Amendment Regulations: Stages 2 and 3
In July 2023, a package of regulatory amendments to the Anti-Money Laundering and Counter Financing of Terrorism Act 2009 (AML/CFT Act) was released. The amendments are coming into force in three stages from 31 July 2023 to 1 June 2025. In another post, we discussed the changes entered into force in Stage 1, while this one focuses on Stages 2 and 3.
Considering that the amendments roll out in three stages, the AML/CFT Supervisors would expect you to take immediate action for the 2023 amendments and that you will be well prepared for Stages 2 and 3. This post covers the changes coming up in 2024 and 2025 to help you prepare for the deadlines.
Additional Information Requirement for Legal Persons (e.g. Company or Limited Partnership)
When your customer is a legal person, you must verify information on data issued by a reliable and independent source relating to:
the customer’s legal form and proof of existence;
the customer’s ownership and control structure; and
any powers that bind and regulate the customer.
An example of a reliable and independent source is a company’s extract.
You must also verify information on data issued by a reliable source about:
the existence and name of any nominee director and shareholder, if the customer is a company; and
the existence and name of any nominee general partner, if the customer is a limited partnership.
The regulation does not say you need to verify such information via reliable and independent sources, only reliable ones. This may include:
written confirmation from another director confirming the name of the nominee director (or from another partner for a nominee general partner);
written confirmation of any nominee relationship(s) (formal or informal); and
a written agreement in place between any nominees and the person whose instructions or directions the nominee follows or is accustomed to follow.
Additional Information Requirement for Legal Arrangements (e.g. Trust)
When your customer is a legal arrangement, you must verify information on data issued by a reliable source relating to:
the customer’s legal form and proof of existence;
the customer’s ownership and control structure; and
any powers that bind and regulate the customer.
A reliable source to verify such information is for example a trust deed and it’s amending deeds, which you can ask your customer to provide to you.
You must also verify information on data issued by a reliable and independent source in relation to:
the settlor (or settlors) of the trust; and
any protector (or protectors) of the trust.
This information must be verified by a reliable and independent source, for example a passport.
Additional Enhanced Customer Due Diligence Requirements
When you are conducting enhanced customer due diligence (CDD) on:
a trust;
a non-resident customer from a country identified by the Financial Action Task Force as being a high-risk jurisdiction subject to a call for action;
a company with nominee shareholders or shares in bearer form;
a customer who seeks to conduct a usual large transaction; and
high-risk customers.
You must carry out additional enhanced CDD measures before establishing, and during, the business relationship if you assess that the source of funds and wealth information collected is not sufficient to manage and mitigate the risks of ML/FT.
The additional enhanced CDD measures include:
obtaining further information from the customer in relation to a transaction;
examining the purpose of a transaction;
enhanced monitoring of a business relationship; or
obtaining senior management approval for transactions or continuing the business relationship.
Prescribed Conditions for Reliance on Another Reporting Entity for Customer Due Diligence
When you are relying on another reporting entity to conduct CDD on your behalf, you must take reasonable steps to verify that the other reporting entity:
has record-keeping measures to at least the standard required by the AML/CFT Act; and
is able to provide verification information to you as soon as practicable on request, but within five working days after receiving the request.
To satisfy yourself of the point above, a written confirmation from the other reporting entity (for example via email or via an official letter signed by a senior manager of the other reporting entity) should be received and saved on record.
If the other reporting entity is based overseas, you must consider the level of risk associated with relying on a person residing in that country. This should include a consideration of the ML/FT risks associated with the relevant countries via reliable sources (see for example the Basel AML Index and Know Your Country). The assessment of the country and any decision made should be recorded on file.
Wire Transfer (for all reporting entities except DNFBPs)
You can read a full overview of wire transfer obligations here. In short, with this round of amendments, you should consider the following:
For a cross-border wire transfer below $1,000, you would be required to accompany the wire transfer with the originator and beneficiary’s name and either their account number or another unique identifier. You are not required to verify such information unless you have grounds to submit a suspicious activity report.
You must also obtain and keep on record for five years the beneficiary’s name and account number or transaction reference.
When acting as an intermediary institution, you must ensure that all information that accompanies a wire transfer is retained with it when transmitted to another intermediary institution or beneficiary institution. If you cannot, for technical reasons, provide to the beneficiary institution any information about the originator of the wire transfer, you must keep a record of the information that was received.
You should keep a record of any submitted prescribed transaction reports for five years after the end of the business relationship with the customer is concluded.
If you are a money remitter acting as an ordering institution or beneficiary institution of a wire transfer outside New Zealand, and you are required to report to the New Zealand Financial Intelligence Unit for a suspicious activity report, you must also provide a copy of the suspicious activity report to the relevant financial intelligence unit in any country (or countries) affected by the suspicious activity.
Further Requirement Relating to Risk-Rating New Customers
You must risk rate any new customer and you must keep a record of the risk rating and update the risk rating on an ongoing basis as part of your ongoing CDD duties.
Before starting to rate customers, you will need to detail in your Compliance Programme how in practice you will assess your customer’s risk and how you will keep a record of such assessment.
The AML/CFT supervisors have not yet released specific guidance on customer risk ratings. However, building upon existing guidance on Risk Assessment Methodology and Prompts and Notes for Risk Assessments and Compliance Programmes, we can infer that some examples of higher risk indicators to be considered are:
The customer is:
A foreign trust or a charitable trust.
A company with nominee shareholders or shares in bearer form or shell company.
A politically exposed person or a high-net-worth individual.
An overseas resident from a high-risk jurisdiction.
The customer operates in:
Cash-intensive businesses.
Businesses associated with high levels of corruption.
Financial or other professional services that are unregistered, or are poorly regulated.
You are not able to meet the customer face-to-face, or the customer is instructed to you via a gatekeeper, such as a lawyer or an accountant.
Risk rating your customers will require substantial adaptation of your current AML/CFT regime. You will need to establish a methodology on how you will do the risk rating, develop new policies, procedures and controls, and train your staff on the new requirements. It would be advisable to start working on such a project as soon as possible, to make sure you are ready by June 2025.
What’s Next?
Do you have any questions on the new amendment regulations? Get in touch today.