The disparities of AML/CFT compliance obligations in NZ
Author – Dr. Nicholas Gilmour
2018 saw further expansion of AML compliance requirements in New Zealand as the anti-money laundering legislation placed explicit requirements on accountants, lawyers, real estate agents and conveyancers. This wider inclusion resulted from the extension of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (the Act). The Act was first implemented into New Zealand in July 2013. At that time it applied to banks, life insurers and other financial institutions. Legislators hoped to curb the $1 billion dollars a year generated in New Zealand through drug dealing and fraud, as reported by the New Zealand Financial Intelligence Unit.
The compliance obligations require businesses to establish effective policies, procedures and controls so that they can reduce the opportunity of money laundering or financing of terrorism, whilst at the same time, protecting their brand from reputational harm. So, although perceived as ‘extra work’ the results are extremely beneficial on a domestic and global front.
Nevertheless, implementation of compliance requirements has driven a wedge between the need for these sectors to be brought under the legislation and the practicalities of them achieving and maintaining AML compliance.
There are industry rumours that these newly captured business entities are having difficulties in meeting requirements of anti-money laundering and countering financing of terrorism (AML/CFT) compliance. This includes the apparent hefty costs of achieving and maintaining effective policies, procedures and controls.
It needs to be remembered that the AML compliance obligations are 20 years in the making. Identified in the late 1990’s, the sectors which the ‘phase 2’ legislation captures, including lawyers, accountants and real estate agents, have the real potential to facilitate money laundering and to a perhaps lesser extent – terrorism financing. So, whilst apparently being arduous, complicated, time consuming and costly, these compliance obligations are a long time coming and are an international obligation for New Zealand as a member of the United Nations and the Financial Action Task Force.
As the AML compliance process dictates, albeit softly, the most meaningful aspect of any AML framework is the assessment it is based on. In AML compliance, this means the Business Risk Assessment is a critical feature in protecting the business from outside criminal exploitation. The assessment must identity inherent risks and the likelihood that the business may facilitate ML/FT. The assessment must be sufficiently reliable to guide the business in developing their policies, procedures and controls to manage such risks. Failing to meet these obligations may mean the business is targeted as a place through which to launder illicit funds. So, it goes without doubt that in the same way a house is built on strong foundations, an AML compliance programme (policies, procedures and controls) is built on the business’s assessment of money laundering and financing of terrorism risks.
To assist businesses with the risk assessment and AML/CFT compliance implementation, the government supervisor for Phase 2 entities, the Department of Internal Affairs, has disseminated sector risk reports, Codes of Practices and guidelines.
Having a robust AML/CFT compliance framework will protect the business. A weak framework will likely result in criminals exploiting those vulnerabilities. AML/CFT compliance is therefore an ongoing exercise. Businesses need to have systems in place to ensure they are consistently meeting regulatory requirements. When a breach does occur, their monitoring systems should be able to identity and report the breach.
Costs of meeting compliance will depend on the nature of the business and the size and complexity of its clients, products and services. For businesses that are small in client numbers and interact with their clients on a face-to-face basis, cost of compliance will be primarily based on their human resourcing commitment for conducting the risk assessment and developing the compliance programme. To ensure they are on the right track, an independent audit is required every two years. Audit costs for a small sized entity is on average $1,500 - $3,000.
Businesses with large numbers of clients and transactions are unlikely to operate effectively with manual processes. These businesses will need to consider options for investing in third party software or developing inhouse solutions to manage and monitor their ongoing obligations.
A thorn in the thigh for many businesses is the need to conduct identity verification checks on their clients - even if they have known their client for many years. Identity checks have the purpose of ensuring the customer is who they say they are, as well as verifying the ultimate beneficial owners. As it is common for criminals to disguise ownership of assets through nominees friends and family, identity verification is an essential component of AML/CFT compliance. With the increasing prevalence of identity fraud, these measures also reflect good governance practice. Identity and address verification can be achieved by the client presenting their passport or drivers licence, along with a bank statement. If on the other hand the business deals with trusts and clients who are based offshore, costs for identity verification will increase.
It needs to be considered that the efforts criminals will go to in laundering their illicit funds is beyond that reported in the media. Exploitation by criminals of the elderly, young and businesses indicate that whilst perhaps onerous, the needs to maintain an effective and demonstratable compliance programme are critical. Done correctly reduces risk to the business of adverse publicity and enforcement action by the Department of Internal Affairs.
Though recent media reports confirm businesses are experiencing teething problems, this is typical for any situation when implementing new operational practices. The benefits of the legislation is that it has elements of ensuring businesses meet principles or objectives of the law without setting out rigid, inflexible rules. Over time businesses are likely to adopt different strategies to streamline their administrative processes.
The bottom line is that the legislation is necessary - not just for deterring and identifying criminal financial activity but if New Zealand wants to be recognised as a reputable global financial centre, it must meet international obligations.
New Zealand is currently preparing for a country visit by the international watchdog for combating money laundering and the financing of terrorism, the Financial Action Task Force. These delegates will be visiting in 2020 to inspect and evaluate New Zealand’s AML/CFT standards. Therefore AML compliance is an area which the Ministry of Justice and Department of Internal Affairs will remain focused on.
* Nicholas Gilmour is an Executive Consultant at AML360 Software Solutions.