Yesterday, the Minister of Justice Hon. Kiri Allen:
- announced proposals to strengthen the anti-money laundering and countering financing of terrorism (AML/CFT) regime to both “combat the harmful effects of money laundering and financial terrorism” and “mak[e] it easier for small businesses and consumers to comply”; and
- tabled in Parliament the long awaited Ministry of Justice’s report on the review of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act) (Report).
The proposed reforms address part of the findings of the statutory review (required by the AML/CFT Act), which commenced on 1 July 2021, proceeded with a public consultation on 6 October 2021 (which we have previously discussed), and concluded on 30 June 2022 with the Report provided to the Minister of Justice.
Who needs to read it? Why?
The Report should be read by:
- all existing reporting entities under the AML/CFT Act, to understand how their treatment by the regime may change;
- all entities which have determined they currently fall outside the coverage of the AML/CFT Act, to understand whether they may be brought within the regime; and
- other persons with an interest in financial inclusion and/or innovation in the financial sector more generally, as the application of the AML/CFT regime has significant implications there.
What does it cover?
The reforms announced so far by the Minister will take the form of regulations which can be implemented without waiting until the Parliamentary calendar would permit changes to the AML/CFT Act itself. According to the Minister’s announcement, changes include:
- relaxing the requirement on businesses to verify the address of most customers;
- extending the timeframe for businesses to submit Prescribed Transactions Reports (PTRs); and
- exempting registered charities from AML/CFT obligations when they are providing small loans.
The Minister said further changes will address areas of known risk or vulnerabilities, improving efficiencies and reducing compliance costs, and improving compliance with international money laundering standards.
However, the Report makes 215 recommendations in total, so more can be expected to follow those already announced by the Minister, including amendments to the AML/CFT Act itself, further regulatory changes, and changes in guidance or operational practices.
Given this extensive list, and the length and detail of the Report, we will not be stepping through each in turn, but will identify a number of key findings and recommendations.
The recommendations in the report include:
- not changing the purpose of the AML/CFT Act to include the prevention of money laundering and terrorism financing, but adding the combatting of proliferation financing, the supporting of businesses in implementing sanctions obligations, and reference to the regime taking a risk-based approach – the Report also recommends shifting the “contribut[ing] to public confidence in the financial system” and “maintain[ing] and enhanc[ing] New Zealand’s international reputation” limbs from the purpose of the AML/CFT Act into a new subsection outlining its intended outcomes;
- further investigation and engagement around the supervisory model of the regime (e.g. consolidating to a single supervisor);
- further consultation around a hybrid public/private funding model for the regime, to e.g. cover the cost of providing guidance;
- considering expanding the Financial Intelligence Unit (FIU)’s powers, to e.g. allow it to request more information or to freeze accounts and/or block transactions;
- further considering exemptions, and a code of practice around high-risk customers, to address concerns around financial inclusion and de-risking;
- not expanding the regime’s captured activities (e.g. to criminal defence lawyers or non-life insurance businesses), but further investigating some services that could provide financial intelligence (e.g. fintech providers offering open banking solutions, and/or commerce or marketplace operators);
- clarifying some existing capture points (e.g. around designated non-financial businesses or professions, stored value instruments, and the concept of acting “in the ordinary course of business”) – of particular note were recommendations to amend the definition of stored value instruments to be technology-neutral, to define virtual asset service providers (VASPs) as reporting entities (in line with the FATF’s definition) and virtual asset transfers as international wire transfers unless the entity is satisfied they are not such transfers, and to scale up some of the obligations on high-value dealers;
- exempting from the regime registered charities that provide loans to customers below a maximum of NZD6,000 (with some conditions and restrictions) – as mentioned in the Minister’s announcement above;
- defining the territorial scope of the AML/CFT Act, but only after further analysis as to how it should be defined (with a review of the existing guidance in the meantime);
- introducing a comprehensive registration framework for reporting entities, as well as a specific licensing framework for high-risk sectors that are not otherwise licensed (such as money or value transfer services);
- further regulating auditors (through e.g. a code of practice and an accreditation regime) and the vetting, training, and use of agents, but not consultants;
- increasing available penalties (with a non-exhaustive list of aggravating and mitigating factors to help it be risk-based), as well as introducing the ability to restrict, suspend, or cancel registration or licensing and for directors, senior managers, employees, and/or agents to sometimes be held responsible;
- amending the Amended Identity Verification Code of Practice 2013 to reflect the Digital Identity Trust Services Framework once it is enacted;
- removing both the need for address verification other than for enhanced customer due diligence (CDD) – as mentioned in the Minister’s announcement above – and the blanket requirement for enhanced CDD for trusts;
- providing further clarity around the beneficial owner concept;
- expanding the politically exposed person (PEP) requirements to include domestic PEPs (albeit to a lesser extent), and allowing systems to be more risk-based;
- consulting with the private sector on what should replace the outdated wire transfer terminology generally, while adding identity collection requirements for sub-NZD1,000 wire transfers and further obligations on institutions dealing with incomplete wire transfers;
- further analysis around where CDD reliance should be allowed, including either using or repealing the “approved entity” regime;
- considering whether the Suspicious Activity Reports (SARs) regime should have a less-strict timeframe and/or differentiate between initial suspicions and having reasonable grounds to suspect, and whether the obligation to submit should be reduced or removed where there would be little intelligence value to be gained;
- expanding the strict rules around when SAR information can be shared;
- extending the timeframe for PTRs from 10 to 20 days – as mentioned in the Minister’s announcement above – and providing further clarity around when and to what extent specific (non-bank) entities are responsible for PTRs;
- in the long term, reducing the PTR threshold for international wire transfers to NZD0, but only once other operational challenges with the PTR regime are resolved and the FIU has sufficient capability and capacity to receive the increased number;
- consulting with the private sector to identify any specific kinds of transactions that should be excluded from PTR obligations (e.g. some kinds of SWIFT transactions in the banking sphere); and
- making the goAML website more user-friendly, or replacing it with something more appropriate.
Further, the Report states that the AML/CFT regime has not been applied with a sufficiently risk-based approach, with some requirements framed in an overly-prescriptive way and others lacking sufficient guidance for businesses. This, in addition to outdated national and sector risk assessments and insufficient resourcing, has meant that the regime is both less effective and more onerous than it should be, especially for small businesses.
The Report estimates the annual cost of the AML/CFT regime as approximately NZD260 million, around 95% of which is borne by the private sector. However, it also considers there to be significant benefits, both monetary and non-monetary, from the disruption of criminal activity that it enables. Further, it estimates that being identified by the FATF as a high-risk jurisdiction (from having no, or a lesser, regime) would result in reduced capital inflows into New Zealand of many times this cost.
The Report also concluded that the Crown needs to do more to understand the implications of the AML/CFT regime on Māori, and to comply with the principles of Te Tiriti o Waitangi.
The aim of the statutory review was to assess the performance of the AML/CFT regime over the last 5 years and whether any amendments should be made to it. During the review, the Ministry engaged with the AML/CFT agencies as well as the industry, and the stated intention is to continue the conversation with them as the regime’s development continues. That is welcomed.
We are encouraged by the Report’s acknowledgement of the importance of ensuring the regime operates in a risk-based manner, given the centrality of this approach to the FATF and the practical importance of compliance costs being proportionate to the risks faced.
Similarly, we consider that the direction of travel for a number of the recommendations is the right one – for instance:
- mostly removing the address verification requirement resolves the difficulty many reporting entities had in practice around meeting it;
- removing the blanket requirement for enhanced CDD around trusts recognises that many are not actually high-risk, and allows for a more proportionate (i.e. risk-based) approach to be taken; and
- adding greater clarity around the application of the AML/CFT regime to VASPs, and around exactly who bears what obligation when making PTRs, will allow entities that currently struggle with the ambiguity to more easily understand their obligations.
That said, many of the recommendations are framed as an intention to look more at issues, and consider on further analysis and consultation whether (and what) changes should be made. In general, we support this approach.
Changes to the coverage and application of the regime can have significant implications both on direct compliance obligations and further down the chain (e.g. on financial inclusion). Measured consideration and consultation, in light of all of the factors, is much more likely to lead to the best possible outcome with the fewest unforeseen consequences.
The Ministerial announcement indicates some of the changes will be made quickly, with regulations being promulgated in the coming months. The detail of those changes is not yet known, but further announcements are expected soon.
The progressing of the other of the Report’s recommendations will continue over a long period of time. Depending on whether they require a legislative change, a regulatory change (after further consultation), the issuing of a code of practice or Ministerial exemption. or a change in supervisory guidance or operational practices, we expect they will move in a number of different tranches.
Further, as many of the recommendations are to carry out additional consultation and exploration of options, we expect it will be some time before the ultimate shape of some of these changes becomes clear.
If you have any questions in relation to the announced proposals, the Report, the AML/CFT regime more generally, or how your business may be affected, please contact one of our experts.
This article was co-authored by Sam Short, a Solicitor in our Financial Services team.
Read more of our related insights.View all insights