AML/CFT Act Amendments: What You Need To Know

Changes to the AML/CFT Act

New Zealand’s AML/CFT law under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (Act) has recently under-gone significant changes following a Ministry of Justice (MoJ) review. Ministry of Justice (MoJ) review. The MoJ review found that the Act’s regime is generally sound and consistent with Financial Action Task Force (FATF) recommendations, however identified that certain improvements could be made to ensure it is the best it can be.

Cabinet agreed to these changes in October 2022, and they are due to be implemented in three phases on:

  • 31st July 2023
  • 1 June 2024 and;
  • 1 June 2025. 

The key changes to the Act are to be implemented primarily as amendments to the AML/CFT regulations, with 12 additional changes proposed by MoJ to be enforced through the Act itself at a later date.

What are the agreed changes to the AML/CFT Act??

The primary changes will provide a significant clarification on guidance provided by the Act for reporting entities already subject to AML/CFT obligations. It also outlines the businesses which will begin to be captured under the Act and the requirements that they will need to comply with for the first time. 

The significant amendments to the AML/CFT regulations are outlined below, with information provided as to how the changes will affect businesses operations and compliance programmes.

Key amendments to come into effect 31 July 2023

1. Changes in Customer Due Diligence (CDD) timing for Real Estate (Regulation 16(1)

This change introduces alternative timelines for when CDD is to be conducted by Real Estate agents/agencies 

  • For all commercial commercial lease transactions, assignment to lease transactions, or sub-lease transactions, CDD must be conducted and completed to legislative standards  before the real estate licensee presents a lease agreement to the landlord, or an assignment of lease to the assignee, or a sublease agreement to the outgoing tenant.
  • In relation to all other real estate transactions, CDD must be conducted once there is a fully signed agency agreement, but before carrying out any further real estate work for the ‘customer’, such as marketing or viewings.

What this means for real estate businesses

This new time frame does not change the expectation that CDD will be conducted as it is still required, but rather provides some added flexibility to assist with more fluid business operations.

2. Removal of the requirement to conduct new CDD when undertaking new engagements with existing ‘customers’ (Regulation 12B)

This change is solely focused upon designated non-financial businesses or professions (DNFBP), and removes the requirement for conducting CDD on existing customers when engaging in a new transaction unless there is reasonable ground to doubt the adequacy or veracity of any documentation, data, or information already held. 

Designated non-financial businesses or professions refer to the group of entities or individuals that are involved in activities outside of the traditional financial sector, such as Real Estate, Law Firms, or Accountancies.

What this means for DNFBP’s

This will change the frequency at which CDD is undertaken as previously any new transaction (such as the sale or the lease of property) was subject to CDD requirements. Under this new Regulation, it will only be needed if the information on file is sub-par or outdated, or the customer has a change in risk, which has been determined through your ‘know your customer process’. Record keeping should be undertaken however to demonstrate these considerations have been taken, and to justify why further due diligence was not required.

3. Clarified Definition of a “Nominee Director” (Regulation 3)

The amendment will affect who and what constitutes a nominee director. Under current requirements, reporting entities are required to query as to whether company customers have a ‘nominee directors’. The current amendments help to clarify that a nominee director now excludes a director that is accustomed to or currently receives direction of a holding company or appointed shareholder.

What this means for reporting entities

This will impact the comprehensiveness of both Standard and Enhanced CDD requirements, and will likely mean that reporting entities are not required to dig too far down into nominee and holding companies unless potential risk deems it necessary. 

4. Clarification of the definition of “beneficial owner” (Regulation 5AA)

For the purposes of the definition of beneficial owner in section 5(1) of the Act, beneficial owner is clarified as being:

  1. a person with ultimate ownership or control of the customer, whether directly or indirectly:
  2. includes a person on whose behalf the transaction is conducted that is a customer of a customer, but only if the person holds more than 25% shares in the asset.

This will likely have little to no effect on compliance programmes unless explicitly stated, but is something that reporting entities should be aware of.

5. Exemption for corporate trustees & nominee companies that are subsidiaries of reporting entities

This is particularly relevant to law and accounting firms. To qualify for the exemption, the subsidiary must provide the relevant services on behalf of the firm, and the firm’s programme must cover the activities of the subsidiary (e.g. be a trustee of the trust that the reporting entity is conducting CDD upon).

What this means for law and accounting firms

This will change the need for due diligence to be carried out on corporate trustees and nominee companies which are entities internal to the reporting entity itself. Where previously, due diligence was required on these entities, it will no longer be necessary in specific circumstances. This will primarily affect Law Firms and Financial Service Providers when carrying out due diligence on clients of their own.

6. Countries with insufficient anti-money laundering and countering financing of terrorism systems or measures (Regulation 15)

The definition of “A country that has insufficient anti-money laundering and countering financing of terrorism systems or measures in place” now includes “A country identified by the Financial Action Task Force as being high-risk jurisdiction subject to a call for action.” 

What this means for reporting entities

Risk and compliance programmes will need to be updated for countries to include this new definition, and then include the process in your Programme.

7. Designated business group may share compliance officer

A member of a designated business group may now share a compliance officer with another member of the group if it assists in proper functioning of business and compliance operations.

8. Definition of ‘Virtual asset” introduced and Act to apply to those capture under this definition

A definition of “virtual asset” will be introduced and is related to obligations of virtual asset service providers. “Virtual asset” is defined as a digital representation of value that can be digitally traded or transferred, such as cryptocurrencies, NFT’s, or other digital assets that can be used for payment or investment purposes.

What this means for virtual asset service providers

The Act does not currently apply to service providers that only provide the service of safekeeping or administration of virtual assets, however the changes will bring providers of such services within the scope of the Act.

9. Extending a range of exemptions

The changes will find exempt registered charities (who provide loans not exceeding $6,000), non-court appointed liquidators, and apply new exemptions to TAB NZ (this is connected to its partnership with Entain New Zealand Limited, who is declared a reporting entity).

Key amendments to come into effect 1 June 2024

1. Additional information to be collected when carrying out enhanced customer due diligence where a reporting entity has grounds to report suspicious activity or in certain cases relating to business relationships

The changes will require reporting entities to consider whether to do the following:

  • obtain further information from the customer in relation to a transaction;
  • examine the purpose of a transaction (collection of this information is currently required but there is no requirement to “examine” it);
  • conduct enhanced monitoring of a business relationship; and
  • obtain senior management approval for transactions or to continue the business relationship

What the means for reporting entities

This expands the scope of EDD and places greater due diligence expectations on reporting entities to be aware of who they are engaging in business with, and why they are wanting to do business with the reporting entity. 

2. Differentiate when and why source of wealth/funds is needed in compliance programmes

This amendment requires AML/CFT compliance programmes to expressly differentiate between the circumstances where CDD is conducted to obtain information regarding either the source of funds or source or wealth of a customer, or both. 

This will likely incur further legislative clarification in coming months, but it will focus primarily on defining the terms source of wealth and funds, and importantly, the respective  circumstances where these are needed.

3. Requirement to provide more information about agents in programmes

In instances where a reporting agent uses agents to support its AML/CFT activities, they will be required to set out in their programmes the relevant functions of the agents, the agents that conduct staff vetting on behalf of the entity, and the agents to support training matters on behalf of the entity. 

This will likely not change much in terms of day-to-day operations, but may require a review and update of compliance programmes and procedures to ensure greater transparency.

4. Extension of obligations of virtual asset service providers (VASPs)

The changes extend VASPs’ obligations in relation to wire transfers including the collection and verification of certain information in relation to the transfers, and prescribed transaction reporting (PTR).

5. Declaring virtual asset transactions of a threshold of $1,000 or more to be an occasional transaction under certain circumstances

Currently transactions between the value of $1,000 and $10,000 that are completed using stored value instruments (such as debit cards and gift cards) are exempt from CDD requirements. However, this new amendment changes the process around virtual asset transactions of $1,000 or more, and they will soon be subject to the CDD requirements imposed on ‘occasional transactions’ ($10,000 or more) in certain circumstances. 

Alongside amendment 6 noted above, this will capture new entities under the Act and will ensure that transactions made by virtual assets over $1,000 (such as cryptocurrencies) outside of a business relationship are subject to due diligence processes. Further clarification will likely be provided in coming months, but it is an amendment which will mean greater vigilance by reporting entities, especially those who will soon fall under the scope of the Act.

Key amendments announced to come into effect 1 June 2025

1. Requirement to conduct customer-specific risk assessment

Reporting entities will have to add risk ratings to each customer when completing CDD, and will need to update such risk rating as part of ongoing CDD and account monitoring during the business relationship.

This has relevance to the new regulation 15 as detailed above in terms of awareness and transparency regarding who the customer is and where their business originates from in terms of the FATF risk ratings. 

What this means for reporting entities

The reporting entity must keep a record of the customer’s risk rating and review the customer’s risk rating, as appropriate.

2. Narrowed exemptions for online auctioneers and marketplaces

This amendment will revoke the current exclusion for providers of internet auctions and introduce a narrower exemption for transactions between a provider of an online marketplace and buyers/sellers if the transaction(s) do not exceed $10,000 in any 12 month period (unless the transaction is considered a suspicious activity).

Key amendments to note NOT included in the current draft regulations

1. Relaxation of Standard CDD address verification requirements

Under new regulation 24AJ ‘Exemption from address verification requirement’, the requirement to verify residential addresses via a reliable and independent source would be reduced. 

The new regulations would make the requirements significantly narrower in that addresses would only need to be verified as ‘correct’ (except when Enhanced CDD is required). This is not to be implemented as of yet, however, so reporting entities should still endeavour to verify addresses under the current Standard CDD requirements.

2. Relaxation of Source of Wealth/Funds verification for low-risk trusts

The draft regulations outline an exemption for certain lower-risk trusts, such as single asset family trusts, to be exempt from the source of wealth/funds verification obligations. Currently, it is mandatory for Enhanced CDD to be conducted on all trusts or vehicles which hold personal assets regardless of the risk or nature of the trust. For the time being, this will not change so reporting entities should still ensure they are conducting the relevant checks where necessary.

What next?

It’s true these changes are coming through in phases, which provides the opportunity to address any areas for improvement, but you should take early note as you are likely to be impacted.

If you are unsure how these upcoming changes apply to you, or you’d like some help ensuring you are still meeting your compliance obligations, call us on 09 369 6867 or email

Get insights and news delivered to your inbox

Webite Developed by Logo