Today, the Department of Internal Affairs (DIA) released guidance (Guidance) for virtual asset service providers (VASPs) on the stage 2 amendment regulations under the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 (Act). 

The Guidance should give useful direction to VASPs in understanding how to approach virtual assets, their quasi-money treatment, and the nature of transfers involving them. It also makes clear the implied consequences of virtual assets being pulled into the wire transfer regime – that short change of definitions actually represents what is likely the most substantive impact for VASPs, but may not have been understood by all from what is on the regulations’ pages.

We have previously discussed the amendment regulations more generally, and the stage 2 amendments in particular. This release follows the earlier batches of guidance released by the AML/CFT supervisors jointly and by the DIA alone in late April and early May.

Who needs to read it? Why?

The Guidance targets “any business that provides activities and services involving transactions or dealings in ‘virtual assets’”. These businesses should ensure they are across both the Guidance and the amended regulations they relate to, in order to comply with their AML/CFT obligations. 

What does it cover?

The Guidance steps through the VASP-related changes in the amendment regulations and explains how the DIA intends to apply them. These can be broadly grouped into:

• those dealing specifically with wire transfer requirements – which make up roughly half of the Guidance;
• those defining the virtual asset and VASP concepts; and
• those explaining how they fit within the kinds of transactions covered by the regime.

The Guidance also calls out that VASPs must ensure that their AML/CFT compliance documents are “updated to reflect these new requirements”, and that they comply more broadly with the non-VASP-specific obligations under the AML/CFT regime.

Wire transfer requirements

The principal changes around how the wire transfer requirements apply to VASPs are that virtual asset to virtual asset, and virtual asset to fiat currency (or vice versa), transfers are declared to be wire transfers. They must also be treated as international wire transfers unless the VASP is satisfied all parties involved are in New Zealand.

This marks a shift from the previous position, where VASPs technically only had to comply with those requirements for transfers that touched fiat currency (such as on-ramp and off-ramp transactions) and otherwise met the wire transfer definition. However, also including virtual asset transactions was described as “best practice” in the DIA’s March 2020 VASPs Guideline. The presumption of an international wire transfers also reflects the DIA’s position in that previous guidance.

The Guidance sets out the DIA’s position and expectations on a range of matters.

• A virtual asset to virtual asset transfer is one where “the value is in the form of a virtual asset at each end” (whether the movement of one type of virtual asset, or conversion between multiple).
• Virtual assets are considered to be “funds” for the purpose of the wire transfer definition.
• A transfer of virtual assets to an un-hosted/self-hosted wallet where no other VASP is involved will not be a wire transfer.
• VASPs should review the virtual asset transactions they carry out and ensure they comply with the wire transfer requirements (including where those touch on third-party platforms or other financial institutions).
• VASPs should have “procedures, policies, and controls in place to determine the circumstances in which [they] can be satisfied that all the parties to [a] wire transfer are in New Zealand”, in order to not have to treat it as an international wire transfer. They should also keep records of that determination and the basis for it.
• If there is doubt as to whether any parties to a wire transfer are in New Zealand, a VASP should treat it as an international wire transfer.
• VASPs will “often have to comply with two sets of wire transfer requirements in relation to the same dealings with a customer”. The Guidance sets out three examples of transactions, and how VASPs will occupy different roles for different parts of them.

The Guidance steps through the requirements that apply to each role in a transfer – the entity instructed to make the payment (ordering institution), the entity receiving the payment for the recipient (beneficiary institution), or an entity in between (intermediary institution – which the DIA considers VASPs will only be in limited circumstances).

Additionally, for international wire transfers (including those treated as such under the VASPs’ presumption) of $1,000 or more, the Act’s prescribed transaction reporting requirements will apply.

Virtual asset and VASP definitions

The regulations introduced a definition of “virtual asset” on 31 July 2023, being a digital representation of value that can be digitally traded or transferred or used for payment or investment purposes but is not a financial product nor a digital representation of a fiat currency.

While this is the first use of this definition in AML/CFT legislation or regulations, it broadly aligns with how the DIA has previously considered virtual assets (for instance, in its March 2020 VASPs Guideline) and how the Financial Action Task Force (FATF) defines them (in its Recommendations).

However, this use of the definition notably has an “or” between the “digitally traded or transferred” and “used for payment or investment purposes” limbs, rather than the “and” in the FATF and earlier DIA materials. This gives New Zealand a wider scope of capture – in particular, a payment or investment purpose isn’t necessarily required – although the effects of this will be very fact-dependent, and the Guidance does not explore this difference.

VASP is still not a defined term in the AML/CFT regime. However, in the Guidance the DIA indicates that it considers a VASP to be “a financial institution under the Act that, in the ordinary course of business, carries out one or more of [specified] financial activities and this involves virtual assets”.

These activities notably include providing safekeeping or administration of virtual assets on behalf of any person, which is a new inclusion by regulation from 31 July 2023.

Transactions and occasional transactions

One of the key activity triggers under the Act is around “transactions”, which the Act defines as deposits, withdrawals, exchanges, or transfers of funds. The regulations expand this definition to include “the deposit, withdrawal, exchange, or transfer of a virtual asset”, so that dealings involving virtual assets will trigger those requirements.

The regulations also declare virtual asset transactions, or virtual asset to virtual asset transactions, of $1,000 or more (whether in a single operation, or several that are linked) outside of a business relationship to be “occasional transactions”. This essentially means that a person seeking to conduct such a transaction will be a VASP’s customer and subject to customer due diligence, even in the absence of a business relationship.The

DIA expects VASPs to have procedures, policies, and controls in place to:

• “identify linked transactions” that together meet the occasional transaction threshold; and
• “determine when a person has undertaken a number of transactions with you intermittently” such that there is “an element of duration” and a business relationship is commenced – with a suggested test being whether they “reasonably expect that the person is likely to return to conduct transactions in the future”.

Our view

Virtual assets occupy an unusual space, not money yet often treated as something akin to it. The regulations and Guidance formalise this quasi-money treatment. The DIA, as their principal AML/CFT supervisor, setting out its position on what this means and how it will operate should give useful direction to VASPs in understanding their place under the reforms.

The Guidance's emphasis on wire transfers is also helpful. Those are likely the most material changes for VASPs (other than those newly brought under the regime), and yet are mostly implied from a short regulation declaring virtual asset transfers to be wire transfers.

The full weight of the consequences, of having to build up information and reporting infrastructure and comply with the "travel rule" (i.e. sending identification information alongside transfers), may not have been apparent to all industry participants from what is on the regulations' pages.

The ambiguous nature of virtual assets, as both alike and unlike money, has previously led to uncertainty around where transactions begin and end. Without a clear divide, as between fiat currency and non-money goods, there had been differing views on whether a chain of fiat and virtual asset movements constituted a single transfer of value or multiple.

The Guideline sets out the DIA's position that they are separate transfers and should be treated as such. While we agree that the separate-transaction approach is the most coherent, the important thing here is for a consistent position to be taken, so that the industry operates on a level playing field.

Virtual assets come in many forms and are used in many ways. The Guidance does not purport to cover that full range, and the industry and AML/CFT supervisors will no doubt need to progressively work through the practical implications for particular offerings. For example:

• We expect the question of decentralised arrangements, where VASPs may not have a substantive ongoing connection with them, to arise at some stage.
• How the requirements apply to a direct purchase of virtual assets from a party, rather than instructing them to make a purchase on behalf of the customer (i.e. the first example given in the Guidance), remains ambiguous, and may depend on whether the seller hosts its own wallet or holds it with another VASP.
• Whether the DIA still holds the position, as stated in its March 2020 VASPs Guideline, that “VASPs are considered ‘financial institutions’” (noting that whether this reflected the strict legal position is debated), or if that has been superseded by the regulations and Guidance, is not clear. The inclusion by regulation of VASPs safekeeping or administering virtual assets indicates that not all were covered before, but whether there is another subset of VASPs that do not meet any of the capture points, and how the DIA would react to them, remains to be seen.

The Guideline should be read alongside the DIA’s March 2020 VASPs Guideline and August 2023 VASPs Factsheet, which deal in more detail with VASPs and the AML/CFT regime (including examples of capture points for particular VASP activities).

We continue to support this being an area of focus. VASPs and virtual assets remain prominent in the global AML/CFT space – for instance, just earlier this month the FATF released its latest update on jurisdictions’ compliance with its standards on them – and it is important that our regulatory regime keeps up. Among other reasons, the FATF’s third follow-up report on New Zealand’s compliance was released on 18 July, and our next Mutual Evaluation is only a few years away (currently expected in 2029).

What next?

VASPs should already be in the process of complying with the 1 June 2024 changes, both in terms of their operations and their AML/CFT compliance documentation. These include not only the VASP-specific changes discussed in the Guidance, but also the range of other changes affecting reporting entities generally.

The AML/CFT supervisors have indicated in a joint statement (which we have discussed) that they will take a “broadly educative and constructive approach” when it comes to enforcing those changes, but they will expect reporting entities to be across the requirements and available guidance and making genuine and credible progress towards meeting them.

As raised above, there is likely to be an ongoing process of refining how VASPs operate within the AML/CFT regime, depending on their particular facts.

The current suite of amendment regulations still has one more stage to go, coming into force on 1 June 2025. There are also expected to be additional changes to legislation, regulations, and guidance in the future as the recommendations of the 2021-2022 Statutory Review (which we have previously discussed) continue to be worked through.

If you have any questions in relation to the Guidance, the wider amendment regulations, VASPs’ obligations, or the AML/CFT regime more generally, please contact one of our experts.