The risky business of AML non-compliance for Accountants
It's not the cost of compliance, it's the cost of non-compliance. Are you putting your business at risk?
Accountants fiercely guard their business reputation. It is one of the most important assets that companies rise and fall on. Any risk to this must be stamped on immediately. But many accounting firms are turning a blind eye to the risks around AML non-compliance. Why? And what are these risks they’re flirting with? Here’s what you need to know to protect your business.
With thanks to Stuart Hansen, Moore Markhams, for his input to this article.
What is AML/CFT and how does it impact accountants?
To understand AML non-compliance and its risks, we first have to tackle what AML/CFT is and who it concerns.
AML stands for Anti-Money Laundering, and CFT means Countering the Financing of Terrorism. Money laundering is estimated to cost New Zealand $1.3 billion a year, and globally this figure is estimated to be between $800 billion and $2 trillion (which is 5% of global GDP).
Money laundering costs NZ $1.3b per year
In 2009, Parliament passed a raft of legislation aimed at fighting money laundering and the financing of terrorism in New Zealand. These AML/CFT laws cover the policies, procedures, and controls certain accountants must put in place so they know exactly who they’re doing business with, and if they are dodgy or not.
The laws first captured specific industries within the financial sector. But after the figurative earthquake of the Pandora Papers highlighted how New Zealand was a haven for money laundering, the net was widened to also capture law firms, real estate, financial services, and in 2018 - accountants.
Now, accountants who perform captured activities are ‘supervised’ by the Department of Internal Affairs (DIA), and since it has been five years since the introduction of AML/CFT for accountants, the DIA has low tolerance for non-compliance.
Which accounting activities are captured?
AML/CFT is a risk-based piece of legislation that is entirely dependent on the products and services you offer. If you provide any of the following, it is likely you are captured:
Acting as, or arranging to act as a nominee director, shareholder, or trustee.
Engaging in, or acting on behalf of a client to conduct real estate work, e.g. effect a transaction, buy/sell property, arrange settlements and paperwork.
Acting as a formation agent to incorporate limited partnerships and/or companies, or form trusts.
Managing client funds, accounts, securities, or other assets (any instance where you receive or hold client funds and control the payment of those funds, apart from your professional fees - including as a retainer in advance).
Providing a registered office, business, correspondence, or admin address.
What activities are not captured?
It is common for accounting firms to offer a mix of captured and non-captured products and services. So, knowing which fall of these under the AML/CFT umbrella, and which do not, is important so that you do not waste time performing unnecessary AML/CFT activities on non-captured clients.
Given that the classification of captured vs non-captured activities hugely depends on your particular circumstances, it is strongly advised that you seek legal advice if you are unsure if your activities are captured or not.
What you must do if you are captured under the AML/CFT Act
Conducting a single one of the captured accounting activities above automatically makes you a reporting entity for AML purposes, and means you must comply with a raft of AML/CFT obligations, including:
- Appointing a Compliance Officer
- Creating and maintaining a Risk Assessment and Compliance Programme
- Conducting Customer Due Diligence in all its forms
- Monitoring Accounts/Transactions
- Logging any Suspicious Activity
- Training staff in AML/CFT
- Logging Prescribed Transaction Reports
- Being audited
- Lodging an annual report to the DIA
It’s a lot. And with so many moving parts to keep track of, it’s easy for accounting practices to drop the ball and be classed as ‘non-compliant’.
The AML regime recognizes that AML/CFT is a cost to accounting firms, and it recognizes that captured entities will be reluctant participants. But it is designed over time to expose those not complying, often through police investigations that track the money flow through suspicious transactions reported to them.
The risks of non-compliance
AML/CFT non-compliance is when the ‘rules’ of the AML/CFT legislation haven’t been followed. If corners have been cut, something done wrong, or not undertaken at all, the business in question can be deemed non-compliant and will be at risk of penalties that will negatively impact it—sometimes severely.
A number of New Zealand businesses and their directors have been subject to penalties since the inception of the AML/CFT laws. One notable case was a law firm in 2021 that was issued a public formal warning by the DIA for failing to meet several of its AML/CFT obligations. Despite having an AML/CFT programme and a Compliance Officer, this law firm was unable to demonstrate how it would ensure compliance from staff, and failed to adequately understand or assess the risk of money laundering and terrorism financing within the business. In addition to the public warning, the non-compliant reporting entity will henceforth be closely monitored by the DIA, requiring close attention to detail with regards to its AML/CFT programme to avoid further penalties.
How the DIA determines non-compliance
To determine if a reporting entity is compliant or not, the DIA can utilise a number of tools, including conducting reviews and high-level monitoring in the form of annual report reviews and audit report reviews. Reviews can be either an onsite or desktop review and the reporting entity’s Risk Assessment and Compliance Programme is assessed and tested. The focus will be on several aspects, but best summarised into a few points:
- The reporting entity has appointed an AML/CFT Compliance Officer who has been suitably trained.
- Both Risk Assessment and Compliance Programme documents meet legislative requirements and guidance, and these are operationally followed. This will be determined through testing, interviews, and documentary review.
- The reporting entity has completed an independent audit by a suitably qualitied person and any remedial actions have been either actioned or planned.
For more information on how the DIA approaches and enforces AML/CFT compliance, see the official 2022 guide.
AML/CFT non-compliance is taken seriously by the DIA. It creates both civil and criminal liability for the Senior Managers and the firm. Given that the purpose of the AML/CFT Act is to detect and deter criminals from using New Zealand’s financial system to launder money, it is critical any gaps in your policies and procedures are identified.
This can be achieved through good internal processes, record-keeping, regular assurance, and AML audits. Ideally any areas of non-compliance are brought to your attention through internal assurance or audits, rather than your Supervisor.
The surprising benefits of AML/CFT for accounting firms
AML/CFT isn’t all stick and no carrot. There are a number of benefits to having a strong AML/CFT programme and culture.
It’s a requirement that your AML/CFT programme is reviewed at a senior level. Having directors, board members, and senior management reviewing and understanding how your accounting firm is exposed to and protected from risk through AML/CFT compliance will help them understand potential problems the company can run into, and that the buck stops with them.
Technology is the solution to the AML/CFT problem
Advances in technology mean there are manageable solutions to the AML/CFT problem. Instead of running multiple spreadsheets, or storing documents in cabinets, technology now lets accounting firms scale, streamline, and significantly reduce the amount of time spent on AML/CFT.
One software solution making waves in the world of AML is AMLHUB.
AMLHUB is a cloud-based anti-money laundering platform that has turned the requirements of the AML/CFT Act into modules that allow you to manage and record every aspect of your compliance programme from one online location.
AMLHUB also provides a range of convenient tools that speed up the customer onboarding process. Securely upload photos of client identity documents via the app. Or remotely onboard clients using the RealMe integration, or other electronic identity verification tools.
Built for accounting practices of all sizes by leading AML consultants, AMLHUB is a powerful and cost-effective solution to your AML troubles.
See how it can work for you by getting a short web demo from our team.
9 common AML mistakes accounting firms make
The AML Supervisors now have a low tolerance for mistakes in AML programmes, but accounting firms are consistently making the same ones every year.
In our quick guide we break down:
- What the 9 common AML/CFT mistakes are
- Why accountants are making them
- What you should do to avoid them
Get your free copy by filling out the form.
Download the Quick Guide
References used in this article