Facebook icon Twitter icon Forward icon

Issue #16 June 2017

Download a text-only version of AML/CFT News.


Welcome to this year’s second issue of AML/CFT News.

The Financial Integrity Team has undergone some significant change in personnel since we published our last newsletter. Natasha Weight has accepted a role as General Manager of Charities Services within the Department. As many of you will know, Natasha made a significant contribution to the team and we wish her all the success leading Charities Services. In Natasha’s absence, I will be leading the team for the time being.

We are pleased to welcome some new people to our team. Leon Schoeman joins us as a Senior Compliance Officer in our Auckland office and Jamie Lynch and Andrew Grieve join us as Senior Compliance Officers in our Wellington office.  Many of you may also remember the team’s former manager Kate Reid. Kate has returned to AML/CFT as Director of Phase II implementation and will be focused on preparing the Department to supervise lawyers, accountants, real estate agents, and some high value dealers.

In this newsletter, we provide information relating to electronic verification providers. We are conscious of emerging solutions that are intended to meet the requirements of electronic on-boarding along with the desire of customers to have easy access to online solutions.  I encourage you to think carefully about how your systems and processes align with the Amended Identity Verification Code of Practice and I also encourage you to contact us early if you are considering using an electronic on-boarding solution.

Please also be alert to your email inbox over the coming months for important reminders from our team. The time to submit your annual AML/CFT report is fast approaching as is the commencement date for Prescribed Transaction reporting. Our reminders will provide you with useful information to help you meet your obligations in a timely manner.

Mike Stone
Acting Manager Financial Integrity

Choosing an electronic verification provider

image of camera and screen showing facial identity verification.

There are now a number of providers in the market offering services to assist you to conduct electronic identity verification. This may be useful if you on-board your customers online and do not meet them face to face to sight their original identity documents.  

When considering electronic verification and selecting a provider, you must follow the steps set out in the Amended Identity Verification Code of Practice.  

Code of Practice (PDF, 130KB)

Of particular importance, you must consider whether the electronic source(s) that your provider uses has a mechanism to link the customer to their claimed identity.  This link can be achieved biometrically, such as through facial recognition technology, or by some other equally effective means. And if the electronic source does not itself have such a mechanism, or it is inadequate, then additional measures can be adopted by you or your provider to mitigate any deficiencies in the verification process. 

Taken in combination, all of this means that there is some flexibility as to the provider you choose, the electronic sources they use and any supplementary measures applied. However, to comply with the Code of Practice, there does need to be a robust process by which you ensure that the person you are dealing with online is the genuine holder of the identity they are claiming to be. All of these considerations must also be fully described in your AML/CFT programme. 

Prior to choosing an electronic verification provider, you should ask them to explain how they comply with clauses 17 to 18 of the Code of Practice.

Independent audit

By the end of June 2017, most of you will have had your second independent audit conducted. The independent audit cycle is an important part of your overall AML/CFT compliance strategy. It provides a systematic and biennial check of the effectiveness of your AML/CFT procedures. It will also identify any improvements to your programme that need to be made. 

It is important to remember that you are legally required to consider and make any changes, as necessary, when you receive the findings of an independent audit. 

The Department regularly requests copies of the independent audits as part of the usual engagement with you. Further, during our desk-based reviews or on-site inspections, we will often focus on the steps that you have taken to address any adverse findings from your last or previous audit. This is an important part of our supervisory strategy that is likely to continue.

Ongoing customer due diligence

A megaphone announcing (in full capital letters) 'Know your customer'

With the AML/CFT regime now well and truly embedded, it is timely to remind you of the requirements when conducting ongoing customer due diligence (CDD).

The systems that you use to meet your ongoing CDD obligations are for you to determine. And of course, they will vary depending on the size, nature and complexity of your business, the types and numbers of customers that you have and the frequency with which they interact with you. 

Nonetheless, it is important to remember the following requirements:

  • When conducting ongoing CDD (and account monitoring), you must regularly review your customer’s account activity and transaction behaviour. 
  • Your review must occur in conjunction with a review of any CDD information that you have previously obtained for a customer. This includes their identity, address and beneficial ownership details, as well as the documents or data that you previously used to verify this information.  
  • You should ensure that you hold details of the current identity documents and address of any customer that is transacting with you regularly. 
  • Your review must also consider the information previously provided by the customer regarding the nature and purpose of their business relationship with you. You need to ensure that your customer’s transactions are consistent with your knowledge and understanding of their business relationship with you and their business and risk profile. This is important because it ensures that you have assessed their level of risk correctly and in particular, whether there is the need to apply an increasing level of enhanced CDD.
  • The frequency of a customer’s CDD review should be based on their level of risk. However, it is important to remember that risk ratings can change (whether as a result of your CDD review or some other transaction-based trigger that stems from your account monitoring).
  • The findings of your review should be both justifiable and recorded. This includes any resulting change to a customer’s risk rating, your decisions around the required level of CDD and the scheduling of the next review.

Prescribed Transaction Reporting

From 1 November 2017, the Prescribed Transaction Reporting regulations come into force. We recommend you start preparing now.

If your business engages in cash transactions that exceed NZ$10,000, or sends or receives funds overseas which exceed NZ$1,000, you are going to need to be ready to commence reporting on this date.   

Preparing to submit Prescribed Transactions Reports

Attached is a ‘five steps to prepare for submitting PTRs’ information sheet.  This sheet has been developed by the FIU to help reporting entities determine how best to submit PTRs and lists all the PTR supporting documentation now available. 

If you haven’t already, you need to:

  • Determine how you will submit PTRs; and
  • Request a copy of the PTR supporting documentation by sending an email to goamlconsult@police.govt.nz (FIU).

Once you receive a copy of the PTR documentation you need to ensure that all the appropriate staff in your organisation have a copy.

PTR Information available

There are four PTR web pages hosted by the FIU to help reporting entities prepare: 

1. Prescribed Transactions Reporting 
Includes an overview of Prescribed Transactions Reporting (PTR).

2. Who needs to submit PTRs? 
Provides information to help reporting entities start to identify their PTR reporting obligations.

3. How to submit PTRs 
Describes the three ways reporting entities will be able to submit PTRs.

4. Five steps to prepare for submitting PTRs and the supporting documentation available
Provides information to help reporting entities identify the most suitable option and prepare their IT systems. Links to the relevant legislation are also listed on this page.

To access these pages use the links above or go to http://www.police.govt.nz/ and search for relevant page.