To most of us, it’s invisible. But every year $1.35 billion, primarily from fraud and drug offending, is estimated to be laundered through everyday New Zealand businesses. Marty Robinson and Victoria Scott report on the latest business compliance requirements.
NZ Police’s Financial Intelligence Unit manager, Andrew Hill, said last month:
“Overseas criminals seeking to mask their illicit funds are attracted by New Zealand’s reputation as a safe and non-corrupt country. Recognising risk and not being complacent helps protect New Zealand’s reputation and presents us as a good place to do lawful business.”
Terrorist financing is also globally on the rise.
The government has responded, requiring financial institutions and casinos (since 2013) to assess the risks they face from money laundering and terrorism financing, and to employ proactive measures to detect and mitigate those risks.
But not all regulated businesses have complied. In September 2017, Auckland money remitter Ping An Finance was fined $5.29 million for “calculated and contemptuous” breaches of New Zealand’s Anti-Money Laundering and Countering Financing of Terrorism Act 2009.
This was the first civil penalty case in this emerging compliance area, and is unlikely to be the last.
The money remitter neglected to undertake customer due diligence for hundreds of customers. It didn’t monitor customer accounts and failed to report 173 suspicious transactions to Police. Further, it failed to keep records for 1,588 transactions amounting to over $100 million in total.
The company and its director, perhaps unsurprisingly, were banned from the sector.
Although large fines have previously been set for overseas breaches of anti-money laundering rules, the Ping An case illustrates the New Zealand High Court’s dim regard for serious, deliberate non-compliance under the Act. The case emphasises the need for regulated businesses to employ robust measures that effectively combat money laundering and terrorist financing.
These measures should include reliable record-keeping, in case compliance is ever called into question.
The recent law changes will have implications both for those businesses already complying with the regime and for those about to be caught.
For those already regulated, two changes deserve particular mention:
1. The obligation to report suspicious transactions to the Police will expand to cover suspicious activities from July 2018. This goes well beyond the transactions that must currently be reported and extends the reporting obligation to capture a range of services and proposed services, as well as inquiries into services (which could include, for example, suspicious requests to establish trusts or company structures).
2. Businesses must report international wire transfers of $1,000 or more and physical cash transactions of $10,000 or more to Police as of November 2017. These are called “prescribed transaction reports”.
The reporting obligations are a core component of the compliance regime, and will likely remain a supervisor focus in 2018.
Further, new risk ratings have just been published by the three supervising agencies, with increased risks attributed to derivatives issuers, brokers, and custodians, and high/medium-high ratings being accorded to banks, lawyers, accountants and real estate agents.
For businesses about to be caught by the Act, there is a vast amount of information to be absorbed and integrated into day-to-day procedures. Thousands of businesses across the following sectors will be brought into the regime as follows:
Lawyers and conveyancers – 1 July 2018
Businesses providing trust and company services (if not already covered) – 1 July 2018
Accountants – 1 October 2018
Real estate agents – 1 January 2019
Businesses trading in high value goods – 1 August 2019
The New Zealand Racing Board – 1 August 2019
The Act is activities-based and businesses will only be caught to the extent that they provide a captured activity. Some businesses that are not law firms, conveyancing or accountancy practices, or real estate agents may nevertheless be caught as “trust and company service providers” if they undertake certain activities in the ordinary course of business (including acting as a trustee, a nominee director or a nominee shareholder).
The obligations on new entities will require advanced preparation. On the above dates, compliance will be expected by the supervisors.
Businesses are required to take a “risk-based” approach to the way they comply with the Act. A risk-based approach means channelling greater resources into the bigger risks.
Businesses must conduct a “risk assessment” by identifying, assessing, and understanding the risks of money laundering and terrorist financing they could expect to face in the course of business.
Next, the business must establish policies, procedures and controls to respond to those risks. These constitute the business’s AML/CFT compliance programme. Businesses will have significant discretion to determine how best satisfy their AML/CFT obligations.
Third, the business must appoint an AML/CFT compliance officer to administer and maintain its programme (who, if a business has employees, must be an employee of the business).
Businesses must also conduct “customer due diligence” to the appropriate level where required, comply with the various suspicious activity and prescribed transaction reporting requirements, review and arrange audits of the business’s risk assessment and compliance programme, and submit annual reports to their supervisor.
Given the significant amount of work required to get everything in place, early engagement with the Act and the available guidance is recommended.
Marty Robinson and Victoria Scott are the authors of The Anti-Money Laundering Regime: A Practical Guide, published by LexisNexis.