On Monday, 29 April, the Department of Internal Affairs (DIA), the Financial Markets Authority, and the Reserve Bank of New Zealand (together, the AML/CFT Supervisors) published new and updated guidelines on customer due diligence (CDD) and beneficial ownership under the anti-money laundering and countering financing of terrorism (AML/CFT) regime. 

The AML/CFT Supervisors have updated the Beneficial Ownership Guideline, the Enhanced Customer Due Diligence Guideline (ECDD Guideline), and the Customer Due Diligence: Companies Guideline (Company CDD Guideline), as well as released a new Customer Due Diligence: Limited Partnerships Guideline (LP CDD Guideline) (together, the Guidelines).

Additionally, the DIA yesterday released guidance for money remitters relating to wire transfers and prescribed transaction and suspicious activity reporting and to the use of agents (together, the Remitter Guidance).

The Guidelines and the Remitter Guidance are targeted at the next stage of regulations changes that are coming into effect on 1 June 2024, as well as the previous stage that commenced on 31 July 2023, both of which we have previously discussed.

As we discuss below under “Our view”, we consider that the Guidelines do bring some helpful detail on a number of obligations and the AML/CFT Supervisors’ expectations. However, their release date leaves only a short window before the next regulations commence.

Who needs to read it? Why?

The updated Guidelines will be relevant to essentially all reporting entities. Beneficial ownership and enhanced CDD requirements apply generally, and companies are a very common type of customer. Limited partnerships, while not as numerous as companies, still find widespread use and are a common investment structure. Reporting entities that have them as customers should ensure they are across the new Guideline.

What does it cover?

The existing Guidelines have been given substantial updates, from material commentary on the upcoming requirements to clarifications on aspects of the current regime that were not expressly addressed. The LP CDD Guideline, on the other hand, is new standalone guidance, albeit drawing from the existing coverage of limited partnerships in the sole traders and partnerships guideline.

We set out the key updates and additions in the Guidelines, in respect of both the upcoming requirements and the existing regime, below.

Beneficial Ownership Guideline

The Beneficial Ownership Guideline in particular has been substantially rewritten, including to reflect the 31 July 2023 addition to the definition of a “beneficial owner” – namely, to expressly include persons with (direct or indirect) “ultimate ownership or control of the customer”, and to narrow the coverage of persons on whose behalf transactions are conducted (POWBATICs) that are customers of customers to only those with such ultimate ownership or control.

• The previous version of the Beneficial Ownership Guideline introduced the AML/CFT Supervisors’ interpretation that POWBATICs are themselves a third limb of the beneficial owner concept (which is not explicit in the legislation). That has been removed in line with the regulation change. However, this does not remove other requirements to trace through to customers of customers (such as to identify a relevant source of funds or wealth, as those are not triggered by beneficial owner status) or to conduct CDD on persons who are customers of both a reporting entity’s customer and the reporting entity itself.
• Many of the other CDD requirements, such as identifying nominee arrangements, control structures, and powers that bind and regulate all go towards revealing who beneficial owners are. For instance, a person whose directions are followed by nominees will likely be a beneficial owner through having ultimate control.
• The “ultimate” in ultimate ownership/control is intended to clarify that the ownership/control may be indirect, such as through nominee arrangements or layers of intermediate ownership, and there may be no formal record of (for instance) decision-making powers.
• Where there is a complex multilayered structure, it will be necessary to understand the ownership and control at each layer to be able to trace through to the beneficial owners.
• Individuals may be beneficial owners of a customer in personal or professional capacities – both must be captured.
• Verification of beneficial owner information should be risk-based, and AML/CFT compliance programmes should set out steps that will be consistently applied for different risk levels (based on the relevant risk assessment).
• Discretionary beneficiaries of trusts, who have no vested interest in trust property until trustees distribute to them, will not before that time have “ownership” of trust property – although they could still, depending on the circumstances, have effective control and be a beneficial owner in that respect.
• Diagrammed examples are again provided to help reporting entities understand how the concepts are applied to different kinds of customer (companies, limited partnerships, and trusts) and levels of complexity.

ECDD Guideline

The principal enhanced CDD changes from 1 June 2024 are the requirements for “additional enhanced [CDD] measures” where source of funds and/or wealth alone will not sufficiently manage and mitigate risk, and the requirement to describe in AML/CFT compliance programmes when a reporting entity will (as part of enhanced CDD) obtain and verify source of funds information, source of wealth information, or both.

• The four examples of additional enhanced CDD measures in the regulatory wording are a non-exhaustive list of possible options – one or more of them, and/or other measures, may be appropriate for a particular context.
• It will not always be possible to comprehensively explain all the different circumstances where source of funds and/or source of wealth information will be obtained, and a case-by-case determination on the risk may be more effective anyway. Instead, an AML/CFT compliance programme could “consider the types of situations” either or both will be examined in, and how it will differentiate in practice. In any case, the focus must be on which of them best enables the effective mitigation of risk - expressly not the “easiest to fulfil”.
• A fear of inadvertently tipping off a customer to a potential suspicious activity report (SAR) is explicitly not a justification for neglecting enhanced CDD. Carrying out enhanced CDD enquiries “properly and in good faith” is stated to not constitute tipping off, without further explanation of those criteria. In fact, having conducted enhanced CDD could even raise the quality of such reports.
• While there is no statutory timeframe for the required termination of a business relationship if enhanced CDD cannot be completed, the AML/CFT Supervisors' expectation is it should be “as soon as practicable” in the context of the product or service. They acknowledge that it may not always be possible to do so immediately, but the termination process should commence “as soon as you determine you are unable to complete CDD”.
• The previous version of the ECDD Guideline stated that, on terminating a business relationship, any funds should be returned to their source (which would generally be the relevant customer). The updated version now says they should be returned to the customer “even if the funds were received from a third party, unless the customer directs the funds to be paid to the source”.
• The Amended Identity Verification Code of Practice 2013 and its safe harbour do not technically apply to high-risk customers, but may still be instructive – for instance, as a starting point, or possibly even sufficient for verifying biographical information if the relevant risk does not relate to that (allowing resource to be redirected to other elements of enhanced CDD).
• The requirement from 1 June 2024 to update risk assessments before introducing a new or developing technology or product should align with existing practices and not create additional or wider obligations.
• Monitoring rules for generating AML/CFT alerts for review and examination should be “commensurate with the types of customers you deal with, the products and services you offer and the size and value of transactions you undertake”.

Company CDD Guideline

The upcoming regulations add a number of new pieces of information that need to be collected for CDD on legal persons (such as companies) – specifically, their legal form and proof of existence, their ownership and control structure, any powers that bind or regulate them, and the existence and name of any nominee directors or nominee shareholders.

• These new requirements are seen as “formalis[ing]” what is required to be obtained and verified as part of CDD, to assist in understanding legal structures, identifying beneficial ownership, and determining risk. They should be aligned with existing procedures, policies, and controls in this respect.
• These pieces of information may interrelate with each other, as well as the wider assessment of beneficial ownership and the need to obtain sufficient information to determine whether enhanced CDD is warranted.
• Company constitutions, shareholders agreements, and any equivalent documents are given as examples of things that could give information on powers that bind and regulate.
• Reporting entities should collect details on the basis for beneficial owners being such – for instance, shareholder powers or voting rights, director powers, or formal nominee arrangements.

LP CDD Guideline

In brief, limited partnerships are incorporated legal entities with general partners (responsible for management, and fully liable for their partnerships) and limited partners (barred from involvement in management, and only liable to the extent of their financial contribution).

Limited partnerships, as legal persons, will be subject to the same new CDD requirements as companies (but needing nominee general partner, rather than director and shareholder, information).

• While resembling companies in some ways, limited partnerships do not have as much publicly-available information – for instance, details of limited partners are not on the public record like directors and shareholders, although general partner details are. This reduced visibility increases their inherent risk profile.
• The commentary around the new legal person requirements from the Company CDD Guideline (described above) are also reflected here.
• As limited partnership agreements are not available to the public on the Limited Partnerships Register, the AML/CFT Supervisors acknowledge that the requirement to verify some of the new CDD information using a reliable and independent source may not be possible. Unlike for companies, they view the “independent” requirement as applying for limited partnerships “where possible” (which does not appear in the regulation itself), and accept that documents provided by the limited partnerships themselves (such as their limited partnership agreements) may be the best possible option.

Remitter Guidance

From 1 June 2024, operators of money or value transfer services (MVTS Operators) that give effect to international wire transfers by depositing physical cash into a bank account will have to submit prescribed transaction reports (PTRs). As the Remitter Guidance notes, this is particularly relevant to operators that use informal transfer systems.

The exemption for intermediary institutions of international wire transfers from having to make PTRs will also be removed for MVTS Operators. The Remitter Guidance provides some detail on how to operationalise this.
The Remitter Guidance also makes clear that the requirement for MVTS Operators to provide copies of SARs to foreign financial intelligence units is limited in scope and application – to only where they (and not, for instance, separate entities) are ordering or beneficiary institutions outside New Zealand, which will generally entail controlling the transaction, and operating a bank account, in another country.

Additionally, the Remitter Guidance expands on:

• the upcoming requirements to include specific information about agents in AML/CFT compliance programmes;
• how remitters’ master agents’ training, monitoring, or other assurance activities in relation to sub-agents are treated as part of the remitters’ activities and compliance responsibilities; and
• the exemption (since 31 December 2023) allowing MVTS Operators and their agents to share SAR/PTR information.

Our view

With only around a month between the release of the Guidelines and the 1 June 2024 activation of the next set of regulations they cover, the window for reporting entities to adjust their processes and documents to reflect these supervisory interpretations and expectations will be tight.

The detail added to the Guidelines should be useful to reporting entities in coming to terms with the changes to CDD under the AML/CFT reforms and understanding the expectations of the AML/CFT Supervisors.

• The AML/CFT Supervisors have made clear at some points that their expectations are more practical than a reading of regulatory wording in itself may indicate – for example, the ECDD Guideline explaining that the requirement to identify when source of funds, wealth, or both will be used will not require a comprehensive list of all possible circumstances, and the LP CDD Guideline limiting the need for verification using “independent” sources to only where that is possible.
• The additional explanation in the ECDD Guideline around the interaction of SAR tipping off restrictions and the need to conduct enhanced CDD, and on the timeframe and funds return requirements on terminating a business relationship, do shine light on some of the difficult tensions under the regime. However, these are likely to remain difficult lines to walk in practice.
• Some of the commentary is just making explicit what was previously implied (for instance, the interrelation of the requirements for specific pieces of information and the core goal of identifying beneficial ownership), but having that stated may encourage reporting entities to view the requirements as part of a holistic framework rather than a series of discrete boxes to tick.

The concern about the tight timeframe above will be doubly so for the expected updates to the guidelines for co-operatives, sole traders and partnerships, and trusts (which are identified as “[p]ending update” on the DIA website).

In particular, with the upcoming new requirements for CDD on legal arrangements and the need for greater clarity around them, the update to the trusts CDD guideline will be keenly awaited by reporting entities that deal with trusts (of which there are many, given the prevalence of trusts in New Zealand). It will also hopefully explore in more depth some of complexities hinted at in the Guidelines.

• For instance, the Beneficial Ownership Guideline suggests that settlors may be persons with effective control over trusts or trust property (such as through powers reserved to them to amend trust deeds or change trustees). However, in New Zealand a settlor would need some kind of reserved or granted powers (or continuing informal influence) to meet the beneficial owner criteria – a settlor has no continuing ownership or control over the trust inherently from being a settlor.
• It would therefore be very helpful for reporting entities to have guidance that makes this point explicitly, and distinguishes clearly between settlors that actually have some form of beneficial ownership (requiring full CDD) and those that do not (and so would only be relevant for source of funds/wealth, and the new general settlor information requirement – which hopefully will also receive some explanation).
• The LP CDD Guideline recognises that verification of some information from an independent source is not always possible. Although the information that the independent source requirement applies to is different for legal arrangements than legal persons, there may still be difficulty in finding independent sources for that (for instance, if a settlor or protector is only identified in the trust’s deed). Hopefully that practical approach will be continued through for trusts.

The Remitter Guidance provides some useful commentary for MVTS Operators, particularly where it makes clear some requirements are narrower than they may have otherwise been interpreted.

What next?

The regulations (that are not already live) behind the Guidelines will be coming into force on 1 June 2024, with the third and final tranche of current amendment regulations commencing on 1 June 2025. As mentioned above, the CDD guidelines for co-operatives, sole traders and partnerships (particularly given limited partnerships have been spun out into their own guideline), and trusts are still pending updates, which will hopefully come before June.

Those amendment regulations are just the first component of the Ministry of Justice’s wider reform agenda for the AML/CFT regime, following its 2021-2022 Statutory Review of the regime and the Financial Action Task Force Mutual Evaluation of New Zealand that preceded it (both of which we have previously discussed).

The other parts of the wider reform agenda arising out of the Statutory Review and other submissions are expected to move in a series of different tranches over the next few years, depending on whether they require legislative change (to the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 itself), further regulatory change (following additional consultation), the issuing of a code of practice or Ministerial exemption, or a change in supervisory guidance or operational practices.

If you have any questions about the Guidelines or Remitter Guidance, the upcoming amendment regulations, the wider AML/CFT reforms, or the regime more generally, please do not hesitate to contact one of our experts.

This article was co-authored by Sam Short, a Senior Solicitor in our Banking and Financial Services team.