+64 800 266 751

Anti-Money Laundering (AML) and Countering Financing of Terrorism (CFT)

The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 Act (AML/CFT Act) came into full force on 30 June 2013 and requires all reporting entities to adhere to the obligations under the Act. Refer to section 5 of the Act to determine if your business is a reporting entity. 

From 2018 onwards, accountants, lawyers and real estate agents are also reporting entities, (known as 'Phase 2') if they perform certain captured activities.

Broadly, all reporting entities must have in place the following:

Risk Assessment

Under section 58 of the AML/CFT Act, you must conduct a Risk Assessment. This involves assessing your business for the risk of money laundering or terrorism financing. It must be in writing and describe how the assessment will be kept up to date.
When assessing your risks you must:
  1. Identify aspects of your business that may be susceptible to ML/FT; then
  2. Consider each of the at-risk areas you have identified, analysing the likelihood that your business will be used for ML/FT.

Each of the following areas must be considered in the assessment:
  • the nature, size and complexity of its business;
  • the products and services it offers;
  • the way it delivers its products and services;
  • the types of customers it deals with;
  • the countries it deals with; and
  • the institutions it deals with.

The Risk Assessment must then be used as the basis for your AML/CFT Programme. It must enable you to meet the relevant obligations under the AML/CFT Act and regulations, especially the obligations to conduct customer due diligence and ongoing customer due diligence.

AML / CFT Programme

An AML/CFT Programme sets out the internal policies, procedures and controls necessary to detect money laundering and financing of terrorism and to manage and mitigate the risk of it occurring.
  • policies set out expectations, standards and behaviours in a business;
  • procedures are more detailed and set out day-to-day operations; and
  • controls are tools that management use to ensure the business complies with policies and procedures.
Minimum requirements of an AML/CFT Programme are set out in sections 56 and 57 of the AML/CFT Act and include:
  • Vetting and training senior managers, compliance officer, and other relevant employees
  • Customer Due Diligence
  • Ongoing CDD and account monitoring
  • Examining and keeping findings related to money laundering or financing of terrorism
  • Suspicious transaction reporting
  • Record keeping
  • Products and transactions that favour anonymity
  • Managing and mitigating ML/FT risk
  • Ensuring compliance with the Programme
  • Review and audit of the Programme

Independent AML/CFT Audit

Risk Assessments and AML/CFT Programmes must be independently audited every two years, or when requested by your AML/CFT Supervisor. An Independent AML/CFT Audit is a written report on whether:
  • you meet the minimum requirements for your AML/CFT risk assessment and AML/CFT programme;
  • the AML/CFT programme was adequate and effective throughout a specified period; and
  • any changes are required.
The auditor does not need to be a Chartered Accountant or qualified to undertake financial audit, however, they need to have the relevant skills or experience to conduct the audit. The person conducting the audit must be independent and not involved in developing, establishing, implementing or maintaining the AML/CFT Programme. Also, you must be able to justify to your AML/CFT supervisor how your auditor is appropriately qualified.

The auditor can perform a limited assurance audit (conclusion expressed in a negative form) or a reasonable assurance audit (conclusion expressed in positive form). The reasonable assurance audit requires more work from the auditor than a limited assurance audit. Therefore, there is increased risk that the auditor may not become aware of a significant error / non- compliance with the AML/CFT Act in a limited assurance audit.

Complianz has experienced independent consultants that can audit your AML/CFT policies, procedures and controls and provide guidance on any inadequacies.

Compliance Officer

An employee of your business must be nominated as the AML Compliance Officer (s56(2) of the AML/CFT Act). They are responsible for administering and maintaining the AML/CFT Program and are the key contact named with the AML/CFT Supervisor. If your business does not have employees, you must appoint a suitable person to act as the AML/CFT Compliance Officer. Note that this role does not have to be a standalone position but can be filled by employee who is a Senior Manager or reports to a Senior Manager.

We can support your Compliance Manager or act as your AML Compliance Officer (in some situations).

Vetting and Training

Vetting involves checking someone's background to determine their suitability for a position, making sure they are who they say they are and checking that the information they have provided about themselves is correct. The purpose of vetting people is to avoid hiring a person who may pose a ML/FT risk. Refer to section 57(a) of the AML/CFT Act.

AML Vetting

Any person that is involved in the process of AML/CFT or who is in the position to influence or override decisions must be vetted for the suitability to their role. This includes Senior Managers, the Compliance Officer and any other employee that is engaged in AML/CFT related duties.

AML Training

Under s 57(b) of the AML/CFT Act, Senior Managers, the Compliance Officer and all staff involved in AML/CFT duties must be trained in AML/CFT matters such as:
  1. Relevant AML/CFT legislation and any changes to legislation
  2. ML/FT risks shown in your Risk Assessment
  3. The current AML/CFT Programme
  4. Tasks and duties that can be carried out by staff that have appropriate AML/CFT training
  5. Overview of the customer due diligience process

AML training should be provided at the start of employment/directorship and then annually.

Customer Due Diligence (CDD)

CDD is the process through which a reporting entity develops an understanding about its customers and the ML/FT they pose to the business. It is the key aspect of the AML/CFT Programme and involves gathering and verifying information about a customer's identity, beneficial owners and any person acting on behalf of the customer.

The three types of CDD include Standand, Simplified and Enhanced.

Ongoing CDD & Monitoring

Ongoing CDD requires that reporting entities regularly review information about the business relationship they have with their customers. They must determine when it may be necessary to collect further information, or update or verify existing CDD information.

Regular Reviews of your AML/CFT documents

Your Risk Assessment and AML/CFT Programme must be reviewed regularly to ensure that they remain current and that any deficiencies are corrected.  This should either be annually or when there are material changes in your business or client types.

Suspicious Activity Reporting / Prescribed Transaction Reporting

As a general rule, a suspicious activity or transaction will often be one which is inconsistent with the customer's known activities and profile or with the normal business expected for that type of client.

A Reporting Entity must identify any suspicious transactions or activity and raise a Suspicious Activity Report ("SAR") to the Police if it has reasonable grounds to suspect a transaction or activity may relate to specified money-laundering or terrorism offending.

Suspicious activity covers activity in relation to a transaction or service, or proposed transaction or service, in which the Reporting Entity suspects the activity in question is or may be relevant to the investigation or enforcement of various Acts, such as the Crimes Act 1961, Misuse of Drugs Act 1975, and the Terrorism Suppression Act 2002.

Reports must be provided to the Financial Intelligence Unit ("FIU") no later than 3 working days after forming the suspicion.

An SAR or information relating to an SAR must not be provided to an unauthorised person. It is offence to do so and is known as ‘tipping off’. 

Prescribed Transaction Reporting ("PTR") is required if a person conducts a PTR through a reporting entity and the transaction within 10 working days.  Only an ordering institution and a beneficiary institution are required to file a PTR report in respect of an international wire transfer.

A prescribed transaction is a transaction conducted through a Reporting Entity in respect of:

-  an international wire transfer equal to or above $1,000; or

-  a domestic cash transaction equal to or above $10,000.

Annual Returns

A report must be lodged with your AML/CFT Supervisor each year in a specified format.

The Annual Report contains questions about the following:
  • Organisational structure
  • AML/CFT Risk Assessment
  • AML/CFT Programme
  • Audit results of the Risk Assessment and Programme
  • Products and Services
  • Channels (methods of acceptance i.e. face-to-face or otherwise)
  • List of countries that non-resident customers reside

This product has been added to your cart