On its first day as sole supervisor, 1 July 2026, The DIA has published revised key guidance on compliance with the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act. The Comprehensive Guidance Suite coincides with the transition to the DIA as sole AML/CFT supervisor.
Reporting entities need to review the new guidance to ensure their risk assessments and AML/CFT Programmes comply with the refreshed guidance suite.
Who needs to read it? Why?
In addition to refreshing almost every guidance on AML/CFT Act compliance, the DIA took the opportunity to emphasise the change to sole supervisor, issuing new guidance on complying with the AML/CFT Act and a new AML/CFT Reporting Entity Quick Start Guide. The new guidance signals to reporting entities that the DIA is taking enforcement seriously as it becomes sole supervisor.
The Guidance reiterates that sections 57(2) and 58(2)(g) of the AML/CFT Act oblige all reporting entities to have regard to applicable guidance in their compliance with the AML/CFT Act.
What does it cover?
Non-bank financial institutions (NBFI) in particular should note changes in the updated AML/CFT Guidance on wire transfers and prescribed transaction reporting (PTR). The updated guidance on wire transfers is available here. Designated non-financial businesses or professions (DNFBP) also need to note the new guidance on wire transfer requirements – available here.
In addition, the DIA has signalled a significant change to its enforcement approach, describing it as a “New Era for AML/CFT Regulation.” That means compliance is more important than ever.
Key changes in more detail:
1. Updated guidance for NBFIs on PTR and wire transfers
The DIA communicated its strengthened enforcement position as sole supervisor, imposing minimum PTR requirements for NBFIs and DNFBPs for all international wire transfers of $1,000 or more. This is a significant change, as it imposes complementary PTR reporting from banks and non-bank financial institutions. The Financial Markets Authority’s (FMA) previous position was to exclude entities from PTR obligations where they transmit instructions from a client to complete an international wire transfer but do not actually transfer funds.
The DIA does not consider two PTRs submitted by a bank and NBFI in relation to a small overall movement of funds as “duplicate” reporting, but “complementary reporting” – signalling its new approach to enforcement as sole supervisor.
Reporting entities previously exempt from these obligations will now need to revise their compliance with wire transfers provisions in the AML/CFT Act.
Reporting entities have one year to embed the new PTR requirements into their processes, procedures, and controls (PPCs).
2. Suite of significant updates to Customer Due Diligence (CDD) obligations:
The DIA also updated the following Guidance to CDD:
- Beneficial Ownership Guideline
- CDD: Companies Guidance
- CDD: Trusts Guidance
- CDD: Limited Partnerships Guidance
- Acting on Behalf Guidance
- Clubs and Societies
- Sole traders and partnerships
- Outsourcing your CDD requirements (new standalone guidance)
- Reliance on another reporting entity (new standalone guidance)
Effective 19 May 2026, Source of Wealth (SoW) and Source of Funds (SoF) verification is now risk-based, not automatic. This requires amendments to AML/CFT Programmes for trusts, who must now set out PPCs for determining when they will not verify SoF and SoW.
Limited Partnerships should note that where enhanced CDD is insufficient under section 22 of the AML/CFT Act, regulation 12AB of the AML/CFT (Requirements and Compliance) Regulations 2011 expressly requires additional measures (obtain further information, examine the purpose of a transaction, enhanced monitoring, or senior management approval). The DIA explicitly referenced this obligation in its 2026 Guidance, emphasising its importance. It also stated that non-publication of limited partner details increases inherent money laundering and terrorist financing (ML/TF) risk, which reporting entities now need to note in their risk assessments.
Reporting entities outsourcing CDD obligations or persons acting on behalf (POAB) of a customer should be cognisant of the updates affecting their CDD processes. The DIA issued new standalone guidance dedicated to reporting entities outsourcing CDD to a third-party agent. It reiterated that reporting entities outsourcing their obligations remain responsible and liable for all CDD and record keeping. The AML/CFT Programme must set out effective PPCs vetting all third-party agents.
The new standalone guidance on relying on another reporting entity emphasises that it is insufficient for the other reporting entity to give assurance that CDD has been conducted. All identity information must be transferred in full, and records must be available within 5 working days of the request for copies of verification documents.
The new Quick Start Guide and Guide to Complying with the AML/CFT Act emphasise the guidance as a reference point for all reporting entities.
3. Updates to risk assessment guidance
The DIA refreshed the Risk Assessment Guidance against new data in the National Risk Assessment and the Real Estate Sector Risk Assessment. Sector Risk Assessments (SRAs) are now a mandatory reference point. Any reporting entity in a covered sector providing services identified as high-risk must incorporate an assessment of those risks into its risk assessment and programme.
All reporting entities should note that if a reporting entity intends to use new or developing technologies, they must update their risk assessment prior to use.
The updated risk assessment guidance is available here
4. Territorial scope
The DIA also issued a new 3-step test for assessing whether an activity is caught under the AML/CFT Act’s territorial scope:
- Determine whether the business is carrying on a captured activity;
- Assess whether it is carried on in NZ; and
- Consider whether there is a sufficient New Zealand connection.
Our view
We support the changes to the sole supervisor model, as it facilitates faster decision-making and fuller guidance. At the same time, it makes even more important, that there is a strong governance framework to provide checks and balances. In the past, the need to get three supervisors to agree provided a check to some degree, now the DIA depends solely on internal debate and market feedback to achieve that important balance.
The updated Guidance presents a case in point. While it is very helpful, to have stronger guidance, with greater depth and clarity as to the DIA’s view, there are places where the Guidance risks front-running what the AML/CFT Act currently provides.
What next?
We recommend that all reporting entities ensure they are aware of the pace of AML/CFT changes, and transition to the sole supervisory model. In many cases, a required step will be updating of AML/CFT Compliance Programmes to reflect the new Guidance.
If you have any questions in relation to the DIA’s new suite of updated guidance, the transition to sole-supervisor, or the new wire transfer requirements, please contact one of our experts.
This article was co-authored by Sarah Waller, a Law Clerk in our Financial Services team.