Understanding the 8 parties and the roles they play in your AML/CFT programme

1. Reporting Entity

This is you (the organisation or business) captured through the nature of the activities undertaken by the legislation. To date two tranches of reporting entity sets have been enacted: Tranche 1 – banks, finance companies, financial service providers, money transfer agents and motor vehicle dealers. Tranche 2 – lawyers, accountants, real estate agents, conveyancers, businesses that deal in high value goods, and betting on sports and racing. The reporting entity is required to implement, manage and actively manage an AML programme to meet the legislated requirements. Penalties for non-compliance can be severe and allow for criminal sanctions including imprisonment.

2. Supervisor

Each set of Reporting Entities has a government department as Supervisor that sets detailed rules for how the AML/CFT legislation is to be implemented. They are also responsible for messaging and information, monitoring compliance, and prosecuting non-compliance. The departments currently acting as AML/CFT Supervisors are as follows:

  • Department of Internal Affairs.
  • Reserve Bank of New Zealand.
  • Financial Markets Authority.
3. Compliance Officer

Section 56(2) of the AML/CFT Act dictates that an employee of your business must be nominated as the AML Compliance Officer. TheAML Compliance Officer is responsible for administering and maintaining your AML/CFT Program and is the key contact named with the AML/CFT Supervisor.

  • If your business does not have employees, you must appoint a suitable person to act as the AML/CFT Compliance Officer.
  • This role does not have to be a stand-alone position, but it should be filled by an employee holds a senior position or reports to a senior manager.
4. AML Consultant

This role is optional, however Section 58(1) requires your organisation to undertake an assessment of the risk your business may reasonably expect to face during its business. You need to consider whether your organisation truly has the in-house capability to undertake your AML / CFT Risk Assessment.

The Risk Assessment must be in writing and will be a core company document going forward. This is your organisation’s guide in understanding and implementing your AML / CFT requirements within your business. It should consider your current documentation, including staff contracts, client contracts, policy documents, and privacy policy. Its hould also review your business processes to ensure compliance.

There are several companies offering AML Consulting services.

5. Your AML Staff - Vetting and Training

Under section 57(b) of the Act, Senior Managers, the Compliance Officer and all staff involved in AML/CFT duties must be trained in AML/CFT matters:

  • Relevant AML/CFT legislation and any changes to legislation.
  • AML/CFT risks shown in your Risk Assessment.
  • The current AML/CFT Programme.
  • Tasks and duties that can be carried out by staff with appropriate AML/CFT training.

AML training should be provided at the start of employment, and then annually. Your programme must also set out your procedures, policies and controls for vetting senior managers, your compliance officer and any other employees who have AML/CFT duties. The purpose of vetting people is to avoid hiring a person who may pose an AML/CFT risk. Vetting involves checking someone’s background to determine their suitability for an AML position, making sure they are who they say they are, and checking the information they have provided is correct.

6. Your AML/CFT Information Service

Once your AML/CFT programme is operational, you will need access to quality information. This is where Infolog can help.

Infolog provides dedicated AML/CFT services such as identity verification, location verification, PEPs, sanctions, sources of funds and wealth, and ongoing monitoring. Infolog also offers services to assist with your staff vetting.

Infolog has been working in the AML/CFT area for several years with banks and finance clients. In that time we have developed products that are simple to use, cost-effective, and fast.

In on-boarding new clients it is important to ensure the customer experience comes first and the process is as simple as it can lawfully be.

  • One of these is Infolog Identity Plus, which combines many of our data services into an easy to read one-page review to on-board your clients. Refer to the Customer Due Diligence Sections 11 and 15 of the Act.
  • Section 50 of the Act imposes an ‘Obligation to keep identity and verification’ records used to verify the identity of a person. Infolog maintains a secure encrypted environment to store these records.
  • Ongoing Customer Due Diligence (Monitoring) is also one of the requirements as per Section 31 of the Act. Infolog’s Notification services do exactly this and are an important aspect to help you meet these ongoing requirements. Notifications are free to set with a small charge only when a change of interest occurs on one of your entities.
  • AML Reporting Entities are also obliged to conduct a review and audit of their risk assessment and AML/CFT programmes every two years, or when required by their AML/CFT supervisor. See sections 59 through 60. Infolog’s inbuilt audit and reporting functions provide exportable reports that greatly assist clients meet these audit requirements.
  • Section 56(2) of the Act requires an employee of your business to be nominated as your AML Compliance Officer. They are responsible for administering and maintaining the AML/CFT Programme. Again the inbuilt Infolog audit and reporting functions will provide great assistance to your Compliance Officer in this critical role.
  • The Infolog Portal’s online training modules can also assist you under Section 57(b) of the Act, which stipulates that Senior Managers, the Compliance Officer and all staff involved in AML/CFT duties must be trained in AML/CFT matters.
  • Information management and compliance outside the Act it is also important as there are many other legislative and compliance requirements which cannot be ignored concerning access, viewing and retention of information. (Privacy Act, and the Electronic Identity Verification Act 2012 and the Identity Information Confirmation Act 2012.) Non-compliance is not an option.
  • The structure and controls provided to clients via the Infolog Portal also help the you meet obligations imposed relating to the control and access to certain search services, maintaining an audit trail, and training of staff who access these services.
7. The Financial Intelligence Unit (FIU) – your reporting requirements

The FIU provides financial intelligence relating to suspicious transactions and activity, money laundering, the financing of terrorism and other serious offences. It fulfils the functions and exercises powers of the Commissioner of Police as set out in the AML/CFT Act. The FIU helps the New Zealand government fulfil its obligations to the inter-governmental Financial Action Task Force (FATF). The FIU collects information in five main report types:

  • Suspicious Activity Reports (SAR) from 1 July 2018.
  • Suspicious Transaction Reports (STR).
  • Prescribed Transactions Reports (PTR).
  • Suspicious Property Reports (SPR).
  • Border Cash Reports (BCR).

Reports are submitted to the FIU using the goAML Web application: http://www.police.govt.nz/advice/businesses-and-organisations/fiu/goaml

As a general rule, a suspicious transaction will be one that is inconsistent with the customer’s known activities and profile or with the normal business expected for that type of client.

  • A Reporting Entity must identify any suspicious activity or transactions and raise the appropriate Report to the Police if it has reasonable grounds to suspect a transaction may relate to specified money-laundering or terrorism offending.
  • A Reporting Entity must submit the Report with the Financial Intelligence Unit no later than three working days after forming the suspicion.
8. Independent AML/CFT Auditor

Your Risk Assessment document and AML/CFT Programmes must be independently audited every two years, or when requested by your AML/CFT Supervisor. Refer to Sections 59 or 59A. The person conducting the audit must be independent and must not have been involved in developing, establishing, implementing or maintaining the AML/CFT Programme. An Independent AML/CFT Audit is a written report on whether:

  • You meet the minimum requirements for your AML/CFT risk assessment and AML/CFT programme.
  • The AML/CFT programme was adequate and effective throughout a specified period.
  • Advice is needed on any changes.

The auditor needs to have the relevant skills or experience to conduct the audit, and you must be able to justify the qualifications of your auditor.