DIA publishes AML/CFT Sector Risk Assessments

  • Legal update

    21 February 2020

DIA publishes AML/CFT Sector Risk Assessments Desktop Image DIA publishes AML/CFT Sector Risk Assessments Mobile Image

On 13 February, the Department of Internal Affairs (DIA) released updated Sector Risk Assessments (SRAs) for the sectors that it supervises. One covers financial institutions supervised by the DIA (FI SRA), while the other covers all other types of reporting entity supervised by the DIA (including designated non-financial businesses or professions and casinos) (DNFBP SRA).

The DIA’s announcement can be found online.

The New Zealand Law Society (NZLS) followed this with a brief note about the sector risks for lawyers on 18 February.

Who needs to read it? Why?

The SRAs will be of interest to all reporting entities supervised by the DIA. Their purposes are to:

  • assist the DIA, as a supervisor, in understanding the money laundering and terrorism financing (TF) risks in the sectors in question; and
  • aid reporting entities within those sectors in meeting their anti-money laundering and countering financing of terrorism (AML/CFT) obligations.

The NZLS note will be similarly relevant to law firms (in their capacity as reporting entities) and the DIA (as their supervisor).

What does it cover?

The DIA had previously released SRAs for Phase 1 and Phase 2 of the AML/CFT regime.  With the implementation of Phase 2 now complete, these SRAs have been reframed to align with the way sectors are defined internationally.

In particular, trust and company service providers and casinos have been moved from what was the Phase 1 SRA to the DNFBP SRA (which replaces the Phase 2 SRA).
In addition to that structural shift, a number of substantive changes have been made to the SRAs:

Terrorism financing

First, the sections on TF have been updated. This is to reflect the Financial Intelligence Unit’s National Risk Assessment for 2019 (our discussion of which can be found here).
Reporting entities will therefore want to consider whether these TF updates mean that they should specifically update their risk assessments and AML/CFT programmes to take them into account.


Second, a section has been added to the FI SRA on the Virtual Asset Service Provider (VASP) sector. Previously, VASPs had been covered under the section on payment providers. Our discussion of this sector more broadly, and the Financial Action Task Force guidance issued about it, can be found here.

The inherent risk rating for this sector is set to High.  This is due to the perceived vulnerabilities of VASPs, including ease of use, anonymity, beneficial ownership issues, their role in cross-border payments and the previous association of virtual assets with organised crime.

This new section will not only be of interest to VASPs themselves, but also other reporting entities that interact with them.


Third, the inherent risk rating for the conveyancing sector has been raised from Low to Medium.

This move follows the DIA’s review of its methodology and increasing understanding of the typologies it faces, rather than change within the sector itself.

NZLS note

The NZLS note looks specifically at lawyers within the DNFBP SRA, highlighting their Medium-high inherent risk rating and the AML/CFT vulnerabilities they face given their:

  • wide range of services, including some that are particularly attractive to criminals;
  • geographic availability and ease of access; and
  • gatekeeper role, able to facilitate the entry of illicit funds into the legitimate financial system.
Our view

The completed implementation of Phase 2, and therefore of the AML/CFT regime in general, is expected to harden the AML/CFT supervisors’ attitude towards breaches of AML/CFT obligations.  Reporting entities will therefore want to remain abreast of the risks identified by their supervisors as being of particular concern for their sectors. Reporting entities should consider whether their risk assessments and AML/CFT programmes should be updated accordingly.

SRAs like these provide an invaluable insight into the supervisors’ perspectives on these risks, particularly where they have been recently updated. DIA-supervised reporting entities should make use of this opportunity to refine their compliance.

What next?

If you have any questions on the updated SRAs, or the AML/CFT regime more generally, please contact one of our experts.