Date posted: 13/02/2018 6 min read

Minimise your business risk: Start your AML CFT journey now

How can reporting entities prepare for the start of the AML/CFT regime in New Zealand?

in brief

  • Accountants need to have a risk assessment and AML/CFT programme in place by 1 October 2018.
  • The accounting profession has been given a medium-high risk rating for money laundering (ML) and terrorism financing (TF).
  • Under new legal requirements, accountants will need to obtain certain documents to verify the identity of new customers.

Often accountants deal with large sums of money and set up and manage trusts and companies, and this is partly why they are attractive to money launderers. Professional services provided by accountants can also give the impression of respectability, legitimacy and credibility. Accountants create an extra step in the money laundering chain as well that can hinder detection and investigation by obscuring ownership of money.

For these reasons, New Zealand accountants have been identified as having a medium to high inherent risk for money laundering and terrorism financing activity. New Zealand’s Department of Internal Affairs (DIA) has issued the advice in a report just released on a new (Phase 2) Sector Risk Assessment for anti-money laundering (AML) legislation.  

“The medium-high rating is consistent with international experience and expectations, given accountants’ exposure to ML/TF vulnerabilities,” says the DIA report Phase 2 Sector Risk Assessment. “The consequences of such vulnerabilities can be wide-ranging and result in significant financial and reputational impact.”

Accounting profession given medium-high inherent AML risk rating by DIA

Understand the ML/TF risks facing accountants.

The easy access and wide geographic spread of accounting services, coupled with accountants’ gatekeeper role also make them targets for money launderers, the DIA warns.

The Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Amendment Act 2017 puts in place “Phase 2” of New Zealand’s AML/CFT laws and brings in accountants who carry out certain services. 

The AML/CFT programme … sets out what level of customer due diligence (CDD) you will apply to a new customer and what documents you need to obtain to verify their identity.

Under new requirements, you need to carefully assess the services you offer to identify if your business is a reporting entity. It is also important to regularly reassess your position as your business changes.

Where do you start?

This year’s looming October deadline requires an engaged and speedy response from you and your firm. You have until 1 October 2018 to have systems and processes in place and ensure they are operational. 

Before this date you need to:

  • Have a person within the business who is designated as the AML/CFT compliance officer;
  • Develop and document a risk assessment for your business; and
  • Document and implement an AML/CFT programme which outlines how you will ensure you keep yourself and your business compliant.

Get started now so you can build your AML/CFT obligations into your business plan and the way you do business. It is better to take a holistic approach, rather than just regard these as additional compliance obligations. The AML/CFT policies, procedures and controls should be part of an overall behavioural and awareness change. In many cases, changes can be built into existing systems and processes you use when bringing new clients on board.

How do you start?

Reporting entities must appoint a compliance officer who will be responsible for administering and maintaining the AML/CFT programme. An employee should be appointed to this role who reports to a senior manager. In the case of a sole practitioner, the DIA expects the sole practitioner to be the compliance officer. If that is not possible, an external person must be appointed as a compliance officer.  

Performing a risk assessment involves identifying and assessing the risks your business reasonably expects to face from money laundering or terrorism financing. This is the foundation document for the business’ entire AML/CFT regime. Section 58 of the Act contains some mandatory requirements, including that it must have regard to the factors in section 58(2) of the Act such as the types of customers you have and the countries they are in. This allows you to create a risk assessment you think is appropriate for your business.

Risk Assessment and AML/CFT Programme Guideline

Help with developing your business’ two key documents.

Once you have completed your risk assessment, you can prepare an AML/CFT programme that minimises or mitigates these risks in a proportionate way. What your AML/CFT programme should contain is set out in section 57 of the Act. The AML/CFT programme serves as an operating manual of how your business will comply with its AML/CFT obligations.  For example, it sets out what level of customer due diligence (CDD) you will apply to a new customer and what documents you need to obtain to verify their identity. 

If your business is relatively small, ie only a few staff providing a limited range of services to a small number of local clients, your risk assessment and AML/CFT programme can be relatively short and simple. You understand your business better than anyone else, therefore you are best placed to develop these two documents, and there are resources available to help. 

Some are free such as the AML/CFT Risk Assessment and Programme: Prompts and Notes for DIA Reporting Entities, Risk Assessment Guideline and AML/CFT Programme Guideline. 

Of course, there are also many additional resources available for purchase. Strategi Group is in the process of developing an AML/CFT manual for accountants which includes most of the information you need to comply, plus a sample risk assessment and AML/CFT programme and instructions on how to customise them for your business. This will be available soon. 

Strategi Group

AML/CFT manual for accountants.

David Greenslade is the Managing Director of the Strategi Group, based in New Zealand.

Search related topics