AML: Your first steps

Consider who is the appropriate person to be your AML/CFT Compliance Officer, this role is important and the person should be of strong character. It is essential for your AML/CFT programme to be successful and this person has the on-going support of the organisation at the executive level, and the ability to report to that executive.

  • Consider what additional resources may be required to support that individual?

One of the first steps you will need to do in establishing your AML/CFT programme is defined by Section 58(1) which requires that you undertake an assessment of the risk your business may reasonably expect.

  • Does our business have the experience, or in-house capability to undertake this assessment in a robust and honest manner? Your AML / CFT Risk Assessment will be a core company document going forward. If you do require assistance, there are several companies offering AML consulting services. Infolog does not offer these services.

AML risk assessment requirements

Your risk assessment must be in writing and must address the following issues:

  • Identify the risks faced by the company in the course of its business.
  • Describe how the company will ensure the assessment remains current.
  • Enable the company to determine the level of risk involved in relation to relevant obligations under the Act.

In assessing risk, your business must have regard to the following:

  • The type, nature, size and complexity of your business.
  • The products and services offered.
  • The methods by which you deliver products and services to customers.
  • The types of customers you deal with.
  • The countries you deal with.
  • The institutions you deal with.
  • Any applicable guidance material produced by the AML/CFT Supervisors.
  • Any other factors that may be provided for in regulations.

Execution of your Risk Assessment

You will need to execute on how you will meet the requirements identified in your risk assessment into your business process. You do have options and your decision may be based on the timeframe for compliance, the available skill set you have available, and the need to control costs.

  • You can operate and meet all AML / CFT requirements in house.
  • Section 34 allows for the use of an Agent to conduct customer due diligence procedures.
  • You can utilise a blended service using both options as above.
  • Or you may use an Agent as above until your internal capability is in place.

If an agent is an option, one of the services Infolog works with and recommends is Trust Integrity and Compliance Company  https://ticc.nz/

In-house AML / CFT operation

  • Consider what procedures will need to be applied firm-wide, or to specific teams.
  • Should your customer due diligence (CDD) be centralised or implemented by front-line staff?
  • Consider any need to implement and change any IT system or business processes to align with your AML/CFT obligations.
  • What process will you use for the collation of the data in respect of existing customers?
  • Avoid re-identification of the same individuals. Where an individual is linked to multiple entities you handle, specify a process where the AML/KYC identification requirements for that individual can be linked to the multiple entities.

Staff Training and Vetting for AML / CFT

Under section 57(b) of the AML/CFT Act, Senior Managers, the Compliance Officer and all staff involved in AML/CFT duties must be trained in AML/CFT matters such as the following:

  • Relevant AML/CFT legislation and any changes to legislation.
  • Your organisations AML/CFT risks as identified during your Risk Assessment.
  • The current operation of your AML/CFT Programme, including reporting lines. This is important as a Reporting Entity must submit the Report with the Financial Intelligence Unit no later than three working days after forming the suspicion.
  • AML training should be provided at the start of employment, and then annually.

Your AML programme must also set out your procedures, policies and controls for vetting senior managers, your compliance officer and any other employees who will conduct AML/CFT duties.

  • The purpose of vetting is to avoid hiring a person who may themselves pose an AML/CFT risk. Vetting involves checking someone’s background to determine suitability for an AML position, making sure they are who they say they are, and checking that the information they have provided is correct.

The training and vetting requirements may dictate that you centralise your AML/CFT activities at first then roll out as training of staff progresses. Again, the option of outsourcing AML/CFT activities could be considered. https://ticc.nz/

All AML / CFT programmes will require an Information provider

Infolog is not the only provider in this area, however we have been providing identity and location verification services to Government, banking and finance sector clients for many years.

  • For AML/CFT we offer a suite of simple, fast and cost-effective products designed to ensure a superb customer experience for both you and your client.
    • These services include identity verification, location verification, PEPs, sanctions, sources of funds and wealth, combined with the essential ongoing monitoring elements.
  • We offer on-line training modules for your people.
  • All AML Reporting Entities are obliged to conduct a review and audit of their risk assessment and AML/CFT programmes every two years, or when required by their AML/CFT supervisor.
    • Infolog’s in-built audit and reporting functions provide exportable reports that greatly assist in meeting audit requirements.