Factors to Consider to Ensure Ongoing AML/CFT Compliance

13 May 2020

The compliance requirements imposed by the Anti-Money Laundering and Countering Financing of Terrorism Act, commonly referred to as the AML/CFT Act, are broadly the same for all businesses that it captures. Here at BDO, we’ve been delivering AML/CFT consulting and training services since the Act was introduced in 2009, helping businesses understand their obligations and develop strategies, policies, and procedures to comply with the framework. We also provide AML/CFT audit services, helping businesses with their biennial audit, which is a fundamental requirement of the Act.

In 2018, the AML/CFT Act was widened to include phase 2 businesses, which includes accountancy firms. Because BDO is itself a reporting entity, we truly understand the compliance challenges that our clients face, and we’ve experienced them ourselves. It’s this unique experience from both perspectives which has given us the expertise to ensure our clients reach high standards of compliance.

During our many years of service and experience ensuring AML compliance for our clients and our own firm, our risk advisory team has accumulated pointers that are often missed or not paid enough attention. These pointers, curated by Tarunesh Singh, Head of Risk Advisory Services at BDO Auckland, help ensure that clients are compliant and have a robust, fit-for-purpose framework tailored to their business.


The Impact of COVID-19 and the Alert Level System

The AML/CFT Act compliance requirements are absolute but flexible. While we’re subject to New Zealand’s COVID-19 Alert Level System, we must all adapt our approach while ensuring we meet the requirements.

During this time, performing face-to-face CDD may not be possible, especially for higher Alert Levels. The Act does allow reporting entities to establish a new business relationship while delaying the verification component of CDD, subject to certain conditions.

Another option is to verify the identity of customers using electronic verification means in accordance with the Amended Identity Verification Code of Practice 2013 (IVCOP).

Throughout this unusual period, reporting entities must continue to be vigilant and effectively manage money laundering and financing of terrorism risks. Supervisors expect that reporting entities continuing to operate and establish new business relationships will implement transaction limitations, such as limited transfers or withdrawals, until verification requirements can be completed.

It’s also important to note that sector supervisors are currently working to define further solutions and guidance that will assist reporting entities with their obligations during this unprecedented time.


Review National and Sector Risk Assessments

Review the National Risk Assessment and Sector Risk Assessment guidelines relevant to your business and update your own risk assessment accordingly. The Police Financial Intelligence Unit published an updated copy of the National Risk Assessment in late 2019. The DIA also released updated Sector Risk Assessments covering the reporting entities that it supervises in December 2019.

 The FMA and RBNZ’s documents haven’t seen an update for some time now, but they remain relevant and worthy of review.


Plan your AML/CFT audit early

Phase 2 of New Zealand’s AML/CFT regime classified thousands of additional businesses as reporting entities. This has created significant demand for AML audit and consulting services. With reasonably few service providers in the market, many of which have little track record, there’s a pressing need to book your audit months in advance.

As you will know, there is a hard and fast deadline to have your audit completed within two years of your organisation’s last audit. Booking as early as possible will relieve the pressure on your compliance team and your service provider. While sector supervisors, certainly the DIA, have shown some leniency towards those who have been adversely impacted by COVID-19, the general business slowdown over the past few months has placed further strain on audit capacity, effectively reducing the amount of time available to perform this work. Get in touch with our team now to discuss your options and ensure you don’t miss out.


Deliver refresher training

Simply delivering training once, when a team member joins your business, isn’t enough. Sector supervisors and auditors will look for evidence that you have provided regular, robust training to your people. This should include the senior management team and those charged with Governance, not just the compliance officer and those team members with operational AML/CFT responsibilities.

Furthermore, make sure that training isn’t too generic and doesn’t just cover the basics. It should be tailored to the roles and responsibilities of each audience, as well as your own compliance programme and framework.


Carry out compliance monitoring checks

One core obligation of the Act is that you monitor and manage compliance with your AML/CFT policies, procedures, and controls. When performing audits, we often see compliance programmes that are technically compliant but are not implemented effectively or complied with in practice.

It is vital to perform reviews to seek out evidence of compliance and to monitor the business to ensure that your people are following procedures. This could involve performing sample checks on CDD files or checking that the vetting/training requirements set out in your compliance programme have been adhered to.

Ensure that any identified weaknesses, as well as any unaddressed audit recommendations, are rectified promptly.


Make sure that your risk assessment and compliance programme are up to date

Make sure that your risk assessment and compliance programmes are regularly reviewed and kept up to date. Your risk assessment should be a live document, reflective of your business at all times. Often, we see that documents have been established, only to sit unchanged as the business continues to evolve. The documents then become outdated and no longer align with how the business currently operates.

Likewise, your compliance programme should be linked to your risk assessment. Any changes may warrant an adjustment to your policies, procedures, and controls within your compliance programme. Such changes will need to be communicated to relevant staff.


Keep up to date with sector supervisor guidance

Keep abreast of the guidance material issued by your sector supervisor. The RBNZ, DIA, and FMA are constantly issuing new and updated information aimed at helping reporting entities better understand their obligations and achieve compliance with the Act.


For trusted compliance advisory, talk to BDO

BDO has helped countless clients across multiple industries to achieve high standards of compliance under the AML/CFT Act. If you have any further questions, please don’t hesitate to contact us or to speak to your local BDO team today.


contact BDO