Third Party AML/CFT Customer Due Diligence (CDD)

With the majority of phase 2 entities now entrenched in the regulations, many are grappling with the requirements around client/customer identification processes. 



In-house or third party?

The regulation do allow entities to outsource their CDD requirements based off section 33 and 34 of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (the Act).

Section - 33 Reliance on other reporting entities or persons in another country

Subject to the conditions as set out in the Act a reporting entity may rely on another person (who is not an agent) to conduct the customer due diligence procedures required under the Act or relative regulations.

Key points are:

1.    The person or entity is a reporting entity

2.    In a country with sufficient AML/CFT measures

3.    Has a business relationship with the same client

4.    Identity information is provided before business relationship established and within 5 days of the request

5.    The person or entity agrees to conduct the CDD

There are other conditions attached to section 33 and should be read in conjunction with the above.

The regulations also allow agents to be appointed as set out in section 34 of the Act.

Section - 34 Reliance on agents

Subject to any conditions that may be prescribed by regulations, a reporting entity may authorise a person to be its agent and rely on that agent to conduct the customer due diligence procedures and obtain any information required for customer due diligence under this Act or regulations.

In regard to section 34 of the Act a designated business group (DBG) may rely on members of the DBG to conduct CDD requirements.

Relying on another AML/CFT registered entity for CDD

If another entity also has a relationship with an entities customer, the entity may be able to rely on it to carry out CDD if that business agrees to. However, the entity can only rely on it if it:

a)  is also a New Zealand business or professional that has to comply with the AML/CFT Act, or is based overseas and has similar obligations in a country with sufficient AML/CFT controls;

b)  already has a relationship with the entities customer and has carried out CDD to the required standard; and

c)  can immediately give the entity its CDD documents when asked for.

This may be an option if the entity has an existing agreement or business relationships with other reporting entities. For example, a real estate agent and a conveyancer may agree that only one of them carries out CDD in a real estate transaction.

 Use of third parties for electronic verification 

There are various companies in the market place that can assist an entity with its CDD requirements by the use of electronic means. The Amended Identity Verification Code of Practice 2013 Part 3 explains what is required for this method of CDD identification, in particular an entity must determine what type of electronic sources will be considered reliable and independent.

The type of CDD conducted varies with each company from the use of apps on a cell phone to platforms that incorporate all of the AML/CFT requirements including CDD and verification.

For more information please contact Remote Compliance by filling in the details on the contact tab.


If an entity does outsource or obtains CDD from third parties, the entity is still responsible, not the person or company providing the information.