Why Ongoing Customer Due Diligence Is So Important


Purpose: risk based regime

The purpose of having a robust risk based regime is to ensure that businesses take appropriate measures to guard against money laundering and terrorism financing.

This protects the reputation of individual businesses and New Zealand. But, it also safeguards against identity theft and the victimisation of individuals.

Ongoing customer due diligence

Most reporting entities have got their onboarding processes streamlined now – but it is time to make sure that your ongoing customer due diligence practices are up to scratch.

You must conduct ongoing CDD on existing customers and should be reviewing the details you have on record systematically. This requires you to ensure that the business relationship, including the activities and transactions within it, are consistent with your knowledge about the customer, their business and risk profile.

Remember: Money laundering is how criminals and terrorists disguise the illegal origins of their money. They are trying to avoid detection by authorities and protect the identity of those providing and receiving the funds. Smart systems are put in place by launderers to circumvent AML checks and ongoing vigilance is what gives us the opportunity to catch them out.

Building up the picture

Ongoing CDD allows you to gain an ongoing image of your customers. Allowing you the chance to detect any material changes, suspicious activities, and transactions.

Rightly stated by the New Zealand Law Society “you cannot adopt a ‘set and forget’ approach”.

Pieces of a puzzle

Launderers continuously adapt to avoid detection and circumvent preventative measures.

Reporting entities must conduct relevant CDD in the context of their relationship with the customer.

Remember: be responsible and do not assume that someone else has done their CDD correctly, or that the entity hasn't changed since they completed their checks. Everyone has a different piece of the puzzle.


Section 33 of the Act provides generally that a reporting entity may rely on another person (who is not an agent) to conduct the customer due diligence procedures required for customer due diligence under this Act or regulations.

Remember: it is not as simple as accepting a reliance certificate or using another reporting entities pre-verified data. You must have accurate records, have conducted a risk assessment and have up to date information consistent with the nature of the relationship you have with your customer.


You are responsible for meeting the obligations under the AML/CFT Act and the Compliance Officer has personal repercussions if onboarding and ongoing CDD is not conducted appropriately.

Remember: the DIA have taken legal action for failure to undertake CDD, failure to undertake ongoing CDD and account monitoring, and failure to keep adequate records.

Suspicious activity and transaction report

You must file a report with the Financial Intelligence Unit via their goAML online reporting tool within 72 hours of a suspicion forming.

Time is of the essence, make sure you file as quickly as you can and with as much detail as you have available.

Want to know more about customer due diligence? Read our ‘complete guide to understanding customer due diligence‘ or find out when EDD is required in ‘the essential guide to enhanced customer due diligence in NZ‘.

Remember: you are not telling the police someone is money laundering and you do not need concrete evidence ONLY a suspicion.

Alice Tregunna
Alice Tregunna | tic company

Get insights and news delivered to your inbox

Webite Developed by Logo