Your obligations - AML/CFT

The Act imposes several obligations if you operate a business that falls within the definition of a reporting entity. You will need:

a written risk assessment of the money laundering and financing of terrorism activity you could expect in the course of running your business
an anti-money laundering and countering financing of terrorism programme that includes procedures to detect, deter, manage and mitigate money laundering and the financing of terrorism and has:

a compliance officer appointed to administer and maintain your programme
customer due diligence processes (CDD) based on your risk assessment including customer identification and verification of identity
Suspicious transaction reporting (STR) now known as suspicious activity reporting (SAR), auditing and annual reporting systems and processes.

Complete a risk assessment

A risk assessment is the first step your business must take to comply with the AML/CFT Act.
This will enable you to develop a programme to mitigate this risk in a proportionate way.
Your AML/CFT supervisor expects that you will have a clear understanding of the ML/TF risks and vulnerabilities you face during the course of business.

We strongly recommend that you are familiar with the following documents before you undertake your risk assessment.

Understanding the risks

FMA's Sector Risk Assessment (SRA) is a review of the characteristics of certain sectors of the financial system. It assesses the level of risk of money laundering occurring in that sector and outlines any particular risks in that area. You can also read sector risk assessments prepared by the Reserve Bank and the Department of Internal Affairs for the sectors they supervise, and the national risk assessment.

Risk Assessment guideline by Supervisors

This guideline is designed to help you conduct your money laundering and terrorism financing risk assessment (risk assessment) under the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 (the Act).

Download the Supervisor's risk assessment guide to AML/CFT obligations PDF, 155KB.

AML/CFT Guide for small financial adviser businesses

This guide describes how a small financial adviser business may go about AML/CFT obligations in a simple way. It focuses on risk assessments, customer due diligence (CDD) and suspicious transaction reports (STR) because they are particularly important obligations under the AML/CFT regime, which affect financial advisers in a unique way.

Download the AML/CFT guide for small financial adviser businesses PDF, 570KB.

Reporting entity must consider

the nature, size and complexity of your business
the types of products or services you provide
the methods by which you deliver products and services to your customers.
the types of customers you deal with
the countries you deal with
the institutions you deal with
any other applicable guidance material produced by the AML/CFT supervisors.

Put in place a compliance programme

The Act takes a risk-based approach to compliance.
Reporting entities (within the limits set by the Act and regulations) have some flexibility to determine the way in which they meet their obligations based on their risk assessment.
Once a risk assessment is completed, a business can then put in place an AML/CFT programme that minimises or mitigates these risks.

AML CFT Programme Guideline

The AML/CFT programme will set out your procedures, policies and controls for detecting, managing and mitigating the risk of money laundering, and the financing of terrorism your business may reasonably expect to face. The programme must be in writing and based on your risk assessment.

Download the AML/CFT Programme Guideline PDF.

AML/CFT Annual Report obligation

All reporting entities are required to prepare an annual report on their risk assessment and AML/CFT programme. Information from these reports will provide us with important information on the people and organisations we supervise, and help us:

understand the risk of money laundering and financing of terrorism activities in each reporting entity
ensure that information we have on our reporting entities is accurate and up-to-date
determine the best use of our AML/CFT resources.

Completing your annual report
To complete the annual report, you will need your most recent financial year-end data.

We also recommend that you:

familiarise yourself with the questions set out in the regulations
if you are a financial adviser in a small business Download the 'How to complete your annual AML/CFT report' PDF.
review the AML/CFT FAQs.

How to submit your report
The e-services portal is no longer available. If your AML/CFT return is outstanding or you need to resubmit it please contact us. We will provide you with a pdf that needs to be completed and emailed back to us.

Need help?
If you experience any problems submitting your report or if you need help, please email us at aml@fma.govt.nz or call us on 0800 434 566.

Independent audit obligation

Each reporting entity must ensure its risk assessment and AML/CFT programme are audited every 2 years or at any other time at the request of the FMA.
We may also request a copy of any audit report.
You do not need to submit your audit report to us unless we request to see it.
We will use the audit report as a supervisory tool to give us a good insight into a reporting entity's AML/CFT compliance and is an effective way of helping us supervise.

Refer to the following guides and reports for more information:

+ Expand all - Collapse all

How to get started

Engage an independent and qualified auditor early – this is to ensure one is available to assist you.
Review and address issues in your risk assessment, AML/CFT compliance programme and supporting policies and procedures internally before the independent audit.
Refer to the guidelines and reports and our AML/CFT FAQs that detail specific information on what is necessary to complete your AML/CFT audit.
It will take time for your auditor to review your risk assessment, compliance programme, test supporting evidence and prepare an audit report. You should also allow sufficient time (sometimes up to several weeks) to review the audit findings, and agree with the final report.

Guideline for audits of risk assessments and AML/CFT programmes

This guideline is to help reporting entities manage the requirement to audit their AML/CFT risk assessment and AML/CFT programme, as required under section 59(2) of the AML/CFT Act.

Download the Audit Guideline for risk assessment and AML/CFT programme PDF, 290KB.

Getting the best outcome from your AML/CFT audit guide

This information is intended to help our REs, especially small financial adviser businesses, get value from their AML/CFT Audit. Adopting all (or any) of these items in discussions with auditors is optional, but we believe that by considering these suggestions, REs are more likely to achieve the best possible results from their audit.

Download Getting the best outcome from your AML/CFT audit guide PDF, 1.3MB.

AML/CFT monitoring report 2018

This report provides a general commentary on some of the audits we have examined from the period from 1 July 2016 to 30 June 2018, which marked our fifth year of monitoring compliance with the Act. We focused on risk assessments being up to date and well-maintained; adequacy and effectiveness of policies, procedures and controls as per the AML/CFT programme; customer due diligence, ongoing customer due diligence and enhanced due diligence; governance and management oversight.

Download the AML/CFT monitoring report 2018 PDF, 265KB.

Prescribed transactions reporting (PTR) obligation

Reporting entities are required to submit prescribed transaction reports (PTR) to the Financial Intelligence Unit (FIU) at the Police.

The Anti-Money Laundering and Countering Financing of Terrorism (Prescribed Transactions Reporting) Regulations 2016 specify the following threshold values for the two types of prescribed transaction:

NZ $1,000 or more for an international wire transfer; and
NZ$10,000 or more for a domestic physical cash transaction.

+ Expand all - Collapse all

Are you required to file a PTR?

In the case of an international wire transfer, the first reporting entity to transfer funds, and the last reporting entity to receive funds, must do a PTR. We expect that a reporting entity that receives and/or passes on instructions from a client to do an international wire transfer, but does not actually transfer the funds, is not required to do a PTR. This means that international wire transfers carried out by a bank on behalf of another reporting entity will be reportable by the bank. If an international wire transfer is settled outside the banking system (for example if a reporting entity carries out a transaction on behalf of a client and as a result money is made available to a beneficiary at another entity in another jurisdiction) the reporting entity must submit a PTR.

Automated and manual reporting

Automated reporting

Automated reporting applies to those entities submitting PTRs through the FIU xml schema. To ensure smooth implementation of automated reporting a transitional compliance period will apply until 1 July 2018. REs submitting automated reports are expected to provide PTRs as soon as they are able from 1 November 2017. However, REs will not be considered non-compliant prior to the end of the transitional compliance period (1 July 2018).

Manual reporting

Manually reporting applies to entities submitting reports one-by-one into the goAML web tool. REs submitting PTRs manually to the FIU are expected to report from 1 November 2017. PTRs will be used by FIU to help build an intelligence picture across the financial system. Please refer to the FIU website for more information. If you have any further questions please email us at aml@fma.govt.nz.

About Us

Compliance

Compliance by role

Investors

News and resources

Contact us