Since the AML/CFT Act came into force in New Zealand it has been mandatory for businesses providing financial, accounting, legal and real estate services to comply with anti money laundering legislation.
Companies have sharpened their focus on regulatory compliance to comply with the AML regime, however fulfilling obligations continues to be a challenge for many. The complexities involved can be overwhelming but ensuring the right processes are in place can help enable compliance now and in the future. Using an anti money laundering compliance checklist can serve as a reminder to the key activities you should be undertaking.
In this article, we uncover AML compliance essentials and provide a checklist to help ensure you meet regulatory expectations.
What are AML compliance requirements?
Critical to AML compliance is a general understanding of the AML/CFT Act and ensuring the correct implementation of policies, procedures and controls in your business.
This involves identifying and assessing the level of risks your business faces from money laundering and terrorism financing, and developing strategies in-line with regulator guidance to manage, reduce and control these risks.
There are a number of procedures which businesses are required to implement and these should form part of a documented risk assessment and compliance programme.
What documents are required to meet AML requirements?
The two critical documents reporting entities must develop to guide employees in carrying out day-to-day AML measures are:
- A risk assessment profile
- An AML compliance programme
It can be tempting to use premade templates to create these documents but although templates can help get you started these critical documents must be individual to your business. Your risk assessment should reflect the level of risk associated with the products and/or services you provide, the type of clients you have relationships with, as well as the appetite for risk your business has.
Getting this right will help you create an effective risk-based compliance programme. This is critical to showing how you will manage your AML obligations to effectively protect your business, and how you are helping prevent bad actors using your business for money laundering purposes.
Creating rigorous internal AML policies starts with creating the documents mentioned above but it doesn’t end there – you will need to effectively implement these policies to meet AML requirements.
Below is a checklist of compliance activity you’ll need to ensure you are carrying out within your business.
Essential items to include on your AML compliance checklist
The shifting landscape of financial crime and changing legislation means your AML programme may need refinement at times, however there will always be certain activities you will need to complete.
This compliance checklist outlines these key activities.
1. Develop and implement internal AML frameworks
As mentioned above, the two key documents you will need to kick off your compliance activity is a risk assessment, and a compliance programme.
The regulators describe this as taking a risk based approach to identify the inherent ML/TF risks in your business and then developing Policies, Procedures and Controls (PPCs) to mitigate these risks:
- Policy – refer to expectations, standards, and behaviours.
- Procedure – set out a description of day-to-day operations including processes and business rules.
- Control –refer to the actions that management set to ensure you comply with policies and procedures to mitigate ML/TF risk.
2. Train staff and ensure they have support
Without training staff in correct AML procedures and ensuring support for activity is available and endorsed by leaders you will not be able to ensure AML obligations are carried out. Having well-informed staff will increase your efficiency and ultimately enable you to be better prepared to identify risks, and get better results at audit time.
Remember to document staff training policy, procedures and controls in your AML compliance programme and develop a training register which records date, time, staff member names and the topics covered.
3. Vet key staff
You can screen employees for any role. However, to meet AML obligations, you need to be vetting your AML compliance officer and any staff with AML duties. PPCs for staff vetting should also be documented as part of your AML compliance programme.
4. Appoint a compliance officer
Your compliance officer will be the person dealing with auditors, supervisors and administering and maintaining your AML/CFT frameworks. It pays to ensure they are well trained, and supported by the Senior Management team.
5. Carry out customer due diligence every time
The foundation to any compliance activity is ‘knowing your client’ and ensuring you’ve carried out your customer due diligence. This will include collecting customer data to ensure customers are who they say they are, and to determine the level of risk they may present to your business.
Depending on the level of risk identified you many need to carry out a greater level of checks using enhanced due diligence tactics.
Your compliance programme must consider the types of situations in which you carry out enhanced due diligence compared to standard due diligence, and what you actually do in practice for each scenario.
6. Implement ongoing AML monitoring
Customer due diligence isn’t a set and forget process. Client’s circumstances can change over time and you should be reviewing the details you have on record regularly. This requires you to ensure that your business relationship, including the activities and transactions within it, are consistent with your knowledge about your customer, their business and risk profile.
7. Know the red flags pertinent to your business
Red flags may differ dependent on your industry and your customers. Knowing your customer and knowing the risk for your business and sector will help you identify red flags particular to your situation.
Discovering a red flag doesn’t mean you can’t do business with a client but you must understand, assess, and record the risk, and carry out enhanced due diligence where necessary.
8. Ensure record keeping is up to scratch
It is essential to keep comprehensive records of your AML processes, your customers, how you go about assessing risk, nature of transactions, and your identification procedures.
Record keeping can be tedious but it will be something that will be audited and will help you understand and identify areas of risk.
9. Complete suspicious activity reports (SARs) when relevant
Suspicious activity reporting is an important part of the fight against money laundering but it needs to be done in a meaningful way to make it a valuable and useful part of the process.
If you have formed a suspicion based on what you’re seeing from a customer and you reasonably believe they are trying to use your business for illicit purposes, file a SAR.
Submit your SAR to the FIU as soon as possible, but no later than three working days after the suspicion has been formed.
Also, keep your own records of suspicious activity reports. Record all actions taken, all your findings, and all the information gathered, as you may be required to replicate the transaction.
10. Create accurate annual reports and submit on time
As the name suggests annual reports need to be submitted to your supervisor (DIA, FMA or RBNZ) every year – for the year ending 30 June with submission between 1 July – 31 August without fail.
You will need to provide information on your business, the services you provide, types of customers, finances, methods used for customer due diligence, and audit details.
Following your compliance programme and ensuring record keeping is done correctly throughout the year will help with this annual task.
11. Audit and regularly review your programme and procedures
Audits are part of AML compliance whether we like it or not. Get your procedures, policies, and controls right and audits will become a lot less stressful. You are also required to review your Risk Assessment and Compliance Programme on an annual basis.
All the above points in our compliance checklist will be audited so get these basic compliance rules right and you will have more time with your auditor to ask for useful insights and advice.
In New Zealand, you will need to ensure an audit is carried out on your AML compliance programme every three years by an independent, appropriately qualified person.
There’s no hiding from the fact that the above procedures can take time, knowledge, and money, however, they are essential, and there are ways to get expert, qualified support, and/or technology to help.
Other considerations
Consider what technology you may need
There are technical solutions which can help save time by automating some customer identification requirements, including running politically exposed person (PEP) and sanction checks. Technology can also help mitigate risk and provide efficiencies when organising and managing your AML activities.
Not all technology is the same however, and you should carefully consider what is going to be right for the needs of your business.
At tic company we use enterprise-grade technology to provide an entire AML online ecosystem. With our technology you can verify identity of customers in minutes, conduct remote biometrics, receive customisable solutions aligned to your business profile, and store all your records on one platform while ensuring protection of user data and privacy.
Using technology like this can speed up your due diligence processes and with the right provider give expert hands on support when you need it.
Assess whether outsourcing is right for you
Outsourcing can save you time and money, and provide expertise for tricky cases, or when you need a little extra resource. It can be a definite bonus to your business but as with all providers you use, ensure you do your due diligence and consider how well an AML outsourcing company is a fit for your business.
Consider how well they understand your business and the problems you face. Ensure you know what is going to be done with your data, what the deliverables are, and how long activity is going to take.
Talk to us at tic company for more on outsourcing or for a demo of our technology.
Ready to get started?
To kick-start effective compliance procedures, it’s fundamental to assess your company’s appetite for risk while putting checks in place to guard against financial crime with a comprehensive AML compliance programme.
Use our anti money laundering compliance checklist to ensure you’ve covered the essentials and haven’t missed out on any of the key elements of your AML obligations.
If you need help to get started, or want some help to ensure you’ve got things right, give us a call on 09 369 6867 or email info@ticcompany.com