Common areas of non-compliance
20 October 2022
We recently reviewed the independent audit reports from a group of 38 reporting entities to understand their level of compliance with the AML/CFT Act.
The most common areas of non-compliance identified by auditors were:
- Regarding AML/CFT Risk Assessment, many reporting entities were found deficient in:
- assessing the type of customers they deal with,
- assessing the institutions they deal with, and
- keeping the risk assessment current.
- Regarding AML/CFT Programme, many reporting entities hadinadequate and/or ineffective procedures, policies, and controls for:
- staff training on AML/CFT matters,
- determining a politically exposed person,
- determining when to apply enhanced customer due diligence,
- examining and keeping written findings relating to large, complex and unusual patterns of transactions, and
- monitoring of compliance.
- Regarding generic templates, many reporting entities continue to adopt a generic template without adequately amending it to reflect the money laundering and terrorism financing risks faced by its business. Generic content relating to the ML/TF risks associated with a sector, without consideration of that reporting entity’s business, will not comply with section 57 or 58 of the AML/CFT Act.
Our recommendations to all reporting entities
The Department provides guidelines to help you develop your AML/CFT programme and risk assessment. You can find these guidelines and other resources here: AML-CFT Information for Businesses - dia.govt.nz.
You should remediate any deficiencies identified in your audit report in a timely manner.
