Frequently Asked Questions for DIA Reporting Entities
Last updated 10 September 2024.
- A. Compliance Officer
- B. Types of customers:
- A customer that is a company
- Unit Title body corporates
- C. Risk Assessment
- D. Customer due diligence (CDD):
- Standard CDD
- Verifying a customer’s name and date of birth
- Address verification
- Existing customers/clients
- Enhanced customer due diligence (EDD)
- Wire transfers and Prescribed Transaction Reporting requirements
- EDD - Source of wealth or source of funds
- E. Large Cash Transaction - Prescribed transaction reports
- F. Suspicious activity reporting
- G. Staff vetting
- H. Audits
- I. Annual AML/CFT Report
- J. For law firms and accountants:
- Designated non-financial business or profession (DNFBP) Activity (a)(ii)
- DNFBP Activity a(iii)
- DNFBP Activity (a)(iv)
- DNFBP Activity (a)(vi)(E)
- Other questions relating to captured activities
- Information for law firms and accountants – wire transfer and prescribed transaction reporting
- Read our Disclaimer
A. Compliance Officer:
1. What does the Compliance Officer have to do?
Section 56(2) of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act) stipulates that a reporting entity must designate an employee as a Compliance Officer to administer and maintain its AML/CFT programme.
The AML/CFT Act does not exclude a Compliance Officer from performing other functions outside of the role of Compliance Officer.
2. Who can be a Compliance Officer?
The Compliance Officer must be an employee of the reporting entity and report to a senior manager. Alternatively, the Compliance Officer may be a senior manager themselves.
Only where a reporting entity has no employees can an external person be appointed as a Compliance Officer. For example you may appoint an external person as a Compliance Officer if you are a sole practitioner (i.e. self-employed), if you have no employees, and if you are not able to be the Compliance Officer yourself.
3. Can a partner of a reporting entity that is a partnership be the Compliance Officer?
Yes. Section 56(5) of the AML/CFT Act allows a partner in a partnership (including law firms or accounting practice partnerships) to be the Compliance Officer for the partnership. The partner acting as the Compliance Officer must report to another partner on AML/CFT matters.
B. Types of customers:
CDD on a customer that is a company
4. Can all entities in an approved designated business group (DBG) have a single compliance officer?
Where related reporting entities form a designated business group (DBG), the AML/CFT Act permits them to share certain obligations. While the Act does not extend this to sharing a compliance officer, a Ministerial exemption has been approved for this purpose. This enables a single compliance officer to administer and maintain the AML/CFT programmes of every reporting entity that is a member of a DBG. This is intended to improve effectiveness by sharing compliance expertise across the DBG, as well as reducing compliance costs for those reporting entities within it. The current exemption came into force on 30 June 2023 and will expire on 31 December 2024.
For further information regarding the process for forming a DBG, please refer to the Guidelines.
5. Can I use the Companies Register to assist me in conducting CDD on a customer that is a New Zealand incorporated company?
If your customer is a New Zealand incorporated company, the online Companies Register may assist you in conducting CDD.
The Companies Office records will enable you to identify those directors and shareholders who may be beneficial owners of your customer. You will still, according to level of risk involved, then need to verify the identity of these persons (please refer to question 9 below). You will also need to identify and verify the identity of any additional persons that are beneficial owners, such as those with effective control of the company.
In addition, you will need to identify and verify the identity of any person acting on behalf of the customer, as well as their authority to act.
For further guidance, please refer to the following links:
- Customer Due Diligence (including Fact Sheets - updated 2024)
- Beneficial ownership (updated April 2024): Beneficial Ownership Guideline (PDF, 523KB)
- Acting on behalf of others: ‘Acting on behalf of a customer’ fact sheet (PDF, 167KB)
Unit Title body corporates
6. What do I have to do if I have a customer that is a Unit Title body corporate (under the Unit Titles Act 2010)?
As with other types of customers, where a reporting entity has a customer that is a Unit Title body corporate, the reporting entity is required to identify and verify the identity of the body corporate, its beneficial owner(s) and any person acting on behalf of the body corporate (i.e. dealing with the reporting entity).
In most circumstances, it will not be necessary to verify the identity of every unit title owner (unless one of them owns more than 25%). Rather, the beneficial owners are likely to be the natural persons with effective control of the body corporate. A reporting entity must identify and verify the identity of these persons (according to the level of risk involved) so that it is satisfied it knows who they are.
However, if enhanced CDD is triggered in relation to a body corporate, there could be some circumstances, particularly where it relates to an individual transaction, where a reporting entity may need to consider (and identify) an individual Unit Title owner.
C. Risk Assessment
7. Does DIA provide a template that I can use to write my risk assessment?
No. Every reporting entity is different and requires a risk assessment relating to its own ML/FT risks. There is guidance available in relation to risk assessments on the Department’s website: AML/CFT Risk Assessment Guideline (PDF, 153KB)
8. I have obtained a template from an external provider. Can I use this as my risk assessment?
The Department is aware that some external providers offer templates for risk assessments.
A template may assist a reporting entity in structuring a risk assessment. However, it is important to remember that the requirements of section 58 of the AML/CFT Act require a reporting entity to undertake an assessment of the ML/FT risks that it may reasonably expect to face in the course of its business. In turn, this must enable the reporting entity to determine the level of risk involved in relation to its relevant AML/CFT obligations. To do this, a reporting entity must have regard to the various factors set out in section 58(2) of the AML/CFT Act as they apply to that reporting entity’s business.
Generic content relating to the ML/FT risks associated with a sector, without consideration of that reporting entity’s business, will not comply with section 58 of the AML/CFT Act.
D. Customer due diligence (CDD):
Standard CDD
9. What do I need to do for Standard CDD?
When undertaking standard CDD, you must obtain:
(a) the person’s full name; and
(b) the person’s date of birth; and
(c) if the person is not the customer, the person’s relationship to the customer; and
(d) the person’s address or registered office; and
(e) the person’s company identifier or registration number; and
(f) any information prescribed by regulations. You must do this for your customer, any beneficial owner of your customer and any person acting on behalf of your customer.
For your customer, you must then take reasonable steps to verify this information to be satisfied it is correct. You must also, according to the level of risk involved, take reasonable steps to verify the identity of any beneficial owners, and to verify the identity and authority of any person acting on behalf of your customer.
For customers that are natural persons and assessed to be of low or medium risk, please refer to the Amended Identity Verification Code of Practice 2013 (IVCOP) for how to verify identity here: Amended Identity Verification Code of Practice 2013 (PDF, 131KB)
You must also obtain information on the nature and purpose of the proposed business relationship between you and the customer, as well as sufficient information to determine whether the customer should be subject to enhanced customer due diligence. This is an important part of CDD and assists you to assess the level of risk associated with a customer. It is equally important for your ongoing CDD and account monitoring obligations as your business relationship continues (pursuant to section 31 of the AML/CFT Act).
10. What does ‘reasonable steps’ mean when conducting CDD?
It refers to an objective view of what actions are proportionate and suitable given the risks involved and the obligations in the AML/CFT Act.
11: Can we utilise a third-party electronic identity verification service to assist complete our CDD obligations?
Yes. A reporting entity may utilise a third-party provider to assist with conducting CDD. Responsibility for ensuring that the CDD requirements of the Act are met remains with the reporting entity.
Part 3 of the Amended Identity Verification Code of Practice 2013 (IVCOP) provides a suggested best practice for reporting entities conducting name and date of birth identity verification on customers that are assessed as low to medium risk.
When using two reliable and independent electronic sources to conduct election verification under Part 3 of IVCOP, a reporting entity must follow the steps set out in clauses 17 and 18. Further information in relation to the requirements of Part 3 of IVCOP are contained in IVCOP Explanatory Note.
When considering (or selecting) a third-party provider to assist you to conduct electronic verification, we recommend you ask them to set out how they enable compliance with IVCOP, in particular the steps set out in clauses 17 and 18.
Electronic verification may also assist a reporting entity to meet its CDD obligations in relation to a customer’s address. In addition, electronic verification may assist in verifying the biographical information of a high-risk customer, although increased or more sophisticated measures may be required.
Please note that if relying on electronic identity verification as a method of carrying out CDD obligations, this would be well documented in your AML programme and risk assessment.
Verifying a customer’s name and date of birth
12. What is the Amended Identity Verification Code of Practice 2013?
The IVCOP provides suggested best practice for all reporting entities conducting name and date of birth identity verification on customers (that are natural persons) assessed as low to medium risk. IVCOP can be found on the Department’s website: Amended Identity Verification Code of Practice 2013 (PDF, 131KB)
Identification involves obtaining information from the customer about their identity. Verification involves confirming this information using documents, data or information from reliable and independent sources. The IVCOP provides for two ways of conducting identity verification; via documentary verification and via electronic verification (under Parts 1 or 3). Part 2 of the Code provides for the certification of documents. This allows for non-face-to-face documentary verification.
If fully complied with, a code of practice such as IVCOP operates as a ‘safe harbour’ as described in section 67 of the AML/CFT Act.
13. Is it mandatory to comply with IVCOP?
No. Complying with a code of practice such as IVCOP is not mandatory. The AML/CFT regime allows for flexibility and scope for innovation because reporting entities can opt out of a code of practice. However, if fully complied with, a code of practice such as IVCOP operates as a ‘safe harbour’. The legal effect of a code of practice is described in section 67 of the AML/CFT Act.
Please note that if a reporting entity opts out of a code of practice it does not receive the benefit of the safe harbour. In these circumstances, the reporting entity must comply with the relevant statutory obligation by some other equally effective means. In order for this to be a defence to any act or omission by the reporting entity, the reporting entity must have provided written notification to its AML/CFT supervisor that it has opted out of compliance with IVCOP and intends to satisfy its obligations by some other equally effective means.
14. I have an elderly customer with no form of appropriate photographic ID. What should I do?
There are many different types of documents that can be used under the IVCOP. However, there will always be some people that don’t have the required identification documents under Part 1 or Part 2 of IVCOP.
In order to comply with IVCOP, you must have exception handling procedures in place for these customers. Your exception handling procedures may only be used where the person demonstrates that they are unable to comply with Part 1 or Part 2. Please note that it is a business decision as to how you carry out the exception handling procedure.
15. Do I need to certify copies of original identity documents provided for CDD purposes?
No. If you, or your agent, have sighted the original identity documents of your customer, you comply with Part 1 of IVCOP. You should take copies of the documents and note the date on which you sighted them.
In these circumstances, there is no requirement for you to also obtain certified copies of these documents (under Part 2 of IVCOP). Part 2 of IVCOP is for situations where the original identity documents are not available.
16. Is it sufficient that my customer provides me with certified copies of documents (i.e. not originals) for CDD purposes?
Yes, certified copies of identity documents are acceptable under Part 2 of IVCOP. As per above, Part 2 of IVCOP should be used in situations where the original identity documents are not available.
Please refer to IVCOP to determine who is able to certify copies of a document as a trusted referee.
17. How should the trusted referee certify the copy of the identity document?
There is no specified wording in either the IVCOP or in legislation. Part 2 of IVCOP only states that the trusted referee “make a statement to the effect that the documents provided are a true copy and represent the identity of the named individual (link to the presenter)”.
You might find the New Zealand Law Society practice briefing helpful in relation to certification and verification under the AML/CFT Act: Certification and Verification under the AML/CFT Act 2009 (NZ Law Society website).
18. Can I accept a scanned copy of a certified identity document by email for CDD purposes?
The Department considers that receiving the physically certified copy of the identity document is best practice, however this is not explicitly required. Your AML/CFT programme should include your internal procedures, policies and controls for CDD, and include your process for receiving certified documents. While you may choose to accept a scanned copy of a certified document (based on your process outlined in your AML/CFT programme), receiving the physically certified document may provide more assurance to you that it has not been tampered with or falsified prior to it being emailed to you.
Additionally, in some circumstances, if enhanced CDD is required, the level of risk may require additional steps to verify the information such as the original certified copies being received by the reporting entity.
19. Do I need to conduct Politically Exposed Person (PEP) checks on every customer?
Yes. You are required, under section 26(1) of the AML/CFT Act, to take “reasonable steps” to determine whether your customer or any beneficial owner is a PEP. This is required as soon as is practicable after you have established a business relationship or undertaken an occasional transaction.
This should be done on in line with a risk-based approach and does not require you to undertake extensive checking of every customer – a simple open source internet search may be enough for lower-risk customers. Bear in mind that “reasonable steps” does not mean “no steps”, even New Zealand Citizens and Passport holders may, for example, have familial links or associations that make them a PEP.
Address verification
20. How do I verify the address of a customer?
Unlike for the name and date of birth of a customer, there is no code of practice for verifying the address of a customer. This gives you some flexibility in the approach you take. For example, you may use hardcopies or electronic copies of bills/statement to verify address, provided you are satisfied the copy is genuine. You must verify the address of the customer for where they currently reside, whether this is in NZ or overseas. If your customer is an entity that does not have an address, such as some trusts, you should obtain the address of the person acting on behalf of the trust.
Pursuant to section 16(1)(a) of the AML/CFT Act, you must take reasonable steps to ensure the address information obtained is correct. When doing this, you must use documents, data or information from a reliable and independent source as required by section 13(a) of the Act.
Ultimately, it is a business decision in relation to how your firm chooses to verify an address, and this should be explained in your AML/CFT programme.
Existing customers/clients
21. Who is an existing customer?
An existing customer is someone who was in a business relationship with your reporting entity immediately before the AML/CFT Act began applying to the reporting entity.
22. When do I need to conduct CDD on existing customers?
The AML/CFT Act requires you to conduct CDD on an existing customer if there has been a “material change” in the nature or purpose of the business relationship, and you determine that you have “insufficient information” about that customer. The Department considers that “insufficient information” means that CDD has not been conducted to the level required by the AML/CFT Act.
You must also conduct ongoing CDD on an existing customer. This requires you to ensure that the business relationship, including the activities and transactions within it, are consistent with your knowledge about the customer, their business and risk profile. When doing this, you must regularly review any information you hold about the existing customer.
The requirement to conduct ongoing CDD and account monitoring on an existing customer may require you to update your CDD records even in the absence of a “material change” in the business relationship.
23. Can you define ‘material change’?
‘Material change’ is not defined in the AML/CFT Act. However, the supervisors’ AML/CFT Programme Guidance adopts a working definition of “an event, activity or situation that you identify that could change the level of ML/TF risk you may encounter”: AML/CFT Programme Guideline (PDF, 648KB)*
Enhanced customer due diligence (Enhanced CDD)
Wire transfers and Prescribed Transaction Reporting requirements (for international wire transfers):
24. I am confused about the EDD requirements for wire transfers, what are they?
The Enhanced CDD requirements for wire transfers are contained in sections 22(3), 27-28 of the AML/CFT Act.
The Enhanced CDD wire transfer provisions are applied and relate specifically to the information that must accompany a transfer of funds by electronic means. Wire transfers present a high risk of money laundering which is why these additional Enhanced CDD requirements exist.
The Enhanced CDD wire transfer provisions are dependent on whether the reporting entity is an Ordering, Intermediary or Beneficiary Institution in relation to each transaction it is involved in (that meets the definition of wire transfer). These terms are defined in section 5 of the AML/CFT Act (and see response to question 67 below).
The relevant obligations differ depending on whether a wire transfer is domestic or international.
In summary, an Ordering Institution of a wire transfer must identify and verify the identity of the originator of a wire transfer. Relevant information (which differs depending whether it is a domestic or international wire transfer) must be transmitted to the next reporting entity in the chain, and in turn, through to the Beneficiary Institution. The Beneficiary Institution therefore has visibility of who is sending money to its client. If a Beneficiary Institution does not receive the required information with a wire transfer, it is required to use appropriate risk-based procedures for handling its receipt of those funds and consider whether the wire transfer constitutes a suspicious activity. Further information is available in the Wire Transfer Guidance (PDF, 153KB).
Where a wire transfer is an international wire transfer of $1,000 or more, there is also the requirement that an Ordering and Beneficiary Institution submit an international wire transfer prescribed transaction report (IFT-PTR) to the New Zealand Police Financial Intelligence Unit (FIU).
As of July 31 2023, regulation 15A of the Anti-Money Laundering and Countering Financing of Terrorism (Definitions) Regulations 2011 exempts all designated non-financial businesses or professions (DNFBPs) that make or receive wire transfers from or into their trust account from being an ordering, an intermediary, or a beneficiary institution in relation to both domestic and international wire transfers. This does not exempt a DNFBP from its obligation to submit an IFT-PTR in relation to wire transfers of $1,000 or more from or into its trust account. For further information, please refer to our guidance: Guidance-for-DNFBPs-wire-transfers-and-prescribed-transaction-reporting.
For the application of the wire transfer and IFT-PTR provisions to money remitters that utilise an informal or hawala system of money transfer, please refer to the Department’s information sheet on this subject
Enhanced CDD - Source of wealth or source of funds
25. What is the difference between the EDD wire transfer provisions and the other EDD circumstances where I have to verify the source of the funds or the wealth of the customer?
We understand that the use of the term Enhanced CDD for two different sets of requirements can cause confusion.
As outlined above, the Enhanced CDD wire transfer provisions apply to transfers of funds by electronic means (as set out in sections 22(3) and 26-27 of the AML/CFT Act).
The Enhanced CDD requirements to identify and verify the source of the funds or the wealth of the customer are wider. These requirements apply to certain high risk customers, certain transactions and activities, or politically exposed persons (as set out in other parts of section 22 and sections 23-26 of the AML/CFT Act). In these circumstances, a reporting entity is required to examine the legitimacy (or potential illegitimacy) of the source of the customer’s wealth or funds. In many situations, this may extend far beyond the originator of any particular wire transfer.
Further information is available in the Enhanced CDD Guidance here (updated April 2024):
- Enhanced Customer Due Diligence Guideline (PDF, 348KB)*
26. What is the difference between a customer’s source of wealth and their source of funds?
Your customer's source of wealth (SoW) is the origin of their entire body of assets. This information gives an indication of the amount of wealth your customer would be expected to have and a picture of how they acquired it.
Your customer's source of funds (SoF) is more narrowly focused. It is the origin of the funds used for the transactions or activities that occur within the business relationship with you.
27. When do I have to examine a customer’s source of wealth versus their source of funds?
It is for you to determine when to examine your customer's SoW, when to examine their SoF, or when to examine both.
However, it is important to remember that your customer's SoW and SoF are not mutually exclusive. A situation where an individual transaction is disproportionately large compared to your knowledge of a customer's wealth, should trigger a more detailed examination of the SoF of that particular transaction.
28. How far do you have to verify the customer’s source of wealth or funds?
How far you identify and verify the customer’s source of wealth (SoW) or funds (SoF) must be according to the level of risk involved. The AML/CFT Act requires you to take reasonable steps, according to the level of risk involved, to verify the SoW of SoF using reliable and independent sources.
Where you identify that the origin of your customer’s funds or wealth has come from their beneficial owner(s), it may be necessary, according to the level of risk involved, for you to extend your level of verification to include the SoW or SoF of these persons. However, you do not ordinarily need to obtain and verify SoW and SoF for every beneficial owner where they have nothing to do with the “customer’s” SoW or SoF. There is further information on this topic in the Enhanced CDD Guideline here:
- Enhanced Customer Due Diligence Guideline (PDF, 348KB)*
29. When conducting EDD on a trust, when do I have to verify the identities of the beneficiaries?
You will need to verify the identity of a beneficiary of a trust when they are a natural person and a beneficial owner of the trust. A beneficiary will meet the definition of beneficial owner of a trust when they have a vested interest of more than 25% in the trust property. Further information is available in the Trusts as a customer (PDF, 258KB)
For example, if a family trust is set up for the equal benefit of three beneficiaries, each of those beneficiaries will have a 33.33% interest in the trust property, so all three beneficiaries will be beneficial owners.
In other circumstances, such as where a beneficiary has an interest of 25% or less in the trust property, a beneficiary of a trust may not be a beneficial owner (please refer to question 30 and 31 below).
30. What about Enhanced CDD when a beneficiary is not a beneficial owner? Or for charitable trusts, discretionary trusts or any type of trust that has multiple beneficiaries?
Section 23 of the AML/CFT Act specifies the Enhanced CDD requirements in relation to beneficiaries of trusts.
Where a beneficiary is a natural person, but not a beneficial owner, you are only required to obtain the beneficiary’s name and date of birth. You do not have to verify this information. As clarified in the Trusts as a customer (PDF, 258KB), this arises if a beneficiary has an interest of 25% or less in the trust property and does not have effective control of the trust.
Where your customer is a discretionary trust, a charitable trust, or any type of trust that has more than ten beneficiaries, section 23(2)(b) of the AML/CFT Act allows you to relax this requirement further. In such cases you are only required to obtain:
- a description of each class or type of beneficiary; and
- in the case of a charitable trust, the objects of the trust.
31. What other natural persons associated to a trust do I need to identify and verify?
As with any type of customer, the identity information of all beneficial owners must be obtained and verified.
For a trust, the beneficial owners will be:
- beneficiaries that have more than 25% interest in the trust property
- the trustees
- any individual who has effective control over the trust or specific trust property
- any person that has the power to amend the trust’s deeds, or remove or appoint trustees. This might include a protector or special trustee (if there are any).
You will also need to identify and verify the identity of any other person who has authority to act on behalf of the trust.
In relation to the SoW and SoF of a trust, you will need to examine the identity of the individuals who are the settlor(s), and the origin of their wealth or funds.
For further guidance, please refer to the following links:
- Customer Due Diligence – Trusts (PDF, 214KB)
- Beneficial ownership - updated April 2024 (PDF, 523KB)
- Trusts as a customer (PDF, 258KB)
- Enhanced Customer Due Diligence Guideline - updated April 2024 (PDF, 348KB)*
32. How can I determine whether a country does not have sufficient AML/CFT systems in place? Or whether it is otherwise of high risk?
There is no definitive list of countries that do not have sufficient AML/CFT systems and measures in place or are otherwise high risk. However, effective 31 July 2023, a country that has insufficient AML/CFT systems or measures in place includes a country as identified by the Financial Action Task Force as being a high-risk jurisdiction subject to a call for action, also known as the ‘blacklist’.
Reporting entities will therefore need to consider a range of factors when determining the level of risk associated with a particular country. These include whether a country is:
- Subject to international sanctions, embargos or other measures?
- Identified by the Financial Action Task Force (FATF) as a high risk or monitored jurisdiction?
- Recognised as having supporters of terrorism or financing terrorism?
- Considered to have problems with corruption?
- Known as a tax haven?
- Associated with production and/or transnational shipment of illicit drugs?
You can find the list of FATF high risk or monitored jurisdictions on the FATF website.
Reporting entities supervised by the Department can refer to the Assessing Country Risk document for further information.
You may also find page 11 of the Prompts and Notes guidance provided by the Department (PDF, 847KB) useful when assessing country risk.
Additional resources you might find useful are:
E. Large Cash Transaction - Prescribed transaction reports
33. When do I have to submit a large cash transaction prescribed transaction report (LCT-PTR)?
A LCT-PTR must be submitted for any cash transaction of $10,000 or more involving physical currency (i.e. actual coin or printed money). A LCT-PTR must be submitted to the Police FIU using the goAML system.
Further information in relation to both large cash (and international wire transfer PTRs) is available on the New Zealand Police Financial Intelligence Unit’s website.
34. Do I have to submit a large cash transaction PTR if my customer goes to my bank and pays the cash into my account?
No. In this situation, you (as a reporting entity) are not handling the cash. Your bank will be submitting a LCT-PTR.
However, that a cash deposit has been paid into your bank account may still be relevant to your wider AML/CFT programme, in particular, for your account monitoring obligations for this customer under section 31 of the AML/CFT Act.
F. Suspicious activity reporting:
35. How do I register for goAML?
Please refer to the New Zealand Police Financial Intelligence Unit’s website to register for goAML.
36. If I am submitting a suspicious activity report (SAR) but a related transaction also requires a prescribed transaction report (PTR) (whether an LCT-PTR or an IFT-PTR), do I need to submit the PTR as well?
Yes. The fact that a SAR has been submitted does not negate the need to also submit a PTR if required to do so. PTRs and SARs complement other types of reports and information held by the FIU and are used in different ways.
37. Can you provide further information in relation to what constitutes suspicious activity and when I need to submit a SAR?
The New Zealand Police Financial Intelligence Unit has provided a useful guideline on money laundering, terrorist financing and the SAR provisions of the AML/CFT Act (Police website PDF, 732KB)
38. My reporting entity filed a suspicious activity report (SAR) about one of our customers and as a result the Police investigated and the person was charged with a crime. Will the person find out that we submitted an SAR about them?
No. SAR confidentiality is treated very seriously by the Police, and the AML/CFT Act prescribes penalties for disclosure of information relating to SARs.
39. Is it a breach of the Privacy Act if I file an SAR in relation to a person and disclose their personal information? Can there be any adverse legal implication for me?
No. The requirements to submit an SAR override any obligations you have under the Privacy Act. Where you have submitted a SAR in good faith and in accordance with your obligations under the AML/CFT Act, no civil, criminal or disciplinary proceedings may be taken against you.
40. Is there a reporting threshold for SARs?
There is no value threshold for reporting suspicious activity. Any activity that you consider to be suspicious (as per the criteria in s39A of the AML/CFT Act) must be reported to the FIU as a SAR.
G. Staff vetting:
41. What staff do I need to vet? How do I go about this?
Section 57 of the AML/CFT Act states that adequate and effective procedures, policies, and controls for vetting staff (as below) must be included in your AML/CFT programme:
i. senior managers;
ii. the AML/CFT compliance officer; and
iii. any other employee that is engaged in AML/CFT related duties. Guidance on creating procedures, policies and controls, as part of your compliance programme, regarding compliance officer and employee vetting can be found in the Prompts and Notes for DIA reporting entities document on page 15 (PDF, 847KB)
How your business decides to vet its staff is a business decision. You may wish to consider the following:
- how vetting is differentiated for senior managers, compliance officers and customer facing roles;
- how vetting is applied when people change roles;
- adding a reference check from a past employer;
- how vetting is applied for temporary staff; and
- event triggered vetting (e.g. adverse media about a staff member, a suspicious activity report (SAR) is made in relation to an employee, or an employee fails to submit an SAR where one would have been expected).
H. Audits
42. when do I need to have my audit completed?
As of 9 July 2021, new regulations have come into force to amend the default audit timeframe from two years to three years. Your next audit is due within three years of your last audit report.
As a general rule, if your business was carrying out activities captured by the Act/Regulations on or prior to 30 June 2013, your first independent audit was required by 29 June 2015. Your second independent audit was then required within two years from the first audit.
For DNFBPs who were in business prior to this, the date is determined by the date your activities began to be captured by the Act - for example, as 1 July 2018 was the capture for Lawyers, their first audit was due by 30 June 2020.
For any business that did not begin carrying out activities captured by the AML/CFT Act until after their relevant capture date, your independent audit due date is determined by the relevant anniversary of your commencement of the relevant activity - i.e. If you commenced activites on 1 July 2020, your due date will be 30 June 2023.
Three years is the default timeframe only – The Department will notify you if your audit is required more or less frequently than the default timeframe, or at any other time when requested under section 59(2) of the AML/CFT Act.
43. Does the Department have a list of recommended auditors?
No. The Department does not have a list of recommended auditors.
The AML/CFT Act requires the auditor to be suitably qualified. Ideally the auditor should understand your industry, and have audit experience. It is imperative you are comfortable with the auditor you appoint as we may request that you provide evidence to demonstrate to us how your auditor is appropriately qualified.
Furthermore, the AML/CFT Act states that the person who conducts the audit must be independent, and not involved in the development of your risk assessment, or the establishment, implementation or maintenance of your AML/CFT programme.
It is a business decision for you to determine who is considered independent and has the appropriate qualifications to conduct your audit.
44. What is the difference between our own review, an independent audit, and desk-based/onsite reviews (by the Department of Internal Affairs) of my risk assessment and AML/CFT programme?
- Your own (internal) review is a process that you carry out to ensure that your risk assessment and AML/CFT programme are up to date and to help you identify and remedy any areas of deficiency.
- The independent audit is a systematic check of your risk assessment and AML/CFT programme, and the application of said programme. The audit will assess whether your AML/CFT programme is functioning in practice as intended, and whether the policies, procedures and controls are based on the risk assessment and have been adequately designed and operated effectively throughout the given period;
- A desk-based review by the Department is to ensure that you have produced both a risk assessment and AML/CFT programme that technically meet the requirements of the AML/CFT Act.
- An on-site review by the Department will test that your programme is being effectively implemented within your business' operations. An onsite review will always be conducted alongside the functions of a desk-based review.
Also, please note that receiving a desk-based or onsite review from the Department is not considered a substitute, and therefore does not meet your obligations, for conducting an independent audit or internal review.
45. What does an independent audit involve?
The AML/CFT Act requires that:
- An independent audit must be conducted every 3 years (or earlier if required by your supervisor).
- The auditor must be independent and appropriately qualified to conduct the audit. This does not necessarily mean the person has to be a chartered accountant or qualified to undertake financial audits.
- The auditor must not have been involved in the establishment, implementation or maintenance of the reporting entity’s AML/CFT programme; or the undertaking of the reporting entity’s risk assessment.
- An AML/CFT audit does not have to meet auditing and assurance standards set by the External Reporting Board (XRB).
Your independent audit is a systematic check of your risk assessment and programme by an independent and suitably qualified person. It should advise whether:
- you meet the minimum requirements for your risk assessment and programme;
- your programme was adequate and effective throughout the specified period; and
- whether any changes are required.
I. Annual AML/CFT Report:
46. Where can I find the format of the Annual Report?
The format for the AML/CFT report by designated non-financial businesses and professions can be found in schedule 2A of the Anti-Money Laundering and Countering Financing of Terrorism (Requirements and Compliance) Regulations 2011.
Please also refer to the Annual AML/CFT Report by Designated Non-Financial Businesses and Professions user guide.
The format for the AML/CFT report by financial institutions and casinos can be found in Schedule 2 of the Anti-Money Laundering and Countering Financing of Terrorism (Requirements and Compliance) Regulations 2011
Please refer to the Annual AML/CFT Report for Financial Institutions and Casinos user guide.
J. For Law Firms and Accountants
These sections apply to law firms and accountants and are not directly applicable to other types of reporting entities:
Designated non-financial business or profession (DNFBP) Activity (a)(ii) - Acting as, or arranging for a person to act as, a nominee director or nominee shareholder or trustee in relation to legal persons or legal arrangements
47. I form trusts. I also act as a trustee for trusts, sometimes using corporate trustee companies and sometimes my partners individually act as a trustee. Who is the reporting entity under the AML/CFT Act?
A person is a reporting entity (and DNFBP) under the AML/CFT Act if they, in the ordinary course of business, form trusts or other legal arrangements (DNFBP activity (a)(i)). Persons are also DNFBPs when, in the ordinary course of business, they act as trustees, and/or arrange for persons to act as a trustee in relation to legal persons or arrangements (DNFBP activity (a)(ii)).
That means a person, whether a natural person or a legal person (such as a corporate trustee), is captured as a reporting entity under the AML/CFT Act if they perform one of the above-mentioned activities in the ordinary course of business for a legal person or legal arrangement. However, effective 31 July 2023, there is now an exemption in place when a DNFBP delivers its trust related services through a corporate trustee. This means a corporate trustee is no longer a reporting entity, subject to certain conditions being met:
- The corporate trustee is a subsidiary of, controlled by, and delivers services on behalf of a parent DNFBP that is a reporting entity in New Zealand; and
- The parent DNFBP has established, and implements and maintains, an AML/CFT programme for the trustee services provided by the corporate trustee.
For further information, please refer to: New regulations for DNFBPs providing trust and company services.pdf (dia.govt.nz)
Please also note that if you are a trustee in your personal capacity (as opposed to professional capacity for your law firm or accounting practice) this is not captured by the AML/CFT Act as it is not “in the ordinary course of business”. For example, you will not be a reporting entity solely because you are a trustee in your personal capacity, without remuneration, for a registered charitable trust in your local community or for a friend or relative’s family trust.
48. I form companies and other legal persons. I also act as nominee shareholder or nominee director for companies, sometimes using holding companies and sometimes my partners individually as a director. Who is the reporting entity under the AML/CFT Act?
For DNFBP activity (a)(ii), a person is captured as a reporting entity (and DNFBP) under the AML/CFT Act when they, in the ordinary course of business, arrange for a person to act as a nominee director or nominee shareholder for a legal person. A person is also captured as a DNFBP when, in the ordinary course of business, they act as a nominee director or nominee shareholder for a legal person.
Alongside the exemption for corporate trustees (in question 47 above), there is now an exemption in place effective 31 July 2023 when a DNFBP delivers its company services through a nominee company. This means a nominee company is no longer a reporting entity, subject to certain conditions being met:
- The nominee company is a subsidiary of, controlled by, and delivers services on behalf of a parent DNFBP that is a reporting entity in New Zealand; and
- The parent DNFBP has established, and implements and maintains, an AML/CFT programme for the nominee services provided by the nominee company.
For further information, please refer to: New regulations for DNFBPs providing trust and company services.pdf (dia.govt.nz)
DNFPB Activity a(iii) – providing a registered office or a business address, a correspondence address, or an administrative address for a company, or a partnership, or for any other legal person or arrangement, unless the office or address is provided solely as an ancillary service to the provision of other services.
49. When am I providing a registered office or a business, correspondence or administrative address (“registered office/correspondence address”) solely as an ancillary service to other non-captured services?
If you provide a registered office/correspondence address to a client solely in support of other services that not captured by the AML/CFT Act, then this activity is solely ancillary. Therefore, you will not have obligations under the AML/CFT Act in relation to that client.
However, in any circumstances where a registered office/correspondence address is provided as a standalone service, this will be captured by the AML/CFT Act. Similarly, if a registered office/correspondence address is provided alongside other captured services, this will ordinarily be caught by the AML/CFT Act.
The Department has released a fact sheet for the accounting sector in relation to the provision of a registered office/correspondence address service:
Fact sheet: provision of a registered office/correspondence address service (PDF, 980KB)
50. Is the provision of a registered office/correspondence address captured by the AML/CFT Act if I provide the service to a sole trader?
No. Providing registered office/correspondence address is only captured by the AML/CFT Act where the service is provided to a legal person (e.g. a company) or legal arrangement (e.g. a trust).
It does not apply where the registered office/correspondence address service is provided to a natural person (including a person operating a business as a sole trader).
DNFBP Activity (a)(iv) - Managing client funds (other than sums paid as fees for professional services), accounts, securities, or other assets
51. What constitutes ‘managing client funds’?
One of the activities that capture a law firm or accounting practice as a reporting entity under the AML/CFT Act is “managing client funds, accounts, securities, or other assets”. This does not include sums paid as fees for professional services.
The Department’s view is that, with the exception of payments for your professional fees, any instance where you receive or hold client funds and control the payment of those funds will be captured as ‘managing client funds’.
The key determining factor is whether you have control over the flow of funds – if you do have control, your activity is captured. This is likely to include all circumstances where you hold funds for a client in your trust account or where you have authority over a client’s bank account(s). This may also include other circumstances, for example, if you have control and direct the flow or transfer of funds for your client.
Note that receiving sums paid to you for your fees for professional services, including as a retainer in advance, is not ‘managing client funds’. Accordingly, this is not a captured activity under the AML/CFT Act.
52. What obligations do I have in terms of CDD on non-clients using my trust accounts?
DIA holds the view that lawyers and accountants are required to meet the usual CDD requirements and other obligations under the AML/CFT Act in relation to their own clients. They do not however have to conduct CDD on non-clients using their trust accounts in most circumstances (please refer to paras [23] to [28] of our guidance for further information).
In the absence of a direct CDD obligation in relation to a non-client, lawyers and accountants will still be required to meet all broader obligations under the AML/CFT Act, these include:
- Account monitoring obligations in relation to funds received into a trust account from parties other than (but ultimately for) their client.
- Enhanced CDD is required on those funds from the non-client if required – due to the level of risk and/or SAR reporting (e.g. s22(1)(c), (d) or s22A(1) of the Act).
Disbursements
53. Is receiving funds for disbursements considered to be ‘managing client funds’?
Whether receiving funds from clients for disbursements is captured under the AML/CFT Act depends very much on the context.
In summary, where you receive funds in advance to be used for anticipated disbursements (not including fees for your own professional services) this will be ‘managing client funds’. However, if you pay a disbursement on behalf of your client before they have paid you, then you are not managing your client’s funds. Rather, you are paying with your own funds. If you then invoice the client and they reimburse you, this is repaying a debt owed to you.
As at 9 July 2021, some low-risk disbursements will be exempt from all provisions of the AML/CFT Act when funds are received from clients to pay certain types of low-risk payments, such as to government departments, some professional services (on behalf of the reporting entity client), and some payments within NZ of less than $1000.
This is prescribed under section 24AB of the AML/CFT (Exemptions) Regulations 2011 as payments to one of the following:
a) A government department named in Part 1 of Schedule 2 of the Public Services Act 2020
b) A local authority, as defined in section 5(1) of the Local Government Act 2002
c) The New Zealand Police
d) A barrister, as defined in section 6 of the Lawyers and Conveyancers Act 2006
e) Any other person who carries out business within New Zealand that relates solely to business carried out within New Zealand if
i) The payment is wholly ancillary to the provision of a service that is not a relevant service by the designated non-financial business or profession; or
ii) The total value of the transaction or series of related transactions is below $1,000.
Tax transfers, payments and credits with IRD
54. I provide tax accounting services. Is managing a customer’s tax transfers, payments and credits with the IRD considered ‘managing client funds’?
As stated in response to question 51 above, the Department’s view is that you are ‘managing client funds’ in various circumstances where you have control the flow of funds for your client. This includes circumstances where you are involved in transferring funds on behalf of your customer within the IRD system. However, note that there is a partial exemption (other than suspicious activity reporting and enhanced CDD in some circumstances) from the AML/CFT Act for most, but not all, types of tax transfer. For further information refer to our guidance: Tax-Transfers-Class-Exemption-Guidance.
Bookkeeping services
55. I provide a bookkeeping service. Sometimes I am involved in authorising or processing payments for expenses on behalf of my customer. Is this considered ‘managing client funds’?
As with involvement in tax transfers, payments or refunds, the Department’s view is that bookkeepers may be ‘managing client funds’ where they are authorising and processing transactions on behalf of their client. The key determining factor will be whether the bookkeeper has control over the flow of funds.
This is likely to include circumstances where bookkeepers:
- Have authority over a client’s bank account and make payments from that account on behalf of a client, for example payroll or other business expenses.
- Handle and bank cash takings belonging to a client.
Please also note that another captured activity that may apply to bookkeepers involved in authorising or processing financial transactions is DNFBP activity (a)(vi)(E). Please refer to question 62 below.
The Department has released an explanatory note relating to involvement in authorising or processing financial transactions when providing a bookkeeping service here:
AML/CFT Explanatory Note: Involvement of bookkeepers in financial transactions (PDF, 970KB)
DNFBP Activity (a)(vi)(E) - Engaging in or giving instructions on behalf of customer to another person (“engaging in or giving instructions”) for a transaction in relation to creating, operating, and managing a legal person (for example, a company) and any other legal arrangement
56. In what circumstances am I engaging in or giving instructions for a transaction in relation to creating, operating, and managing a legal person or arrangement?
Creating, operating or managing a legal person or arrangement covers a potentially wide range of circumstances.
For AML/CFT Act purposes, a “transaction” is a financial transaction. It is also important to note that this activity is only covered by the AML/CFT Act where the transaction(s) relates to a legal person (for example, a company) or a legal arrangement (for example, a trust). It does not apply if you are engaging in or giving instructions in relation to financial transactions for a person operating as a sole trader (i.e. a natural person).
Transaction is defined in section 5 of the AML/CFT Act and means any deposit, withdrawal, exchange or transfer of funds whether (i) in cash; (ii) by cheque, payment order or other instrument; or (iii) by electronic or other non-physical means. There are some inclusions and exclusions specified in the definition. Please refer to section 5 of the AML/CFT Act here:
Section 5 - Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (Legislation website)
57. Why is engaging in or giving instructions (in addition to managing client funds) only captured for transactions relating to a legal person or arrangement?
Legal persons and arrangements may be misused by criminals to conceal beneficial ownership and the natural persons on whose behalf a financial transaction is conducted. Capturing ‘engaging in or giving instructions’ only for legal persons or legal arrangements (but not natural persons) reflects this ML/TF risk.
58. Is advising Inland Revenue of a change of bank account number considered ‘engaging in or giving instructions’?
No. This would be classified as an administrative activity rather than engaging in or giving instructions for a “transaction” relating to operating or managing a legal person or legal arrangement.
Other questions relating to captured activities
59: Does a reporting entity have to undertake CDD when dealing with a registered bank that it had a business relationship with prior to the AML/CFT Act taking effect? If so, what level of CDD is required?
DIA holds the view that the “existing customer” provisions as defined in the Act are relevant to this situation. This is despite a registered bank ordinarily being a type of customer that may be eligible for simplified CDD (section 18 (2)(n) of the Act).
An existing customer means a person who was in a business relationship with the reporting entity immediately before the date of capture by the Act. A reporting entity is not required to conduct CDD on an existing customer unless there has been a material change in the nature or purpose of the business relationship and it holds insufficient information about that customer (section 14(1)(c) of the Act). This means in relation to a registered bank that is an existing customer, in most cases, a reporting entity does not need to conduct any further CDD on the registered bank or on a person acting on its behalf.
Example: On 1 July 2018 (Capture date for Lawyers under the Act), a lawyer acts for New Zealand registered ‘Bank A’ on registration of a mortgage on a property that is being purchased. If the lawyer has not acted for Bank A in this capacity previously, the law firm may conduct simplified CDD on Bank A. However, if the law firm has an existing relationship with Bank A prior to 1 July 2018, Bank A is an existing customer. Unless there is a material change in the nature or purpose of the services provided and insufficient information about Bank A, the law firm is unlikely to need to conduct any additional CDD.
Please note that for any new business relationship with a registered bank, a reporting entity may conduct simplified CDD in accordance with section 18-20 of the Act. This means in relation to a registered bank, the reporting entity may conduct simplified CDD on the bank and the person acting on its behalf. As with most aspects of the AML/CFT Act, a reporting entities' compliance measures should apply a risk-based approach.
60: I’ve received funds through the banking system for my customer. The bank would have monitored these funds for AML/CFT purposes. Can I therefore be confident that the funds are legitimate?
No. You must apply your AML/CFT obligations independently to those that the bank applies. Your visibility and understanding of your customer’s transactions and activities is different to that of a bank. Often, you have a more detailed knowledge of the specific reasons that a particular transaction or activity is being undertaken. The visibility that you have over your customer’s activities and transactions is an important opportunity to detect money laundering or terrorism financing.
61: I am only providing advice to a client in relation to a transaction or activity that would be captured by the AML/CFT Act; will I need to conduct CDD?
There will be circumstances where you give advice in relation to a captured activity (without necessarily then carrying out the activity).
In most circumstances, this will not be caught by the AML/CFT Act. As a result, you are not required to conduct CDD prior to giving the advice.
However, if your provision of advice transitions to an instruction to undertake a captured activity, you are required to comply with the AML/CFT Act. Effective 31 July 2023, you are able to undertake verification of a customer’s identity after being engaged to provide the captured activity, subject to three conditions:
- it is essential not to interrupt normal business practice; and
- money laundering and financing of terrorism risks are effectively managed through appropriate risk management procedures; and
- verification of identity is completed as soon as is practicable after the designated non-financial business or profession is engaged to provide the relevant service.
Law firms will also need to be aware of their obligations to report suspicious activities, which can include requests for or enquiries about particular services that law firms offer (regardless of whether they ultimately provide those services).
62. I undertake activities that are captured by the AML/CFT Act but the risk of ML/TF seems very low. Why are these activities caught by the AML/CFT Act?
Capture under the AML/CFT Act is based on activity (rather than the level of ML/TF risk). This is because, increasingly, legitimate businesses in industries perceived as low risk are used as intermediaries in the various phases of money laundering. Low risk businesses may be seen as attractive for illicit activity due to the perception of lesser AML/CFT awareness and fewer controls in place. It is important that you assess the ML/TF risk your business faces, and then apply suitable and proportionate measures to mitigate the risks identified.
However, there are provisions in the AML/CFT Act that allow you to apply for a ministerial exemption from some or all of your AML/CFT obligations, under certain circumstances. The exemptions process is administered by the Ministry of Justice. The criteria that the Minister of Justice must have regard to when making their decision is outlined under section 157 of the AML/CFT Act. This includes, but is not limited to the risk of money laundering and financing of terrorism associated with the reporting entity. Please note that the exemptions process is thorough and you will need to consider all the factors outlined under section 157 of the AML/CFT Act. The Ministry of Justice may also require additional information from you to inform its analysis on your application. Further information on ministerial exemptions can be found on the Ministry of Justice’s website here:
AML/CFT information for businesses - ministerial exemptions (Ministry of Justice website)
63. I am appointed as a liquidator. Who is my customer and what are my CDD obligations?
Effective 31 July 2023, various Regulations clarify the application of the AML/CFT Act for liquidators.
For both court-appointed and non-court-appointed liquidations, the company or limited partnership in liquidation is now prescribed as your customer. (Regulation 5C AML/CFT (Definitions) Regulations 2011).
For both types of liquidation, there are also exemptions from some CDD obligations. These differ depending on whether the liquidation is court-appointed or non-court appointed.
For court-appointed liquidations – the exemption applies to standard customer due diligence (sections 14-17 of the AML/CFT Act), enhanced CDD (sections 22(1)(a-c), 22(2-6), and 22A), identity and verification of identity requirements in relation to wire transfers (section 27 and 28), ongoing CDD and account monitoring (section 31), and prohibitions if customer due diligence not conducted (section 37). (Regulation 24AA AML/CFT (Exemptions) Regulations 2011).
For non-court-appointed liquidations – the exemption is narrower. It only applies to enhanced CDD (sections 22(1)(a-c), 22(2-6), and 22A), identity and verification of identity requirements in relation to wire transfers (section 27 and 28), ongoing CDD and account monitoring (section 31), and the prohibition on having to terminate the business relationship if customer due diligence is not conducted (section 37(b)). (Regulation 24AA AML/CFT (Exemptions) Regulations 2011).
Additionally, for both types of liquidation:
- If the liquidator provides an international wire transfer related to the liquidation, an IFT-PTR must be submitted to the FIU:
- If the liquidator disburses funds to a beneficial owner of the customer that has not already been subject to CDD, the identity of this person must be verified.
64. Can a law firm or accounting firm continue acting for a client after submitting a SAR in respect of them or should they cease the business relationship?
This is a business decision for you to make depending on the circumstances. For law firms, the New Zealand Law Society’s website also contains information on this issue.
65. Is commercial leasing captured by the AML/CFT Act?
Yes. Commercial leasing is recognised as an area of ML/TF risk, and is therefore captured. Persons engaged in work to negotiate and transact a commercial lease are providing real estate work. These persons are subject to the full range of AML/CFT obligations as a reporting entity under the AML/CFT Act.
There are a few key differences for commercial leasing transactions compared to other real estate agency work regarding the timing of CDD. In normal circumstances, CDD must be conducted:
• once there is a fully signed agency agreement and before carrying out further real estate agency work for the customer.
However, for commercial leasing transactions, CDD is required:
• before the real estate agent presents a lease agreement to the landlord:
• in relation to assignment to lease transactions, before the real estate agent presents an assignment of lease to the assignee:
• in relation to a sublease transaction, before the real estate agent presents a sublease agreement to the outgoing tenant:
The different timings of CDD recognise that for commercial leasing, multiple agents may advertise a premise, but not all will present an offer to lease or sublease from a prospective commercial tenant. Requiring CDD to be conducted before the offer to lease or sublease is presented ensures that ML/TF risk is mitigated before a transaction can be completed.
66. If we have an agency agreement with a vendor and are holding an auction of their property, do we have to conduct CDD on the bidders?
No. The vendor is your client and your CDD obligations relates to them. The exception to this is if the successful bidder pays you by cash or cheque (or some other bearer negotiable instrument) of $10,000 or more. You then have an obligation to conduct CDD on this person.
If the payment is made in physical cash (i.e. coins or notes) there is also a requirement to submit a Large Cash Transaction PTR. For further information relation to Large Cash Transaction PTRs, please refer to questions 33 and 34 above.
67. In a scenario when you receive a deposit from a person from their overseas bank account paying a deposit into your trust account for a real estate purchase, does a PTR need to be submitted?
Yes. Please refer to our Guidance-for-DNFBPs-wire-transfers-and-prescribed-transaction-reporting.
68. Can a real estate agent rely on a third party to complete CDD on its behalf?
In some specific circumstances, reporting entities can rely on others to conduct CDD if the other party is either:
a) A member of the same Designated Business Group (DBG)
b) Another reporting entity in New Zealand (e.g. a law firm that provides relevant services covered in the AML/CFT Act) or a person in another country that has sufficient AML/CFT systems and measures in place and who is regulated for AML/CFT purposes
c) An agent.
Please note for (b) above, if you are relying on another reporting entity in New Zealand or equivalent in an overseas jurisdiction, they must:
- Have a business relationship with the customer concerned; and
- Have conducted CDD to at least the standard required by the AML/CFT Act and regulations:provided you with the relevant identity information before you have established a business relationship or conducted an occasional transaction or activity; and
- Can provide relevant verification information on request as soon as practicable but within five working days; and
- Have consented to conducting the CDD and providing all relevant CDD information to you.
If you do rely on a member of your DBG, another reporting entity in New Zealand or equivalent overseas, or agent, you will be responsible for ensuring the CDD is conducted in accordance with the requirements of AML/CFT Act and applicable regulations
69: I am a real estate agent that has signed an agency agreement to act for a landlord to list and sign up a tenant for a commercial property. Do I have to conduct CDD on the landlord, the tenant, or both?
In a situation where a real estate agent’s client (as defined in section 4(1) of the Real Estate Agents Act 2008) is the landlord, the real estate agent must conduct CDD on the landlord.
There is no requirement to also conduct CDD on the tenant unless receipt of funds from the tenant constitutes an occasional transaction (being a cash transaction equal to or over $10,000). Please note that cash is defined to mean physical cash or bearer-negotiable instruments (such as cheques, bill of exchange, promissory note, bearer bond, traveller’s cheque, money order, postal order or similar).
Once the commercial tenancy has been entered, rent otherwise collected from a tenant as part of the property management activities does not trigger AML/CFT obligations. (Regulation 21B of the AML/CFT (Definitions) Regulations). Please refer to questions 68 and 69 above for further information.
Also note:
- In a situation where the real estate agent’s client (as defined in s4(1) of the REAA) is the tenant (not the landlord), the above applies in reverse. In this situation, the real estate agent must conduct CDD on the tenant.
- Arranging residential tenancies (to which the Residential Tenancies Act 1986 applies) is not real estate agency work and is not a captured activity under the AML/CFT Act.
70: I have a conjunctional arrangement with another real estate agency. Do I have any CDD obligations under the AML/CFT Act in relation to the vendor?
A conjunctional arrangement is when one agency is under a written agency agreement with a listing agent to introduce a purchaser. The conjunctional agent, like the listing agent, also acts for the client who is the vendor in a real estate transaction. Effective 31 July 2023 regulations have been introduced to make it clear that the conjunctional agent does not have any direct CDD obligations in relation to the vendor. The responsibility to conduct CDD on the vendor rests with the real estate agent that signs the agency agreement.
Despite this, there remain some situations where the conjunction agent would need to complete CDD on the customer – the conjunction agent remains a reporting entity and is required to comply with other AML/CFT obligations, such as SAR reporting.
71. I am a real estate agent that acts for the vendor of a property. I find a buyer who wants to pay their deposit to me by a bank cheque. Do I have to conduct CDD on the purchaser?
Yes, you are required to conduct CDD on the purchaser in this scenario. This is because a cheque (which includes a bank cheque) is included in the definition of ‘bearer-negotiable instrument’ (BNI) in the AML/CFT Act.
A transaction involving a BNI or physical cash (of $10,000 or more) that is conducted with a person who is not your client (as defined in s4(1) of the Real Estate Agents Act 2008), is considered an ‘occasional transaction’ (as defined in s5 of the AML/CFT Act). As a reporting entity, you must conduct CDD on any person with whom you conduct an occasional transaction.
72. There are different types of cheques, such as personal, travellers or bank cheques. Does the definition of ‘bearer-negotiable instrument’ include all types of cheque?
Yes. The Department’s view is that the definition of a bearer-negotiable instrument (BNI) includes all types of cheques. It also includes other types of monetary instrument that may be transferred from one person to another, for example a promissory note, a bill of exchange, a bearer bond, money order or postal order.
Please note that the occasional transaction thresholds of some types of BNI are lower than $10,000 – please refer to the AML/CFT (Definitions) Regulations 2011 for further information.
73. The definition of ‘occasional transaction’ in the AML/CFT Act excludes ‘cheque deposits’. What does this mean?
Please refer to questions 68 and 69 above for further information.
Disclaimer:
This guideline is provided for information purposes only and cannot be relied on as evidence of complying with the requirements of the AML/CFT Act. It does not constitute legal advice and cannot be relied on as such. If after reading this guideline you do not fully understand your obligations, you should seek suitable professional or legal advice or contact your supervisor, the Department of Internal Affairs (DIA) at Amlcft@dia.govt.nz.