Anti-money laundering: what you need to know
AML/CFT enforcement action is on the rise – are you caught under New Zealand’s anti-money laundering legislation? Lloyd Kavanagh and Judy Chu shed some light in the subject. The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act or Act) imposes strict compliance obligations on businesses, known as “reporting entities” under the Act, […]
AML/CFT enforcement action is on the rise – are you caught under New Zealand’s anti-money laundering legislation? Lloyd Kavanagh and Judy Chu shed some light in the subject.
The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act or Act) imposes strict compliance obligations on businesses, known as “reporting entities” under the Act, in an effort to curtail money laundering and terrorism financing risks. It is now being strongly enforced.
The three AML/CFT supervisors – Department of Internal Affairs (DIA), Financial Markets Authority (FMA) and Reserve Bank of New Zealand (RBNZ) – have become much more active in enforcement recently.
The DIA has led the way, succeeding in three civil proceedings against reporting entities for non-compliance with AML/CFT obligations. In 2017, Ping An Finance (Group) New Zealand Company Limited was ordered by the High Court to pay pecuniary penalties totalling $5.29 million for multiple breaches of the Act. In 2018, Qian Duo Duo Limited paid $356,000 in pecuniary penalties, and, in 2019, Jin Yuan Finance Limited was ordered to pay a pecuniary penalty of approximately $4 million.
Having recently filed its fourth civil proceeding and the first criminal proceedings under the Act, the DIA is showing no signs of slowing down. The criminal proceedings were brought against an unnamed company and two employees accused of failing to report several suspicious transactions worth more than $53 million.
To date, the FMA and RBNZ have preferred to issue formal and informal warnings or accept enforceable undertakings. However, they are expected to be more assertive in enforcement as time passes.
To avoid incurring severe penalties (and potential imprisonment), it is vital reporting entities ensure they understand their obligations and are fully compliant with the AML/CFT Act.
The AML/CFT Act six years on
It is more than six years since the AML/CFT Act came into force on 1 July 2013. However, due to ambiguous provisions, a myriad of inclusions and exemptions, and different entities being brought into the regime on a staggered basis, many businesses are still coming to grips with how to comply. In fact, some businesses and individuals may not even be aware that they are caught under the Act.
Who needs to comply?
The AML/CFT Act applies to reporting entities to the extent they carry out any of the activities specified in the Act. Reporting entities include casinos, financial institutions, high-value dealers, the Racing Industry Transition Agency (formerly the New Zealand Racing Board), and designated non-financial businesses and professions such as lawyers, accountants, real estate agents, as well as trust and company service providers.
Some may be surprised that they are caught
Unfortunately, it is not always clear-cut when a person is a reporting entity for the purposes of the Act. A financial institution is defined as a person who, in the ordinary course of business, carries on one or more of the financial activities specified in the Act. This list of financial activities is broad, and sometimes ambiguous, and there is limited published guidance available on what is and is not included. A person may be a “financial institution” if, in the ordinary course of business, they, for example:
- accept deposits or other repayable funds from the public;
- lend to or for a customer;
- transfer money or value for, or on behalf of, a customer;
- safe-keep or administer cash or liquid securities on behalf of other persons; and/or
- invest, administer, or manage funds or money on behalf of other persons.
(Note: The above list is a summary of only some of the captured activities.)
The definition of trust and company service provider is also wide-ranging covering any person that is not already specified, who is carrying out any of the designated activities of a designated non-financial business or profession. These include, in the ordinary course of business:
- acting as a formation agent (e.g. of companies, partnerships or trusts);
- acting as, or arranging for a person to act as, a nominee director or nominee shareholder or trustee;
- providing a registered office or a business address, a correspondence address, or an administrative address for a company, or a partnership, or trust (unless the office or address is provided solely as an ancillary service to the provision of other services);
- managing client funds (other than sums paid as fees for professional services), accounts, securities, or other assets; and
- engaging in – or giving instructions on behalf of a customer to another person for:
- a transaction on behalf of any person in relation to the buying, transferring, or selling of a business or legal person (e.g. a company) and any other legal arrangement; or
- a transaction on behalf of a customer in relation to creating, operating, and managing a legal person (e.g. a company) and any other legal arrangement.
So, for example, on a literal reading of the AML/CFT Act, any person who in the ordinary course of business manages client funds or payments, or provides a business address may be a reporting entity (there are some exemptions, but these do not help in all cases).
Broad and ambiguous provisions like these can mean that many businesses and individuals who would not typically be considered financial institutions or trust and company service providers could be surprised to find out that they are caught under the Act.
Why all this ambiguity?
The AML/CFT Act is a principles-based statute, which means that it is intentionally less prescriptive than other New Zealand legislation to allow for a broader, purposive approach to interpretation. The purpose of the Act is to detect and deter money laundering and terrorism financing.
When originally enacted, it was expected that the Act would be accompanied by extensive official guidance to provide clarity. While there is some guidance, it can be hard to find, is often limited, and may itself be hard to interpret or apply.
When assessing whether an entity is caught under the Act, in addition to a technical reading of the provisions (and any guidance), the money laundering and terrorism financing risks associated with a business need to be taken into consideration to apply the regime. However, as money laundering strategies become more sophisticated, this is not always easy to determine.
What are the obligations of reporting entities under the AML/CFT Act?
It is a common misconception that AML/CFT compliance is limited to carrying customer due diligence (i.e. identity verification) during the customer onboarding process.
The applicable compliance obligations can differ between reporting entities (e.g. high-value dealers will be subject to less onerous obligations), but they are extensive. They generally include putting in place and maintaining formal AML/CFT compliance infrastructure such as appointing an AML Compliance Officer reporting to senior management, a written risk assessment of the money laundering and terrorism financing risks associated with the reporting entity’s business, and a written AML/CFT Programme responding to those risks.
Other obligations include undertaking staff vetting and training, conducting initial and ongoing customer due diligence, monitoring transactions and accounts on an ongoing basis to detect suspicious activities and transactions, reporting suspicious activities and transactions to the Police FIU, and complying with the auditing and reporting requirements under the Act.
Even if no money laundering has occurred, a reporting entity may be prosecuted for not having the required infrastructure or failing to perform other obligations. In fact, some of the cases mentioned above, have involved exactly that scenario.
Seek legal advice if in doubt
We recommend that any person concerned about whether they have AML/CFT compliance obligations seek legal advice as soon as possible. Alternatively, they could contact the DIA, FMA or RBNZ directly to seek guidance.
The ramifications of non-compliance can be severe with enforcement action potentially giving rise to both civil and criminal liability, especially for entities who have been subject to the regime since 2013.