New Zealand Supervisors issue a reminder for outsourcing Customer Due Diligence to third parties.
The Financial Markets Authority and Department of Internal Affairs...
On August 2021, the FMA issued its AML/CFT Monitoring Insight Report for 2018 to 2021. The Director of Supervision noted that the AML/CFT regime has now matured to such an extent that the FMA has less tolerance for AML non-compliance. In other words, businesses are expected to have a strong handle on meeting their AML/CFT obligations.
We can expect this view to be true for the other Supervisors: DIA and RBNZ.
During this time, there were 27 formal warnings issued under section 80 of the Act, three of which were made public.
The FMA also filed civil pecuniary penalty proceedings against the financial services organisation CLSA Premium NZ, which admitted to breaches in:
CLSA Premium NZ was ordered to pay a fine of $770,000 for breaches of the Act.
In the report the FMA highlighted their findings on where businesses did well in AML compliance, and where practices were poor and needed some work. We've summarised these below and added our recommendations on how to plug the gaps.
The FMA found Compliance Programmes were lacking in meeting the minimum requirements by either not including, or not adequately describing their policies, procedures, and controls.
Examples of this include:
When businesses use eIV they are expected to provide the following in their Compliance Programme:
Risk Assessments were found to not cover all the required areas or were not being updated after changes within the business. The FMA clarified the expectation that Risk Assessments are to be reviewed at least annually.
Examples of poor Risk Assessment practices include:
View your Sector Risk Assessment here (DIA), here (FMA), or here (RBNZ).
How to plug the gaps
Review your Sector Risk Assessment and make sure you are addressing only the relevant areas in your own Risk Assessment. Set yourself an annual calendar reminder to review your Risk Assessment. Did you know AMLHUB will remind you when this is due?
For CDD obligations, businesses were rapped over the knuckles for not:
Other examples of unsatisfactory CDD practice are:
As we know, enhanced CDD should be done on high-risk customers. But some organisations were found to be side-stepping this requirement. Some examples of poor practices for EDD include:
See the Enhanced CDD Guidance for more information.
In several instances, companies had failed to do, or complete on time, their audits. In addition, some businesses were failing to remediate prior period audit findings.
The FMA noted several instances of poor record keeping practices, especially on CDD, interactions with customers, CDD exemption, high risk customers, training, and vetting.
The FMA clarified the expectation that all those considered senior managers for the purposes of the Act including Board of Directors, Compliance Officers, and all staff with AML/CFT duties, are given appropriate training.
When a business changes the Compliance Officer, the FMA expects to receive an email from the business with the contact details of the newly appointed person.
If any of the above sound familiar to you, it would pay to take a closer look at how you’re managing your AML programme. With so many moving parts and areas to consider, having a strong system in place with controls and best-practice workflows is important to ensure you are keeping compliance standards high enough to cover your business risk.
Check that your compliance programme is up-to-date with the results of the AML/CFT Monitoring Insight Report using our handy Action Checklist.
Get your copy below
AMLHUB is cloud-based AML platform that makes it easy to achieve total AML compliance, without the worry you've left something undone.
Using AMLHUB you can manage all components of your AML programme in one easy online location, saving you the hassle of juggling multiple spreadsheets and documents.
Our best-practice AML workflows and controls drive up your compliance while driving down your business risk, admin time, and money spent on AML.