Back to blog

Reporting entity weaknesses exposed by DIA audit review

The Department of Internal Affairs (DIA) reviewed 60 reporting entities’ compliance with independent audit requirements and concluded that there is room for improvement for everyone.

The review was conducted from January to April 2023 on law firms, accounting practices, and real estate agencies. It examined compliance with the independent audit requirements of section 59 of the AML/CFT Act, with the purpose of identifying common areas for improvement as well as what sort of actions to take to address deficiencies.

The four most common areas of concern identified were:

  1. CDD of new customers: non-compliance with the Identity Verification Code of Practice thanks to unclear policies, procedures, and controls.

  2. Politically Exposed Persons procedures: weak practices in undertaking PEP screening.

  3. Risk Assessments: a lack of meaningful details against each of the required risk attributes.

  4. Generic templates for AML/CFT documents: use of generic documents which do not align with reporting entities’ risks, context, and business.


Many businesses are in the same boat

Head of Delivery, Tijana Misur CAMS-Audit, has performed over 1000 AML/CFT audits and agrees that the DIA’s comments are consistent with audit findings observed by herself and her wider team.

“Many reporting entities continue to struggle to comply with the AML/CFT regime. There continues to be a lack of appreciation of the complexities of the legislation, and insufficient recoursing. While aspects of the regime are being followed, we certainly consider there is room for improvement by Phase 2 entities. It is not uncommon for material findings to be identified during the audit process, and these will need the attention from AML Compliance Officers and senior management to ensure remediation and compliance going forward.”


How to shore up weaknesses

It’s a trick to adequately manage your wider compliance with the Act. However, there are strategies that can be employed to create efficiencies and save time, regardless of the size of your business:

  • AML/CFT training: apart from being a requirement of the Act, AML/CFT training gets your staff up-to-speed on what they should be doing, and how to do it. Furthermore, good training explains why they need to do it, which gets buy-in to the whole AML process. With engaged and enabled staff, it’s easier to meet the AML/CFT requirements for your business.

  • Outsourcing: certain elements of the Act can be repetitive and time-consuming, like conducting Customer Due Diligence. It’s common for reporting entities to outsource this aspect of the AML/CFT Act to specialist third parties, like AMLHUB's CDD Outsourcing, who run the required checks, collect all documentation, and return the results to the reporting entity. Then, all that’s required is a review and sign-off of the results, saving time while reducing reliance on in-house expertise in a complicated area.

  • Technology: there are now applications that support the management of your AML/CFT programme at scale. AMLHUB is an example that uses a custom build and automations to help reporting entities cover all requirements of the Act. Built as a hybrid model, businesses can choose what CDD to perform in-house using the app and remote onboarding tools, and outsource the rest to AMLHUB’s team. AMLHUB also has a range of tools such as PEP checks, Companies Office scraper, and RealMe integration to support compliance.


Supervisors have high expectations of reporting entities, including continuous improvement in their capabilities. The good news is that now there are a range of products and services to help NZ businesses meet and manage their ongoing AML obligations.

Talk to our team today to learn more about the AML options available to you.

Contact us