities must authenticate details against documents, data, or information issued by a reliable and independent source. All other requirements must be verified against a reliable source.
This entails gathering official documents to validate the existence, legitimacy, ownership, and control of legal entities.
For example, for a private company, reporting entities could collect:
- Company extract from the Companies Office or equivalent local registry- to show details of the company, business activities, registration number, registered address, directors and shareholders.
- Shareholding register - to show details of the shareholders if the legal entity is located in a jurisdiction with no public beneficial ownership information
- Company constitution - to understand the rules, structures and regulations governing the company.
For a trust, a reporting entity could collect:
- A copy of the trust deed and any amendment deeds from the client - to understand the rules, structure, and regulations governing the trust and to identify the beneficial owners of the Trust.
For a limited partnership, a reporting entity could collect:
- Limited partnership extract from the Limited Partnership register or equivalent local registry - to show details of the partnership, registration number, registered address, and general partner(s) information.
- A copy of the limited partnership deed and any amendment deeds from the client - to understand the rules, structure, and regulations governing the trust and to identify the beneficial owners of the partnership.
Ongoing Customer Due Diligence (OCDD)
The new regulations require additional steps by reporting entities for ongoing due diligence.
Reporting entities must review, update, and verify any changes in customer information based on the risk level of the customer and transaction. They should also assess the adequacy of the information collected for CDD and consider when it was last conducted.
The triggers for OCDD for a reporting entity may include:
- Change in beneficial owners e.g. new director or shareholder >25% in a company, new trustees or appointors in a trust
- Change in address jurisdiction to a higher-risk country e.g. moving address from New Zealand to Vietnam
- Change in business activities to higher-risk activities e.g. business is now working with South African clients.
E.g. Your firm has OCDD alerts set for review every year for medium-risk clients. You are reviewing a NZ Company set at medium risk. During your review, you have identified that there is a new majority shareholder based in the Philippines (FATF High-Risk Country) and the current director has moved address. You will then need to verify the new beneficial owner, conduct EDD on the new shareholder and collect and verify the new address of the director.
Enhanced Due Diligence (EDD)
Differentiation between source of wealth or source of funds
Reporting entities are required to distinguish between when they should collect and verify a customer’s source of funds information, source of wealth information, or both.
This distinction should be outlined within the compliance program based on the reporting entity’s risk profile and exposure to money laundering risks.
E.g. Based on your reporting entity’s risk profile and exposure to money laundering risks, you may decide that source of wealth will be collected on all captured activities, however, for all conveyancing transactions you may decide that source of funds is more appropriate.
Additional EDD Requirements
Additional EDD measures are prescribed if typical enhanced CDD measures are insufficient.
These include obtaining further information about a transaction, examining the purpose of a transaction, enhanced monitoring of a business relationship, and obtaining senior management approval.
Reporting entities could collect additional source of wealth/funds information by:
- Expanding the time frame for already collected information e.g. collecting 6-12 months of bank statements VS 3 months of bank statements, past 3 years' financial statements for the entity
- Asking for copies of annual returns, tax returns, and investment portfolio summaries
- Implementing stricter transaction monitoring controls for unexpected or large transactions.
Reliance within DBGs (Designated Business Groups)
A reporting entity within a designated business group may rely on another member's CDD procedures if they meet or exceed the standards required under the Act and its regulations.
For example, if a New Zealand-based real estate agency is part of an international franchise with offices in countries with equivalent AML requirements, reliance on those offices' CDD procedures may be possible.
Use of agents
Reporting entities who are using external agents to conduct CDD procedures and obtain any CDD information should update their compliance programmes to outline any procedures, policies, and controls relating to:
- Functions carried out by an agent of the reporting entity as part of the programme
- Vetting agents who carry out functions of the reporting entity:
- Training agents of the reporting entity on AML/CFT matters:
- Maintaining a list of agents of the reporting entity acting in the AML/CFT programme.
Virtual assets
Virtual asset service providers (VASPs) safeguarding or administering virtual assets now face stricter AML requirements.
These regulations apply to transactions involving virtual assets of $1,000 or more. Virtual asset transfers are now defined as wire transfers under the AML Act.
Source walkthrough: How to set up your platform to be compliant with latest NZ AML/CFT updates
Our platform is built to be flexible, so that you're able to adjust your settings to adhere to the latest legislative changes and your unique compliance programme.
Watch our informative video below where our Source expert, Lisa Fernandes, gives you a step-by-step walkthrough on how you can set up your Source platform to ensure you continue to be compliant.
Additional reading
- DIA, FMA and RBNZ Updated guidelines related to customer due diligence
- Minter Ellison legal update
- Dentons Insights
- Strategi Guidance Note
The 2023 Amendment Regulations in full can be found at the following links:
- Anti-Money Laundering and Countering Financing of Terrorism (Cross-border Transportation of Cash) Amendment Regulations 2023
- Anti-Money Laundering and Countering Financing of Terrorism (Definitions) Amendment Regulations (No 2) 2023
- Anti-Money Laundering and Countering Financing of Terrorism (Exemptions) Amendment Regulations 2023
- Anti-Money Laundering and Countering Financing of Terrorism (Prescribed Transactions Reporting) Amendment Regulations 2023
- Anti-Money Laundering and Countering Financing of Terrorism (Requirements and Compliance) Amendment Regulations 2023
About First AML
First AML simplifies the entire anti-money laundering onboarding and compliance process. Its SaaS platform, Source, stands out as a leading solution for organisations with complex or international onboarding needs. It provides streamlined collaboration and ensures uniformity in all AML practices.
First AML transforms an otherwise complex and manual process into one that is simple, cost-effective, and compliant for businesses. By delivering efficiency and time savings, it protects reputations and enables companies to stay on the right side of history in the face of global threats.
Keen to find out more? Book a demo today! No time for a long demo? No problem. See what Source by First AML can do for your business in 2 minutes – watch the short demo here.