Reporting entities will no doubt be aware of the AML/CFT legislation updates which have taken place throughout 2024 and have understood changes to AML processes are required. However, understanding the changes is just the first step. Updating your risk assessment and AML compliance programmes to reflect these changes and ensuring they are implemented in day-to-day activity is the second.
Without taking action you are at risk of failing to meet your AML obligations. This won’t be overlooked at audit time, and failure to comply will likely have consequences for your business. While some of these changes may seem complex, once you have outlined the key updates you are making in your AML documentation it will be easier to follow and implement.
If you haven’t already, get started now.
Essential risk assessment and AML compliance programme elements to review
1. Beneficial ownership
What’s changed
Identifying the person with ultimate control or ownership of customers. The definition of beneficial owner has been updated to incorporate a wider audience.
What you need to do
Update your programme to show what procedures and controls you are going to include to identify ultimate ownership and effective control together with the additional requirements. Show how you are going to identify any nominee company, directors, and shareholders and how you are going to capture those with full control and not just the nominee.
Regulator guideline – beneficial ownership (pdf download)
2. Companies
What’s changed
There is new guidance surrounding what you now need to collect when you are establishing a business relationship with a company. This includes gathering information which details any powers that bind and regulate companies. There is also additional guidance issued on where a company is required to have enhanced customer due diligence completed.
What you need to do
Review the updates and then take a risk-based approach when establishing a business relationship with a company. You are now required to obtain the constitution or shareholder agreements or equivalent, which should be considered when you determine the risk level and whether to complete standard or enhanced customer due diligence. Procedures and Controls need to be updated in your Programme.
Review the guidance updates to consider circumstances where nominee directors or shareholders are identified and how this will change your current procedures.
Regulator guideline – companies (pdf download)
3. Limited partnerships
What’s changed
Limited Partnerships are common structures and like companies have the potential to allow for anonymity of parties involved. It is important that you know your customer and understand the way in which the Limited Partnership is structured, particularly the parties involved and the roles they play.
What you need to do
Outline in your documentation what procedures you are going to use to identify nominee partners, and how you are going to record and verify details. You are now required to obtain and according to the level of risk verify the limited partnerships:
- legal form and proof of existence
- ownership and control structure
- powers that bind and regulate
- existence and name of any nominee general partner
Review the updated guidelines and determine how you will update your procedures and controls to capture these requirements.
Regulator guideline – limited partnerships (pdf download)
4. Trusts
What’s changed
You need to obtain and verify ownership and control. This includes any powers that bind and regulate the trust, and the settlors and protectors of the trust.
What you need to do
Update your compliance programme to ensure you capture settlors as part of your customer due diligence process, and show what steps you will take to verify beneficial ownership and control, depending on the level of risk identified.
The guidelines set out instances where the settlor/protector is not a beneficial owner and cannot exercise ultimate control. In these instances, your verification processes can be relaxed.
These situations need to be documented in your Compliance Programme.
Regulator guideline – trusts (pdf download)
5. Enhanced due diligence
What’s changed
Additional information is required when conducting enhanced due diligence (EDD)
What you need to do
Determining when to obtain Source of Wealth (SoW) or Source of Funds (SoF) now needs to be clearly documented in your Programme.
Differentiate in your compliance programme in what circumstances you will obtain and verify information regarding a customer’s SoW, or SoF, or both. The programme must consider the types of situations in which SoW or SoF will be examined, and how you will differentiate in practice.
Doing this will show from a regulatory perspective how you have determined how SoW and SoF works for your business.
Regulator guideline – enhanced due diligence (pdf download)
Other AML updates 2024
The above are five key updates we have been helping businesses make to their Programmes as they impact most reporting entities, but there are others. These include but are not limited to:
Use of agents
If you use agents to support AML/CFT activities, you will need to record in your compliance programme the relevant functions of the agents.
An increase in obligations for virtual asset providers (VASPs)
New rules extend VASPs obligations for wire transfers. This includes the collection and verification of certain information in relation to the transfers, and prescribed transaction reporting (PTR).
Some virtual asset transfers redefined as “occasional transactions”
This new amendment changes the process around virtual asset transactions of $1,000 or more. They will now be subject to the CDD requirements imposed on ‘occasional transactions’ ($10,000 or more) in certain circumstances.
Summary
Ongoing reforms will continue as regulators take measures to strengthen the New Zealand AML framework. In 2025 we can expect further amendments to come into effect including changes to ongoing CDD and account monitoring, and we should be prepared to adapt our processes in line with changes.
It can be challenging, but keeping up to date with legislation, taking a risk-based approach, ensuring your documentation is current, and processes implemented correctly will be a huge help when it comes to meeting your AML obligations and facing audits.
Need help? Get an expert review of your compliance changes
Get a quality assurance check to ensure you’ve got things right and to detect any potential issues before they become a problem, or before you have an audit.
We can quality assure your existing AML documentation, or write and develop your Programme for you.