Suspicious Activity Reports – Thematic Review

AML/CFT News and updates

19 April 2023

From October 2022 to January 2023 the Department of Internal Affairs (Department) conducted a thematic review to establish how well the procedures, policies and controls in relation to the detection and filing of Suspicious Activity Reports (SARs) were implemented.

A total of 56 reporting entities were assessed. The review involved a team of regulators from the Department evaluating the policies, procedures, and controls at each entity and assessing how well they complied with the AML/CFT Act 2009 (the Act). It gave us an opportunity to see how SAR obligations were understood in practice.

The 56 reporting entities were asked to:

  • Submit their policies, procedures, and controls for SAR reporting
  • Confirm their registration with GoAML, and
  • Provide the number of SARs they had submitted between 1 November 2021 and the 30th of October 2022.

In relation to policies, procedures and controls, the review found that out of the 56 firms:

  • 21 were compliant
  • 30 were partially compliant
  • 5 were non-compliant.

The review found that out of the 56 entities included in the review, 55 were registered with GoAML. It also found that only 11 out of the 56 entities had filed SARs from 1 November 2021 to 30 October 2022.

Key Findings

While compliance was good, there were several areas of improvement identified:

  • There was a recurring misunderstanding of the requirement to undertake enhanced Customer Due Diligence on customers where a SAR had been filed. More information about this requirement is available here.
  • There is a need to improve controls on internal reporting, escalation and ensuring the 3 working day reporting requirement is met. More information in relation to best practice in filing SARs can be found here (pdf, 6.3mb).
  • That caution should be exercised when using templates to inform your SAR policies, procedures and controls. Every risk assessment needs to meet the unique and specific needs of your business and using a template without adequately tailoring it to your business will result in non-compliance with the Act.
  • It is important to remember that your identity will not be revealed if you submit a SAR. SAR report is a confidential process and there are penalties for anyone who discloses information relating to a SAR. More information is available here.
  • Concerns were raised about being compliant with the Privacy Act 2020 but it is important to remember that the requirement to submit an SAR overrides any obligations under the Privacy Act 2020. Where you have submitted a SAR in good faith and in accordance with your obligations under the Act, no civil, criminal, or disciplinary proceedings may be taken against you. More information is available here.

New Zealand continues to be a target for criminals to launder money. Each year over 1 billion dollars is laundered through New Zealand businesses. By reporting suspicious activities, you play a key role in stopping a range of crimes. We continue to appreciate the essential role you play in keeping New Zealand safe. If you would like any further information, please do not hesitate to contact us on amlcft@dia.govt.nz.