1. Compliance
  2. AML/CFT
  3. Your obligations

Your obligations

Page last updated: 21 Mar 2019

The Act imposes several obligations. If you operate a business that falls within the definition of reporting entity you will need:

  • a written risk assessment of the money laundering and financing of terrorism activity you could expect in the course of running your business
  • an anti-money laundering and countering financing of terrorism programme that includes procedures to detect, deter, manage and mitigate money laundering and the financing of terrorism
  • a compliance officer appointed to administer and maintain your programme
  • customer due diligence processes based on your risk assessment including customer identification and verification of identity
  • suspicious transaction reporting, auditing and annual reporting systems and processes.

Understanding the risks

The FMA's Sector Risk Assessment (SRA) is a review of the characteristics of certain sectors of the financial system. It assesses the level of risk of money laundering occurring in that sector and outlines any particular risks in that area.

You can also read sector risk assessments prepared by the Reserve Bank and the Department of Internal Affairs for the sectors they supervise, and the national risk assessment.

Complete a risk assessment

Section 58 of the Act requires each reporting entity to assess the risk it may reasonably expect to face of money laundering and financing of terrorism in the course of its business. The Act calls this a risk assessment.

A risk assessment is the first step a business must take before developing an AML/CFT compliance programme. The supervisors have issued a guideline on how to complete a risk assessment. The FMA has published a separate guideline for small financial adviser businesses.

The Act requires that, in identifying money laundering or terrorism financing risk, your reporting entity must consider:

  • the nature, size and complexity of your business
  • the types of products or services you provide
  • the methods by which you deliver products and services to your customers.
  • the types of customers you deal with
  • the countries you deal with
  • the institutions you deal with
  • any other applicable guidance material produced by the AML/CFT supervisors.

Put in place a compliance programme

The Act takes a risk-based approach to compliance. Reporting entities (within the limits set by the Act and regulations) have some flexibility to determine the way in which they meet their obligations based on their risk assessment. 

Once a risk assessment is completed, a business can then put in place an AML/CFT programme that minimises or mitigates these risks. See the AML/CFT programme guideline.

The AML/CFT programme will set out your procedures, policies and controls for detecting, managing and mitigating the risk of money laundering, and the financing of terrorism your business may reasonably expect to face. The programme must be in writing and based on your risk assessment.

Find out more about: