Anti-Money Laundering and Countering Financing of Terrorism (“AML/CFT”) Phase 2
The long awaited Government changes (phase 2 ) that affects the AML/CFT laws is now well underway. The new entities listed are now required to put preventative measures in place to help tackle money laundering and financing of terrorism in New Zealand.
Phase 1 of the AML/CFT Act has been in force since 2013, which applied to the likes of banks, casinos and a range of financial service providers. Phase 2 now extends this to entities such as lawyers, conveyancers, accountants, real estate agents, sports and race betting, and businesses that deal in certain high value goods. This is to be a staged approach with the various entities having various dates that they must start complying with the regulations. i.e. Lawyers 01 July 2018.
There are also changes to the AML/CFT Act as it relates to all phase 1 and future phase 2 entities such as:
- you will have to report more than just suspicious transactions – from 1 July 2018 you also need to report suspicious activities to the Police Financial Intelligence Unit (FIU).
- you will have to report international wire transfers and physical cash transactions above certain amounts (known as “prescribed transactions”) to the FIU. This took effect on the 1st of November 2017.
- It will be easier for you to share AML/CFT obligations with other businesses.
What does this mean to existing phase 1 entities?
Current entities will need to look at their risk assessment and programme documents and make adjustments to account for the changes that have in the case of the prescribed transactions already taken place. Along with this the move to suspicious activities rather than suspicious transactions taking affect on 01 July 2018.
What does this mean for phase 2 entities?
The new entities captured under the AML/CFT laws will be:
- Businesses that provide trust and company services
- Real estate agents
- Businesses trading in high value goods
- Sports and racing betting
All phase 2 entities like the phase 1 entities will be required to develop AML/CFT processes within their business.
Summary of key obligations
Compliance Officer – designate an employee as the AML//CFT Compliance Officer to administer and maintain the Programme.
Risk Assessment – develop a risk assessment, which considers:
- the nature, size complexity of your business
- the products and services you offer
- delivery channels (e.g. face - to - face or online)
- types of customers dealt with
- countries dealt with
- the institutions dealt with
AML/CFT Programme – develop risk - based policies and procedures for all the AML/CFT obligations (e.g. a policy on how the business will identify and verify the identity of customers). The programme should be based on the findings in the risk assessment.
Employee vetting and training – ensure that employees involved in AML/CFT duties and senior management are vetted (e.g. a criminal records check for new employees) and undergo training in AML/CFT processes employed by the entity and the relevant regulations.
Customer due diligence (CDD)
- Identify and verify the identity of new customers
- The level of CDD that is carried out will vary according to the risk of money laundering or terrorist financing – where the risk is higher the entity will need to do more due diligence such as checking the customer’s source of wealth or funds
- Ongoing customer due diligence
- Screening for politically exposed persons (e.g. foreign government officials that may pose a corruption risk)
- Identify parties involved in a wire transfer
- In certain conditions, the entity may rely on third parties for CDD
Transaction & account monitoring – monitor customer accounts and transactions to identify suspicious transactions (e.g. unusual transactions that don’t fit the customer profile and do not appear to have an economic or lawful purpose).
Transaction reporting including:
- Prescribed transactions (cash transactions of $10,000 and over and wire transfers of $1,000 and over)
Record keeping – keep records of customers, transactions and other related information.
Monitoring compliance – monitor compliance with the AML/CFT obligations.
Review & audit – regularly review the risk assessment and programme and have an audit carried out by an independent person every 2 years.
Annual report – file an annual report with the relevant AML/CFT supervisor.
For the phase 2 entities, RemoteCompliance strongly suggests that the experience of the phase 1 entities be taken into consideration, and learn from the four years of conducting the AML/CFT requirements as noted above, in particular the audits completed and the feed back that these have provided.
If you wish to discuss the way forward please contact RemoteCompliance by going to the contact page.