When it comes to anti-money laundering (AML) obligations, not all clients present the same level of risk. While most can be onboarded using standard Customer Due...
Prior to 18 May, reporting entities conducting customer due diligence (CDD) on trusts were required to verify source of wealth (SoW) and source of funds (SoF) by reliable and independent means - regardless of the trust's risk profile. This was a blanket requirement that applied broadly across trust customers.
What has changed
The AML/CFT Amendment Bill was passed into law on 18 May 2026, and removes the default requirement to verify SoW and SoF for trusts, but only where the reporting entity is satisfied that the risks have been adequately mitigated through standard CDD.
Critical distinction: this is not a full exemption. You are still required to obtain SoW and SoF information for trusts. What has changed is the obligation to verify that information by reliable and independent means, and only where the transaction is not rated high risk.
In short: obtain, always. Verify only when the risk warrants it.
How trusts will be risk-rated
To support this change, the Individual Customer Risk Rating (ICRR) in the AMLHUB will be updated so that trusts are assigned a risk rating based on their holdings. The ratings are:
.png?width=523&height=244&name=NZ%20Content%20_%20SoW%20SoF%20(1).png)
Foreign trusts are automatically deemed high risk, regardless of their holdings.
When Enhanced Customer Due Diligence is still required
Where a trust is rated high risk, whether due to its holdings or because it is a foreign trust, enhanced customer due diligence (ECDD) applies. This includes the requirements to verify SoF.
What has not changed
-
The obligation to obtain SoW and SoF information for trusts remains in place
-
ECDD obligations for high-risk transactions are unchanged
-
Foreign trusts remain automatically high risk
-
Your overall CDD obligations: identifying and verifying beneficial ownership, trustees, and settlors, are not affected
What you need to do
✓ Update your risk assessment and compliance programme to reflect the new trust risk-rating framework
✓ Review your internal processes for obtaining (not just verifying) SoW and SoF for trust customers
✓ Confirm your team understands the distinction between obtaining and verifying. The gap between these two obligations is where compliance risk sits
✓ Keep an eye out for the AMLHUB interim appendix, which has been issued to all clients. If you are an AMLHUB client and haven’t received this, please get in touch with our team.
Not sure how this applies to your compliance programme?
Our consultants work with reporting entities to apply regulatory changes to their risk assessments and compliance programmes. We do this accurately and without the guesswork.
Brandon Stanaway
Head of Consulting
Brandon is an experienced AML/CFT professional with a strong background in accounting, risk and compliance. He brings over a decade of AML/CFT experience in New Zealand, dating back to before the establishment of the AML/CFT regime.
Throughout his career, Brandon has worked across multiple sectors, including banking, payments and managed investment schemes. Prior to joining AML Solutions, he served as the AML/CFT Compliance Officer for several large and mid-sized reporting entities. Brandon has led numerous AML/CFT remediation projects and has extensive experience coaching businesses through the practical challenges of complying with the AML/CFT Act.
