AML/CFT Act: Testing and Validating
The AML/CFT Act stipulates requirements for compliance programmes to be ‘effective’ and ‘adequate’. We share our extensive knowledge and experience so your firm can easily maintain an AML/CFT programme. We show you how to use cost-effective strategies. We guide and support your firm in how to meet regulatory effectiveness.
Validate your AML/CFT Act Audit Testing
Anti-money laundering compliance laws require regulatory ‘effectiveness’ and ‘adequacy’ to be objectively demonstrated. AML360’s solutions test your compliance efficiency so your firm gains a level of regulatory certainty. We prepare you for compliance success for AML/CFT audits and AML/CFT Supervisor visits.
What is the AML/CFT Act?
In 2009 New Zealand introduced the Anti-Money Laundering and Countering Financing of Terrorism Act (AML/CFT Act). The AML/CFT Act seeks to improve New Zealand's standards with recommendations made by the Financial Action Task Force (the FATF). Though the AML/CFT Act was introduced in 2009, New Zealand did not implement these new laws until 1 July 2013.
What does the AML/CFT Act seek to achieve?
The AML/CFT Act requires certain businesses to operate with policies, procedures and controls that would reasonably allow the identification of serious crimes of Money Laundering and/or Financing of Terrorism (ML/FT).
The AML/CFT Act achieves this by making it mandatory for firms to carry out a written risk assessment. Known as the money laundering business risk assessment, or AML/CFT business risk assessment, the results must identify those areas of business that have greater exposure to unwittingly facilitating ML/FT.
Ultimately, the AML/CFT legislation requires businesses to operate with adequate systems that enable suspicious client activity to be identified. The ‘red flag’ alerts are designed to detect activities that may be linked to money laundering or terrorism financing.
What is an AML/CFT Business Risk Assessment
The primary purpose of the AML/CFT business risk assessment is to ensure adequate policies, procedures and controls are in place to manage the identified inherent risks.
By putting policies, procedures and controls in place, the exposure level to an AML/CFT compliance breach are managed through ongoing monitoring and reporting oversight controls.
Once the AML/CFT compliance framework is implemented, the risk level is referred to as ‘residual’. Residual risk refers to the risks remaining following implementation of the AML/CFT compliance framework.
For an AML/CFT business risk assessment to be considered ‘adequate’, it must rely on a risk-based methodology that can be objectively tested.
However, there is no precise or international standard of an AML/CFT business risk assessment. Rather, the results of the AML/CFT business risk report must reasonably inform of risks linked to facilitating money laundering and/or financing of terrorism.
So long as the results of the AML/CFT business risk report adequately informs of ML/FT risks, regulatory objectives have been met
You can manage your AML/CFT Business Risk Reports with AML360 Regulatory Technology.
What is an AML/CFT Programme?
Section 56 of the AML/CFT Act requires all businesses subject to anti-money laundering compliance to operate with an AML/CFT Programme.
The AML/CFT Programme sets out the policies, procedures and controls that the business relies on for meeting AML/CFT regulatory obligations.
What is the role of an AML/CFT Compliance Officer?
The AML/CFT Act requires an appointment of an Anti-Money Laundering Compliance Officer.
The primary role of the AML/CFT compliance officer is to ensure ongoing maintenance of the AML/CFT Programme.
The AML/CFT compliance programme will set out how a business introduces new clients and ensures identity verification and other checks.
The AML/CFT Programme details staff training and staff vetting, ongoing monitoring techniques of client activity and reporting of the AML/CFT compliance issues.
The AML/CFT Programme is required to demonstrate how the business manages its AML/CFT compliance risk exposures.
AML/CFT Compliance Officers are responsible for the development of the AML/CFT Programme, testing of adequacy in meeting regulatory objectives, and reporting to the AML/CFT Supervisor.
The AML/CFT Compliance Officer is expected to be at management level and/or have direct line reporting to senior management.
If the business is of an adequate size in human resourcing, businesses are expected to also appoint an AML/CFT Senior Manager.
An AML/CFT Senior Manager is the equivalent of a Director of a Company.
Small businesses often have the dual roles (1) AML/CFT Compliance Officer and an (2) AML/CFT Senior Manager, held by the same person.
The risks are higher when the AML/CFT Compliance Officer has inadequate independent oversight.
In developing and managing the AML/CFT Programme, the AML/CFT Compliance Officer must ensure the business is operating under policies, procedures and controls that can demonstrate risk-based decision-making.
AML360 provides an independent oversight role by alerting AML/CFT Compliance Officers with risk reports, client risk profiling, business risk assessments or conducting an Independent AML/CFT Audit.
Does an AML/CFT Audit need to be independent?
Yes. To meet the requirements of the AML/CFT compliance laws, an audit requires ‘independence’. This means the AML/CFT auditor must not have been involved in the establishment or maintenance of the AML/CFT business risk assessment or AML/CFT programme.
What businesses must comply with the AML/CFT Act?
The AML/CFT Act Section 5 sets out the definition of captured businesses as (a) ‘designated non-financial business or profession’, (b) ‘facility’, (c) ‘facility holder’, and (d) ‘financial institutions’. This includes businesses that undertake services such as deposits, finance lenders, those that manage client funds or financial instructions.
A designated non-financial business or profession includes certain types of services linked to lawyers, conveyancers, accountants and real estate agents.
A ‘financial institution’ lists a series of ‘financial activities’ that are captured. This includes (a) accepting deposits or other repayable funds from the public, (b) lending to or for a customer, (c) transferring money or value for or on behalf of another. These are only some of the descriptions.
A copy of the Anti-Money Laundering and Countering Financing of Terrorism Act can be accessed from the link above. The Ministry of Justice also has further information.
If your business is unsure if it is captured under the AML/CFT Act, you should seek legal advice.
Who regulates the AML/CFT Act?
New Zealand’s Ministry of Justice is the Administrator of the Anti-Money Laundering and Countering Financing of Terrorism Act. However the government agencies responsible for supervising the AML/CFT Act include the Department of Internal Affairs, the Financial Markets Authority and the Reserve Bank of New Zealand. Known as AML/CFT Supervisors, annual regulatory reports are required to be submitted to AML/CFT Supervisors.
The AML/CFT regulatory reports assist AML/CFT Supervisors to manage their resourcing by identifying businesses that require closer scrutiny.
How can businesses ensure compliance with the AML/CFT Act?
The Anti-Money Laundering and Countering Financing of Terrorism Act requires businesses to comply with minimum standards. This includes the need to appoint an Anti-Money Laundering Compliance Officer and operate with an AML/CFT programme. The Anti-Money Laundering Compliance Programme sets out the policies, procedures and controls that the firm relies on to meet its regulatory obligations.
What is the frequency of AML/CFT audits?
When the Anti-Money Laundering legislation was first introduced, the requirements were for an AML/CFT audit to be carried out at least every 2 years or at the request of an AML/CFT Supervisor. Regulations were updated in 2021 which extended the audit period to every 3 years (or at the request of an AML/CFT Supervisor).