The Reserve Bank supervises banks, life insurers, and non-bank deposit takers.
The Department of Internal Affairs covers casinos, non-deposit-taking lenders, money changers and reporting entities not covered by the other supervisors.
The three AML/CFT supervisors actively co-operate with each other and with the New Zealand Police’s Financial Intelligence Unit (FIU). NZ Police FIU also publish guidance information for reporting entities on their obligations to report suspicious activities and prescribed transactions, and how to meet those obligations. To submit a suspicious activity report or a prescribed transaction report please refer to - goAML.
Who needs to comply
The reporting entities supervised by the FMA are listed in Section 130 of the Act. They include:
issuers of securities
derivatives issuers and dealers
brokers and custodians
equity crowdfunding platforms
The Minister of Justice may grant a range of exemptions to all or any of the Act’s requirements.
Section 58 of the Act requires each reporting entity to assess the risk it may reasonably expect to face of money laundering and financing of terrorism in the course of its business. The Act calls this a risk assessment.
The Act takes a risk-based approach to compliance. Reporting entities (within the limits set by the Act and regulations) have some flexibility to determine the way in which they meet their obligations based on their risk assessment. Once a risk assessment is completed, a business can then put in place an AML/CFT programme that minimises or mitigates these risks. See the AML/CFT programme guideline.
The AML/CFT programme will set out your procedures, policies and controls for detecting, managing and mitigating the risk of money laundering, and the financing of terrorism your business may reasonably expect to face. The programme must be in writing and based on your risk assessment.
Annual Reports obligation
All reporting entities are required to prepare an annual report on their risk assessment and AML/CFT programme. Information from these reports will provide us with important information on the people and organisations we supervise, and help us:
understand the risk of money laundering and financing of terrorism activities in each reporting entity
ensure that information we have on our reporting entities is accurate and up-to-date
determine the best use of our AML/CFT resources.
Independent audit obligation
Each reporting entity must ensure its risk assessment and AML/CFT programme are audited every 2 years or at any other time at the request of the FMA. We may also request a copy of any audit report. You do not need to submit your audit report to us unless we request to see it.
How to get started
Engage an independent and qualified auditor early – this is to ensure one is available to assist you.
Review and address issues in your risk assessment, AML/CFT compliance programme and supporting policies and procedures internally before the independent audit.
Refer to the guidelines and reports and our FAQs that detail specific information on what is necessary to complete your AML/CFT audit.
It will take time for your auditor to review your risk assessment, compliance programme, test supporting evidence and prepare an audit report. You should also allow sufficient time (sometimes up to several weeks) to review the audit findings, and agree with the final report.