Regulatory Findings Report

Anti-Money Laundering and Countering Financing of Terrorism


Director's message

Kia ora koutou,
I am pleased to share our second regulatory findings report with you, this time for the period 1 July 2019 to 30 June 2020.

Te Tari Taiwhenua/The Department of Internal Affairs supervises the largest number of New Zealand businesses (known as reporting entities) that have obligations under the Anti-Money Laundering and Countering Financing of Terrorism Act (the AML/CFT Act).

In the 12 months ending 30 June 2020, the AML Group completed 26% more compliance assessments than the previous 12 months. That increase was helped by the implementation of our new IT system but was mostly due to the dedication and hard work of our teams around the country.

The AML/CFT Act’s purpose is to detect and deter money laundering and the financing of terrorism, maintain and enhance New Zealand’s reputation by meeting our international obligations, and to contribute to public confidence in the New Zealand financial system. In an increasingly digital, virtual and connected world, we continue to work with our system partners in New Zealand and overseas to do all we can to help prevent harm and protect New Zealand communities.

Our regulatory approach remains strongly focused on helping reporting entities comply with their obligations through risk-based reviews and assessments, education, engagement and remediation. However, if failure to meet the requirements of the AML/CFT Act is serious or systemic, we may use one of our enforcement tools. This has resulted in judgments in four significant proceedings in the last 12 months.

We understand just how harmful it is to a reporting entity’s reputation and financial viability when the obligations of the AML/CFT Act are not adhered to, or weak controls allow criminals to take advantage. When we do take enforcement action, it is proportional, effective and dissuasive.

Early in 2020, a Financial Action Task Force (FATF) Mutual Evaluation Assessment Team visited New Zealand for their on-site inspection. The inspection consisted of interviews with system partners, stakeholders and reporting entities. Fortunately, these were all completed before the COVID-19 lockdown. Like many planned activities for 2020, the scheduled release of the mutual evaluation findings has been disrupted by the global COVID-19 pandemic but the final report, originally planned for release in October 2020, will be published shortly.

Our focus for the coming year is to enhance our risk-based regulatory approach and build on our engagement work supporting the reporting entities we supervise. We are increasingly moving towards targeted assessments focused on the effectiveness of AML/CFT programmes in practice, aiming to test the understanding and the implementation of key obligations.

We will also continue our work with system partners to make improvements to, and deliver to the National Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Strategy. We keenly await the opportunities resulting from recommendations in the FATF Mutual Evaluation report.

In closing, I wish to acknowledge the impact that the global COVID-19 pandemic has had on you, your families and loved ones, and on New Zealand reporting entities. The Department appreciates and understands that impact, and I wish to thank all those dedicated compliance officers and New Zealand businesspeople who continue to help protect our country from the impact of money laundering and the financing of terrorism.

Ngā mihi ki a koutou katoa,

Mike Store
Director - Regulatory System AML
Te Tari Taiwhenua Department of Internal Affairs

Background to this report

This report shares our regulatory findings for compliance assessments undertaken during the 12 months ending 30 June 2020.

It is intended to help the reporting entities we supervise understand the findings of our assessments and reviews, and the areas where AML/CFT programmes are both compliant and non-compliant. This will help them maintain good practices and identify areas where they can improve systems and procedures to effectively meet their obligations under the AML/CFT Act.

An important part of our role as supervisor is to monitor and assess the money laundering (ML) and terrorism financing (TF) context in New Zealand and how that applies to our regulated sectors. We also monitor and assess new and emerging risks and apply this to our sector risk assessments and published guidance.

During this period, we observed:

  • Ongoing attempts to misuse professional services, such as law firms, accountants, trust and company service providers and real estate agents, by criminals seeking to launder money and disguise the origins and proceeds of their crimes.
  • The COVID-19 global pandemic has seen certain crime types, such as cyber-crime and fraud, that may not have been front of mind for many reporting entities, become more prevalent.
  • The ongoing ML risk to New Zealand from drug offending. Cash remains dominant for transacting drug crime in New Zealand and is being generated for money laundering in significant quantities.
  • It remains common in New Zealand for the proceeds of crime to be used to purchase real estate and other high-value goods, such as motor vehicles. This is often in the media when the New Zealand Police Asset Recovery Unit restrains and forfeits large numbers of cars, motorbikes, boats and other vehicles.

Education and engagement remain key to what we do in helping reporting entities comply with the AML/CFT Act. We work with sector stakeholders and peak bodies to support their members to understand their obligations. This can take the form of publishing guidance and explanatory notes to clarify the legislative requirements, and producing educational webinars, videos and events.

Where reporting entities are found to be non-compliant, we attempt to lift compliance through education where possible and provide remedial support.

A view from the outside of Auckland harbour A view from the outside of Auckland harbour

Our evolution as a supervisor in the AML/CFT system

The Department has supervised some reporting entities under the Act since 2013, with additional sectors introduced between July 2018 and August 2019.

Explore our journey by clicking on the years below.


New Zealand becomes a member of the Financial Action Task Force

1991 1991
2009 2009
2013 2013
2017 2017
2018 2018
2019 2019
2020 2020
2021 2021
Christchurch shopping street Christchurch shopping street

Executive summary

Our role

The Anti-Money Laundering and Countering Financing of Terrorism (AML) Group’s role at the Department is to supervise and support reporting entities to comply with the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act).

We help prevent businesses being misused by criminals for money laundering or terrorism financing.

We work with the Reserve Bank of New Zealand, the Financial Markets Authority, the Ministry of Justice and the NZ Police Financial Intelligence Unit (FIU), as well as other government agencies, to build an effective AML/CFT system.

Our supervision in brief

See our regulatory framework.

Our supervisory role includes providing education and guidance, supporting reporting entities to comply with their AML/CFT obligations and undertaking formal compliance assessments. Our compliance assessments comprise of desk-based reviews and on-site inspections.

Our desk-based reviews determine whether a reporting entity’s written AML/CFT policies, procedures and controls provide an effective framework for it to effectively detect and deter ML/TF. This considers up to 33 obligations required by the AML/CFT Act and is sometimes referred to as a reporting entity’s technical compliance. Our assessment approach is tailored to the specific reporting entity, which means there will be instances where certain obligations are not assessed.

Our on-site inspections focus on the ways that a reporting entity has implemented its AML/CFT programme in practice. Inspections assesses the reporting entity’s effectiveness in managing and mitigating its ML/TF risks in everyday business.

In total, over one-third of all our assessments required no further action by the reporting entity. However, that means two-thirds of all our assessments identified non-compliance that required some form of remediation.

Our findings in brief

Understanding the ML/TF risks is a key part of being able to meet AML/CFT obligations

Webinar on risk assessment

Link to full transcript of this video

This enables a reporting entity to target its compliance resource towards those customers, transactions, activities or circumstances where the ML/TF risk is higher. This is vital if an AML/CFT programme is to effectively detect ML/TF, and to manage and mitigate the risk of it occurring.

Areas of good practice identified

  • Risk Assessment and AML/CFT programme: Almost all reporting entities, including the new DNFBP sectors, have undertaken written risk assessments and established an AML/CFT programme. In many cases, these AML/CFT programmes are aligned with and operate alongside other business processes.
  • Compliance Officer: Reporting entities have appointed an AML/CFT compliance officer to administer and maintain their AML/CFT programme.
  • Identifying risks and understanding AML/CFT obligations: The identification and understanding of the ML/TF risks, AML/CFT obligations and the requirements of a risk-based approach is improving across the sectors supervised by the Department.
  • Reviewing/updated AML/CFT programme: As understanding of ML/TF risks and AML/CFT obligations develops, many reporting entities are reviewing and updating risk assessments and AML/CFT programmes to ensure they are effective.
  • Suspicious Activity Reporting: More than one third of all suspicious activity reports (SARs) to the FIU are submitted by reporting entities supervised by the Department. This includes some high-quality SARs submitted by reporting entities in the DNFBP sectors.
  • Prescribed Transaction Reporting: Many reporting entities are submitting prescribed transaction reports (PTRs) for large cash transactions of NZ$10,000 and over, and for international wire transfers of NZ$1,000 and over (when an ordering or beneficiary institution).

Areas identified for improvement

  • Inconsistent implementation of AML/CFT programmes: Written AML/CFT policies, procedures and controls are not always implemented consistently or effectively. This means that some reporting entities are more compliant on paper (technical compliance) than they are at implementation in practice (effectiveness).
  • Generic templates: While less evident than in last year’s findings, the use of generic templates for both risk assessments and AML/CFT programmes remains an issue. Generic content is useful as a starting point, but risk assessments and AML/CFT programmes must be specific to each reporting entity and the ML/TF risks.
  • Registration with goAML: While many reporting entities are registered for goAML with the FIU, there are many reporting entities that are not. Those reporting entities that have not registered primarily comprise law firms, accountants and real estate agents. All reporting entities should register for goAML so they are able to submit SARs and PTRs within the required timeframe.
  • Unidentified/risks not understood: While improving, ML/TF risks that are not fully identified or understood remains an issue for some reporting entities. We are also concerned the risks that had been identified (in the risk assessment) are not evident in training material and that staff involved in implementing the AML/CFT programme have low knowledge of the reporting entity’s ML/TF risks.
  • Unidentified/unverified sources of funds or wealth: Higher-risk customers, activities and transactions are not consistently being identified, verified and monitored. Undertaking enhanced customer due diligence to verify wealth and source of funds is key to distinguishing between a high-risk but legitimate customer and one that is potentially suspicious, should be reported and/or have business refused.

These last two obligations function together to ensure money laundering and terrorism financing is deterred and detected. Our assessments identified a high number of reporting entities with inconsistent examination and monitoring of higher-risk customers, activities or transactions, insufficient risk-based verification of source of wealth or funds, and a lack of escalation processes so that a SAR is submitted.