In early November 2022, the Ministry of Justice (MoJ) released its much anticipated report on the review of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009. The 256-page document, containing 215 recommendations, was produced to assess how the AML/CFT regime has performed since 2017 and whether any amendments should be made to the Act.

The report follows the statutory review of the Act that began in July 2021, followed by a public consultation that concluded in June 2022. The report also considered the findings identified by the Financial Action Task Force’s 2020 Mutual Evaluation on New Zealand published in May 2021. The report had two main conclusions:

• The Act generally provides a sound framework to achieve its purpose of, amongst other things, detecting and deterring money laundering and terrorism financing. However, numerous issues prevent the regime from working optimally in New Zealand and these are addressed by the recommendations.
• The Act does not make enough allowance for a risk-based approach, with some requirements being overly prescriptive. There is insufficient guidance to help businesses take flexible risk-based approaches. Formal recognition of the benefit of moving towards a proportionate response to actual risk will be welcomed by a wide range of reporting entities.

Key recommendations 

Given the length of the report, we won’t cover all the recommendations in detail in this article. But the following points will interest most sectors.

• Ensuring a risk-based approach: the Act’s purpose is amended to expressly reference a risk-based approach. There should be no inclusion of the prevention of money laundering and terrorism financing in the Act’s purposes, but it is recommended a reference to combatting proliferation financing is added as a general purpose.
• Financial sanctions: the Act is used to support financial sanction obligations, such as those in the Russia Sanctions Act 2022.
• Territorial scope: the Act defines its territorial scope for when overseas businesses provide captured activities to New Zealand. Further analysis is needed on how it should be defined, but supervisor guidance is needed to give clarity in the interim.
• Registration: developing options for a comprehensive reporting entity registration regime, to be coordinated with MBIE.
• Penalties: the available penalties under the Act are increased, especially for more serious non-compliance. A prescribed list of specific aggravating and mitigating factors has been introduced to ensure the penalties are risk-based and proportionate in their application. Civil penalties are also suggested against employees, directors and senior managers in appropriate circumstances.
• Identity Verification Code of Practice (IVCOP): IVCOP is replaced with the Digital Identity Trust Services Framework (once it is enacted) as the new code of practice.
• Address verification: removing the requirement for address verification, other than for enhanced CDD.
• Reliance on other reporting entities: further analysis to consider whether duplication across multiple reporting entities can be reduced, eg, where reliance on CDD done by third parties may be allowed.
• Funding: further consultation is needed to explore a hybrid public/private funding model to partially support the regime’s operation, as it is currently under-resourced

The report contains many more recommendations, including permission for on-site inspections of businesses operating from residential homes, reviewing the meaning of “in the ordinary course of business” (and for the supervisors to provide further guidance in the meantime), regulating auditors, reviewing the requirement for mandatory enhanced CDD for trusts and reviewing the Prescribed Transactions Reports (PTR) regulations to ensure the information needed is limited only to information necessary for the Financial Intelligence Unit (FIU) to produce its relevant intelligence products.

Each recommendation has been assigned one or more implementation mechanisms to give it effect. These are legislative, regulatory, code of practice, ministerial exemption and operational change (eg, supervisor guidance). The method of implementation will guide associated timeframes for the relevant recommendation, with legislative changes expected to take the longest to implement.

Changes 

On 7 November, Justice Minister Kiri Allan announced changes to improve the AML/CFT regime, saying, “[w]e’ve listened to businesses and agencies and heard what wasn’t working for them. We’re now taking immediate action to improve the regime’s effectiveness.” New exposure draft regulations are expected to be released to address certain recommendations in the report, including:

• relaxing the requirement on businesses to verify the address of most customers (as referenced above);
• extending the timeframe for businesses to submit PTRs from 10 to 20 days; and
•  exempting registered charities from AML/CFT obligations when they are providing small loans (less than $6,000), with some conditions. The minister also said further changes will address areas of known risk or vulnerabilities, improving efficiencies and reducing compliance costs and improving compliance with international money laundering standards.

Our take

We have contended for some time that the AML/CFT regime’s “one size fits all” approach is not as effective as it could be, with the rules-based compliance costs often a disproportionate burden for businesses. IVCOP, in particular, is not fit for purpose. The report, and the signal for regulatory changes, are positive initial steps so the regime can be put on a more flexible and practical risk-based footing, both in application and in terms of actual compliance.

This is an important shift in approach, recognising it is both reasonable and sensible for businesses to have some latitude to assess their AML/CFT risk in the circumstances of their business, the matter and the client, and then apply countermeasures proportionate to the risks.

We welcome regulatory changes being introduced in a relatively short timeframe and in particular the intention to make it easier for small businesses and consumers to comply with AML/CFT requirements. It is expected the draft regulations will be released by the end of 2022 for consultation. The MoJ has also indicated a discussion document to cover further changes to the Act is planned for the second quarter of 2023. ■

Pauline Ho, special counsel, Henry Brandts-Giesen, partner and Gary Spalding, AML compliance officer at Dentons Kensington Swan ■