“Regulatory Creep" is a phrase that has grown in popularity and is often bandied about by those on the receiving end of what appears to be a never-ending sea of regulation, enforced by a growing list of regulators.
In some instances, the term may be used by businesses and entities subject to the regulations just to vent about what is perceived to be an unreasonable set of hoops to jump through. But in other, and in my view more justified instances, the phrase calls out the increasing behaviour of regulators to embellish or colour the law with their preferences.
It is a long-used practice of regulators to drive their view of best practice through targeted enforcement. The Commerce Commission has used the tool effectively many times – one example I recall was advising first tier lenders some years ago that a default of fee of $15 or less would not trigger enforcement action. A number of banks immediately dropped their fee while another raised theirs! And of course, just like that, there was a benchmark for a “reasonable” default fee.
Where the particular law being enforced is relatively well known and understood (think Fair Trading Act), the impact of this sort of gentle “herding” is relatively contained, and for the most part likely does have positive outcomes for the public while not increasing the cost of compliance disproportionately.
The concern however, is where regulatory creep occurs in respect of legislation that has been subject to little or limited judicial consideration, a consequence of which is that the rules are unclear. In my opinion this is undoubtedly the case with the Anti-Money Laundering and Countering Financing of Terrorism Act, where there is widespread confusion about legislative requirements and supervisor guidance, and with reporting entities genuinely not knowing what constitutes compliance with the law.
To be quite clear I am fully supportive of the NZ AML/CFT regime. The legislation has its challenges and is in much need of the upcoming review, particularly as it now captures such a vast range of businesses and sectors. However, the basic premise upon which it is founded and the underlying tenets are needed, both socially and economically. What bothers me, is what seems to be an increasing tendency of supervisors to, for want of a better word, “colour” the actual requirements of the Act. Certainly, they seem comfortable dictating minutiae in respect of which the Act is conspicuously silent.
I have no doubt that the AML/CFT supervisors are under pressure to deliver enforcement results, and it must be hugely frustrating to continue to encounter entities that are simply defiant and make no effort to comply. However, the increased numbers of reporting entities, coupled with strained resources and the determination to make our legislation conform to FATF standards no matter what, seems to have resulted in a regulatory creep of exponential proportions given that this is after all promoted as a risk-based regime.
By way of example, entities are being found to be “partially compliant” or “non-compliant” for such things as not having a version control on their programme documents, or for not including the definition of a PEP in their programme. These are not legislative requirements. At best they seem to be some sort of best practice wish list the supervisors have derived (and which continually changes) and which is not shared with reporting entities. Certainly, they are not deficiencies that go anywhere near meeting a civil liability act.
So, what do you do?
The woolly friendly sheep has knocked on your door. But you know that underneath that fluffy exterior it has sharp teeth if you don’t stroke its fleece the right way and It appears the sheep wolf holds all the power.
My advice is as follows:
- Know what the supervisors are allowed to do and what they can’t do.
- Understand what the enforcement options are and when they are appropriately applied.
- Understand the difference between a civil liability act and a failure to meet a best practice standard.
- Keep up to date with supervisor guidance and assess its relevance to your business and its genuine application and accuracy. (Don’t try to find ways to exclude yourself but don’t accept it at face value)
- And last but far from least, Do not be afraid to challenge the sheep (nicely) and ask them to explain and justify their findings.
Oh, and supervisors, if any of you are reading this, please, pretty please – consider that perhaps you need an additional term in your findings reports. “Recommended” or similar is not a wet bus ticket. It is appropriate recognition of a risk-based regime, legislation that is not prescriptive in many aspects and that your guidance is just that, guidance. It does not have the weight of law and not following it to the letter is not an automatic breach or failure to comply. Furthermore, extending the options for reporting back to entities properly distinguishes between the belligerent, the apathetic and the downright unlawful, and those entities genuinely trying to get it right and probably doing okay, if a court got to decide.
Get tips on how to stay on top of reviews with ‘Quality Assurance: Benefits at Audit Time of Ongoing Checks‘.
Fiona Hall is a barrister and solicitor operating in sole practice with a focus on regulatory law. Fiona has the extensive commercial law experience gained for her roles with top New Zealand and UK law firms, as General Counsel for a number of financial institutions, as senior counsel for the Commerce Commission and as the AML Compliance Officer for a large national company.
Josh Daniell 
tic company 
