AML Compliance Guidelines: New Zealand

New Zealand is an island country with diverse and stunning landscapes in the Southwestern part of the Pacific Ocean. It has a highly developed, free, and open economy with a GDP per capita well above the regional and world averages. These characteristics, along with a reputation as a low-corruption and transparent economy, make New Zealand an attractive destination for global businesses. However, no economy in the world is considered to be immune to financial criminals.

The 2024 National Risk Assessment (NRA) NZ highlighted that fraud and drug-related crimes, along with transnational money laundering, are the highest threats to New Zealand’s financial system. Funds generated from fraud necessitate laundering, whereas illegally imported drugs involve offshore payments. Whereas the threat of proceeds of crime generated in foreign countries involves cross-border payments or the use of locally established legal structures to conceal them. Sectors facilitating cross-border payments, such as money remitters, cryptocurrency platforms, along with designated non-financial businesses and professions (DNFBPs) like trust and company service providers (TCSPs), are particularly vulnerable to these risks. Finally, though the risk of proliferation financing is not high in NZ, its globally well-connected economy requires reporting entities to stay vigilant to this risk.

To counter these threats and protect its financial reputation, NZ has implemented a comprehensive Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) and Sanctions Compliance framework.

Key AML and Sanction Laws and Regulations in New Zealand

Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act)

This is the main legislation that sets the premise for the AML/CFT Framework in New Zealand. The AML/CFT Act contains provisions about who is subject to this law, the role and responsibilities of the supervisory authorities, and also provides the measures required to fight financial crimes.

Terrorism Suppression Act 2002 (TSA)

The TSA prohibits reporting entities from dealing with or providing financial services to any individual or entity designated under the provisions of this law. Reporting entities are obliged to file a report with the FIU if any property held or controlled by them is suspected to be linked to a designated entity or individual under the TSA.

United Nations Act 1946

The United Nations Act contains provisions that empower the Governor-General of New Zealand to make regulations in order to implement UN sanctions in the country. If convicted for violations of any regulation made under this law, a company or corporation may face up to a $100,000 fine.

Russia Sanctions Act 2022

The Russia Sanctions Act enables New Zealand to enforce and impose sanctions against Russia in response to its military actions in Ukraine or any other country. The Sanctions Act establishes a sanctions register containing all persons designated by regulations made under this Act. The Act also imposes reporting, asset freezing, and due diligence obligations on reporting entities.

Regulatory and Supervisory Authorities

Reserve Bank of New Zealand (RBNZ)

While the Reserve Bank of New Zealand serves as the country’s monetary authority, it also oversees and enforces AML compliance within the banking and insurance sectors.

Department of Internal Affairs (DIA)

The Department of Internal Affairs supervises and ensures enforcement of AML requirements NZ in different sectors like payment service providers and other designated non-financial business and professions (DNFBPs), including casinos, real estate agents, accountants, lawyers, and high-value dealers.

Financial Markets Authority (FMA)

The FMA primarily oversees the financial services sector, ensuring compliance with obligations under the AML/CFT Law.

New Zealand Financial Intelligence Unit (FIU)

The NZ FIU sits within the New Zealand Police and operates on behalf of the Commissioner of Police. The FIU is tasked to facilitate the detection and investigation of money laundering, terrorism financing, and other crimes. The FIU receives and analyses financial information filed under the AML/CFT Act. This information is received from reporting entities in the form of suspicious activity reports, prescribed transaction reports, and border cash reports.

Who is Subject to AML Laws in New Zealand?

The AML/CFT measures are applicable to both financial and non-financial sectors, including:

Financial institutions:

• Banks
• Non-Bank Deposit Taking Institutions
• Life Insurance Companies
• Peer-To-Peer Lending Providers
• Equity Crowdfunding Platforms
• Investment Advisors & Managers
• Dealers & Issuers of Securities
• Derivative Issuers
• Financial Leasing Companies
• Money Service Businesses (Currency Exchange & Money Remittance)
• Lending, Debt Collection & Factoring Companies
• Virtual Assets Service Providers

Designated Non-Financial Businesses and Professions (DNFBPs):

• Casinos
• Cash Transporters & Safe Deposit Providers
• Lawyers & Conveyancers
• Accountants
• Real Estate Agents
• High Value Dealers (e.g., Vehicles, Precious Metals & Stones, Jewelry & Art)

Key AML Compliance Obligations for Financial Institutions in New Zealand

Before we jump to discover key AML requirements, let’s discuss the real things first that lay the foundation of a strong Anti Money Laundering NZ compliance framework:

• Risk Assessment: Identify money laundering and terrorist financing risks the organization will likely be exposed to during the course of its business operations.
• Compliance Program: Define roles, establish training programs, and outline policies, procedures, and controls to mitigate risks identified in risk assessment process
• Annual Reporting: Document and organize compliance processes to facilitate annual reporting on risk assessment and compliance program
• Independent Audit: Put in place an independent audit function to review the effectiveness of the compliance program and identify any gaps in its implementation

In the following section we’ll discuss the core requirement mandated by AML CFT Act NZ:

Customer Due Diligence (CDD)

Identification and Verification:

• For Individuals: Identify and verify customers, beneficial owners, and any representative of a customer. Use reliable documents from independent sources to verify the identity (e.g, government-issued IDs or passports).
• For Companies: Regulation 11 of the AML/CFT Law requires obtaining and verifying information about proof of existence, beneficial owners, and other ownership and control structures of a company. It also requires verifying the existence of any nominee shareholders or directors in a company.

Purpose and Intended Nature: Assess and understand the nature and purpose client’s opening an account or forming a business relationship or conducting an occasional/on-off transaction, if unclear, obtain further clarity

These requirements vary depending on the risk posed by the customer and accordingly are categorized as Standard, Simplified, and Enhanced Due Diligence requirements under the AML laws and regulations in New Zealand. When conducting the standard CDD process, reporting entities must obtain sufficient information to determine if higher customer due diligence NZ requirements apply.

Enhanced Due Diligence

Reporting entities are obliged to apply enhanced due diligence measures in relation to customers and transactions that pose a high terrorism financing and money laundering NZ risk, including when:

• Dealing with politically exposed persons, commonly referred to as PEPs
• Processing wire transfers
• Forming correspondent banking relations
• Dealing in products, services, and technologies that favor anonymity
• Dealing with trusts
• Dealing with a non-resident customer from a country listed as high-risk by FATF
• Dealing with companies with nominee shareholders or bearer shares

Politically Exposed Persons (PEPs):

Definition: As per the AML/CFT Law of New Zealand, a PEP is an individual entrusted with a prominent public function in a foreign country. The definition of PEP also includes immediate family members and known close associates of a PEP. Reporting entities are obliged to treat a PEP as high-risk for up to 12 months after he/she cease to hold their position.

Identification: Since PEPs have access to public funds, which they can abuse by exercising their influence, they’re regarded as high-risk customers from an AML/CFT perspective. Whenever conducting due diligence, reporting entities are obliged to determine if a customer or its beneficial owner is a PEP, a family member, or a close associate of a PEP. EDD Guidelines by the supervisory authorities highlight that larger or more complex businesses may consider using the services of a third-party provider and commercially available databases for PEP screening.

EDD Measures: Once a customer or beneficial owner is identified as PEP, in addition to standard due diligence checks, the reporting entity must:

• Obtain and verify the source of funds and the source of wealth
• Seek senior management approval to establish or continue business dealings with a PEP

Ongoing Monitoring

Once a business relationship is established, reporting entities must continually monitor transactions and account activities to:

• Ensure it is consistent with the reporting entity’s knowledge about the customer, and the customer’s business and risk profile
• Detect transactions that are unusually large, complex, or lack an apparent economic or legal purpose
• Detect any unusual or suspicious behavior that could indicate money laundering or terrorist financing.

Reporting Obligation

Suspicious Activity Reports (SARs)

The obliged entities must report any suspicious transactions or activities to the NZ FIU without delay. A reporting entity must file a Suspicious Activity Report if it has reasonable grounds to suspect that a transaction (whether executed or not) may be relevant to the investigation and prosecution of a person for money laundering, terrorism financing, or any other crimes. The report must be filed as soon as practicable within 3 business days.

Prescribed Transaction Reports (PTRs)

Reporting entities are also obliged to file prescribed transaction reports (PTRs) within 10 working days after such a transaction was carried out. A reporting entity is obliged to file a PTR in the following cases:

• A transaction involves $10,000 or more in physical cash
• International wire transfers of $1,000 or more

Record-Keeping

Reporting entities must maintain detailed records of transactions, customer identification, AML verification documents, and compliance activities. Records should be maintained for a period of at least five years after a transaction was conducted or a business relationship ended.

Other Restrictions

Apart from core obligations mentioned earlier, reporting entities are prohibited under the AML/CFT Law to:

• Conduct a transaction or establish a business relationship if it’s unable to carry out CDD
• Open anonymous and fictitious accounts
• Establish a business relationship or occasional transaction with a shell bank
• Deal with a financial institution having correspondent banking relations with a shell bank
• Accept cash above the applicable limit ($10,000) in transactions involving certain articles (e.g., jewelry, precious metals & stones, and vehicles)

These obligations ensure that reporting entities have a sound risk management system and capability to detect, prevent, and report money laundering and terrorist financing activities, in line with both domestic requirements and international standards.

For more detailed provisions, please refer to the AML/CFT Act 2009.

Penalties for Non-Compliance

Non-compliance with AML/CFT Law and related regulations may result in a range of civil and criminal liabilities, including formal warnings, license revocation, and financial fines. As per Article 90 of AML/CFT Law, civil liability in the form of a monetary penalty can be as high as $2,000,000 in case of a legal entity or partnership, and $200,000 in case of an individual.

In September 2024, SkyCity Casino Management Limited (SkyCity) reached a $4.16 million settlement agreement with the DIA, following civil proceedings initiated by the DIA over violations of AML/CFT regulations.

Sanctions Screening Challenges for Banks in New Zealand

Applicable Sanctions in New Zealand

As a member of the United Nations, New Zealand is bound to implement decisions of the UN Security Council Resolutions. Apart from UN Sanctions, New Zealand also imposed autonomous sanctions against Russian and Belarusian entities and individuals.

Section 15 of the Russia Sanctions Act obliges all AML reporting entities to file a SAR with the FIU if they have reasonable grounds to suspect that an asset or service, directly or indirectly, involves, or is controlled or owned by a designated person or entity. Reporting entities need a risk-based approach to apply appropriate levels of due diligence to ensure they’re not breaching relevant sanctions.

Sanctions Screening

The Ministry of Foreign Affairs & Trade, the competent authority to enforce sanctions in New Zealand, recommends using a commercial sanctions screening service as part of efforts to ensure sanctions compliance. More details about due diligence, compliance, and evasion risk can be found in the Ministry of Foreign Affairs & Trade Guidance on Russia Sanctions.

Non-Compliance Penalties for Sanctions

Any individual convicted of violating regulations made under the Russian Sanctions Act may face up to 7 years of imprisonment, with fines ranging from up to $100,000 for individuals to $1,000,000 for legal entities.

AML and Sanctions Compliance Best Practices

Ensuring effective AML and Sanctions Compliance is not only a regulatory obligation but also a crucial part of sound business practices. The following are some practical guidelines and best practices that can help reporting institutions meet their compliance obligations efficiently:

• Adopt a risk-based approach through comprehensive AML screening to ensure efficient allocation of resources.
• To detect high-risk customers and transactions, implement technologically advanced AML solutions that automate critical processes such as sanctions screening, PEP screening, and transaction monitoring.
• Use Adverse Media Screening to identify high-risk clients by uncovering valuable information about their involvement in illegal activities or connections with other high-risk individuals.
• Establish strong internal controls and procedures, including independent audits and reviews to measure the effectiveness of AML/CFT compliance.
• Regularly train employees on internal policies, financial crime typologies, and regulatory requirements.