New Zealand: Anti-Money Laundering Regulations and Codes of Practice Proposed

The Ministry of Justice has now released its consultation document on first priority matters in relation to the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (the AML/CFT Act).

This will provide an important opportunity to influence key design elements of the new regime, including which entities and transactions should be exempt, various applicable threshold values, customer due diligence (CDD), third party reliance and designated business group issues, and annual reporting requirements. But timing is tight: submissions close on 6 September 2010.

The Ministry provided an early guide to its thinking in a preliminary scoping paper released in February 2010. Feedback received has been incorporated into the consultation document, and refined proposals for regulations and generic codes of practice under the Act are now put forward. The proposals are intended to provide industry with sufficient certainty about the extent of responsibilities under the regime to enable business planning to commence. This Brief Counsel summarises the key changes.

September 2010 Final decisions on regulations made and communicated
December 2010 Regulations gazetted
December 2010 Codes of practice on key aspects of CDD issued
December 2010 Preliminary national and sectoral risk assessments available
November /December 2012 Commencement of obligations for reporting entities (two years from the date regulations are gazetted)
Over the two years following gazetting of regulations Guidance material and remaining codes of practice developed
"Second phase" entities deferred until regulations to complete the first phase are finished

Key issue – financial advisers

Under the proposals, persons required to be authorised financial advisers under the Financial Advisers Act 2008 (FAA) will be explicitly included within the definition of "reporting entity".

This means they will be required to comply with all the obligations of the AML/CFT Act, although this would be limited to the extent that they arrange for other reporting entities to provide financial services to a customer. Persons who provide financial adviser services to only wholesale clients (who are not required to be authorised financial advisers under the FAA) will also be explicitly included. However, this should be limited to those wholesale financial advisers who provide services in respect of category one (complex) financial products. If a group of persons required to be authorised financial advisers operate as a firm, AML/CFT Act obligations will apply to the entity rather than separately to each individual financial adviser.

Simplified obligations will apply, however: financial advisers will be subject to the core obligations of CDD and suspicious transaction reporting, but not to ongoing due diligence. It is also intended that a simplified AML/CFT risk assessment and compliance programme will be permitted under a code of practice or regulator guidance, to avoid duplication of obligations under the FAA.

Lawyers and accountants who provide financial adviser services are expected to be transitionally exempt from the AML/CFT Act (as discussed further below), but where lawyers or accountants act on behalf of a customer, CDD on both the customer and the person acting on behalf will be required in the usual way. Alternatively, if securities firms wish to rely on lawyers and accountants in the same manner as authorised financial advisers, agency agreements may need to be considered.

The risks arising from third party reliance will be an ongoing issue in the financial adviser areas and we think further general guidance on when reliance will be reasonable is still required.

Who falls outside the regime?


Recognising the risk-based approach intended by the AML/CFT Act, regulatory exemptions are proposed for a number of entities and products, including:

  • securities registries (exempted from all obligations other than suspicious transaction reporting and record-keeping, provided that in respect of off-market or paper-based share transfers, CDD must be undertaken on the transferor before the transfer takes place)
  • general risk-based insurance and reinsurance products (although the insurance sector has been specifically earmarked for further consideration in the second phase of reforms)
  • premium funding agreements that relate to insurance products not covered by the AML/CFT Act (exempted from CDD obligations)
  • low-risk products and services, such as pure-risk life insurance products (with no minimum surrender value), insurance products which are closed to new customers or premiums, and certain funeral policies (full exemption)
  • certain low-value life insurance products (exempted from CDD verification until payout of the policy)
  • certain workplace-based superannuation funds, including KiwiSaver for employed persons (exempted from CDD verification until cash out. Full obligations apply to KiwiSaver for non-employed individuals, although reliance on CDD carried out by IRD will be permitted)
  • low-value superannuation funds (full exemption)
  • corporate treasury functions provided within corporate groups, provided that all members of the group are registered and operating in either New Zealand or a jurisdiction (such as Australia) that has a broadly equivalent AML/CFT regime (full exemption)
  • debt collection agencies (required only to report and keep records relating to suspicious transactions)
  • safety deposit boxes in the accommodation industry (full exemption, mirroring the Australian approach)
  • overseas pension accounts for certain countries (exempted from CDD verification), and
  • non-bank deposit takers in the process of being wound up (reduced CDD obligations).

In addition, an exemption is proposed for all reporting entities from the requirement to verify the address of non-New Zealand residents (although reporting entities will be expected to demonstrate that there are procedures in place to prevent the exemption from being exploited or misused). This is expected to substantially reduce compliance costs. Casinos will also be exempted from the requirement to verify the address of customers undertaking an occasional transaction, recognising that casinos are entertainment venues where patronage is often spontaneous. Casinos will be subject to address verification requirements in relation to any currency exchange and money remittance services, however.

An exemption for entities which engage in financial activities on only a very limited basis, such as retailers and other non-financial service providers, is not being proceeded with. We assume the Australian approach of seeking case by case exemptions is intended to be adopted. Similarly, casino loyalty schemes and credits on gaming machines are proposed to be managed not through a blanket exemption but through case by case Ministerial exemptions. A copy of the new Ministerial exemption policy is available here.

Some items on which feedback was specifically sought, such as the issuance of shares by a reporting entity to its employees, the issuance of securities or derivatives, or options for securities or derivatives in government agencies, have not been addressed.

"Second-phase" entities

Further transitional exemptions are proposed for the following second-phase entities:

  • those who fall within the Act's definition of "financial institution", but which are intended to be subject to the Act only in the second phase of reforms (such as real estate agents, lawyers, accountants, conveyancing practitioners, the Lotteries Commission and the Racing Board)
  • retailers who provide short term self-funded credit to customers
  • pawnbrokers, and
  • core government departments.

It appears that other entities intended to be included in the second phase of reforms, such as high value dealers, traders in wholesale market instruments (such as electricity futures, fishing quotas, and emissions units), and other government entities, such as the Reserve Bank of New Zealand, will not be transitionally exempt.

Charitable organisations and Crown entities (such as ACC, EQC or the Guardians of New Zealand Superannuation) who fall within the definition of "financial institution" are specifically advised to contact the Ministry of Justice, where applications for Ministerial exemptions may be considered on a case by case basis.

Thresholds and inclusions

The occasional transaction threshold is proposed to be retained at NZ$10,000, which is lower than the Financial Action Task Force (FATF) maximum and has numerical, rather than value, alignment with Australia. However, the deterrence benefits of having a lower threshold are acknowledged. Casinos' occasional transaction threshold will be even lower at NZ$6,000, but specific address verification and record-keeping exemptions for casinos are expected to mitigate the compliance costs of this lower threshold.

It is proposed that 25% will be used as the threshold for when a person is deemed to be the "beneficial owner" of a customer and so subject to CDD requirements. This is consistent with the Australian and UK thresholds and the Companies Act 1993.

The thresholds for travellers' cheques (NZ$5,000), money and postal orders (NZ$1,000), and foreign exchange occasional transactions (NZ$1,000, with the compliance costs mitigated by the proposed exemption from address verification requirements for non-residents discussed above), have not changed from the February discussion document. The maximum value threshold suggested for non-cash redeemable stored value cards, which will be included within the Act's scope under regulations, has been doubled to NZ$5,000. For cash redeemable cards, a maximum value of NZ$1,000 at any one time is still proposed, but the requirement for an annual maximum value is not being proceeded with.

Trust and company service providers (TCSPs)

Trust and company service providers, highlighted by FATF as an area of regulatory gap in New Zealand, have been brought forward for explicit inclusion within the definition of "reporting entity" in phase one. Inclusion as a reporting entity means they are subject to the full requirements of the AML/CFT Act. Those seeking trust and company services may therefore favour lawyers to undertake this work, due to their transitional exemption from the AML/CFT Act regime. However, requirements under the Financial Transactions Reporting Act 1996 (FTRA) will continue to apply. In addition, due diligence information to an AML/CFT Act standard will need to be provided to other financial institutions in New Zealand (for example banks) when the entity utilises financial services.

Wire transfers

The proposals set out in the February discussion document in the context of wire transfers have not changed: wire transfers under NZ$1,000 are still proposed to be exempt from AML/CFT requirements, and, for domestic wire transfers, the information relating to the transaction itself (which may be an account number or record) is still proposed to constitute sufficient identifying information.

Customer due diligence

Standard, simplified and enhanced due diligence

The extended list of organisations considered suitable for simplified due diligence has been further extended to include certain overseas government bodies, but at this stage it does not appear that statutory charitable trusts will be included.

The proposals for dealing with the difficulties inherent in identifying and verifying the beneficiaries of certain trusts (currently requiring enhanced due diligence) have been modified. Reporting entities will still be required to identify, but not verify, the name and date of birth of beneficiaries of trusts. However, where a trust has a large number of beneficiaries the intelligence gains in requiring the identification of ten out of hundreds of beneficiaries were considered to be limited. Instead, reporting entities will be required to record the types of beneficiaries (and where practicable the numbers within each type). This proposal is also intended for discretionary trusts. The proposal to requirement identification of beneficiaries of trusts when disbursements are made is not being progressed.

It is still proposed that reporting entities who are, or become, aware of existing anonymous accounts be required to undertake CDD in relation to those accounts.


The February discussion document canvassed in considerable detail the basis upon which a customer's identity should be verified. It considered documentary, electronic and various other non-face to face verification procedures. The basis for verification proposal that it described was informed by the guidance in the Evidence of Identity (EOI) standard. However, feedback from industry clearly signalled that the proposal represented a significant departure from current business practice (and the requirements of the Australian regime) and that the compliance costs and customer convenience impact would be substantial.

In response, a modified basis of verification proposal has been put forward, and the code of practice "safe harbour" option has been selected. The code of practice structure is intended to provide certainty of requirements, while at the same time leaving flexibility for reporting entities to develop exception handling protocols and innovative solutions to obligations. The modified proposal addresses some of the concern associated with the ubiquitous driver's licence, but is expected to be able to be implemented without substantial impact on customer convenience or compliance costs: the driver's licence will be able to be used in combination with another form of "wallet-friendly" source of verification, such as a credit card, community services card, or even bank statements and statements issued by government agencies. The two-document approach is modified for low to moderate risk customers.

The proposals for documentary certification by a trustee referee when a reporting entity cannot undertake documentary identification in person have been modified to a more generic approach: the requirement for the trusted referee to have known the person for more than 12 months will be replaced with simply a person of particular standing in the community, referencing criteria commonly used by the Department of Internal Affairs for identification purposes.

Electronic verification is not precluded, provided it is reliable and independent. A generic safe harbour proposal for electronic verification is set out, but reporting entities will generally be expected to determine for themselves what might constitute reliable and independent sources, according to the level of risk involved with each customer. The minimum safe harbour may be modified over time, as a broader range of improved products becomes available.

Third party reliance

The ability of a reporting entity to rely on another entity's customer due diligence investigations will be central to the efficient operation of the Act. The Act permits a reporting entity to rely on some third parties' due diligence investigations in certain circumstances. However, the Act also provides that the reporting entity remains liable for ensuring due diligence is carried out in accordance with the Act.

The proposal to exempt pooled or nominee accounts from due diligence, account monitoring and record-keeping obligations does not appear to be being progressed. Instead, a proposal to exempt reporting entities from beneficial ownership obligations with respect to certain trust accounts is put forward. The reporting entity will have to take reasonable measures to satisfy itself that the account is being legitimately operated for business or professional purposes and not to obscure the identity of beneficial owners.

The proposal to extend the scope of designated business groups (DBGs) that can share anti-money laundering compliance, to network agents and sub-agents engaged in money remittance services, has been retained, although limited to where both the agent and sub-agent are resident in New Zealand. In addition, the requirements for the DBG election process will be prescribed, and compliance made a condition for membership of a DBG.

These regulations and codes of practice will be helpful, but we think broader third party reliance issues should also still be considered further. Retaining liability for CDD with a reporting entity that relies on a third party is consistent with FATF's recommendations, but without more general guidance on when reliance will be reasonable (and so potentially within the immunity and defences in the Act), reporting entities may be reluctant to risk liability based on another's actions or inactions.

Other matters

Annual reporting

In response to industry feedback, annual reporting requirements have been moved to a first priority matter, and proposals as to the information that reporting entities need to provide to their supervisor as part of the annual reporting required under the AML/CFT Act are included in the consultation document.


The record-keeping requirements in the AML/CFT Act are more extensive than those currently in the FTRA, requiring additional records to be kept and potentially for significantly longer periods, following which they must be destroyed unless there is a lawful reason for retaining them. The record-retention period is potentially either shorter or substantially longer than that required for tax purposes, due to the fact that it is relationship-based. Reporting entities should be aware of the potential for systems error in having different overlapping periods in respect of the same records.

The consultation document sets forward a new proposal to exempt reporting entities from maintaining records of the parties to one-off transactions under applicable occasional transaction thresholds. The intelligence benefits from one-off low level transactions were not considered to outweigh the compliance costs of obtaining and keeping this information. Where a record is made during the course of a transaction, however, it will be required to be kept.

What's not covered

We hope the opportunity will be taken prior to implementation to align the definition of "financial institution" with the definition of "financial service" in the Financial Service Providers (Registration and Dispute Resolution) Act 2008 (the FSPA). It appears the recent refinements that have been made to the FSPA definition during its protracted pre-implementation process have not been replicated in the AML/CFT context, resulting in an unhelpful mismatch in coverage.

It will also be helpful to have guidance on what will constitute a "regular review" for the purposes of the ongoing account monitoring and CDD requirements: will regular system alerts be sufficient on their own to satisfy this requirement, or will more be required? Guidance on how often a "review" of an entity's risk assessment will be required would also be helpful.

More fundamentally, reporting entities will be required to have AML/CFT programmes to detect, manage and mitigate the risk of money laundering, but there is still no guidance on what exactly "money laundering" is. It seems it may be a concept akin to tax avoidance and pornography: too hard to define, and we just have to "know it when we see it".

Further information

A copy of the discussion document is available here.

The information in this article is for informative purposes only and should not be relied on as legal advice. Please contact Chapman Tripp for advice tailored to your situation.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Emma Harding
Penny Sheerin
Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:
  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.
  • Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.
    If you do not want us to provide your name and email address you may opt out by clicking here
    If you do not wish to receive any future announcements of products and services offered by Mondaq you may opt out by clicking here

    Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

    Use of

    You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


    Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

    The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


    Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

    • To allow you to personalize the Mondaq websites you are visiting.
    • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
    • To produce demographic feedback for our information providers who provide information free for your use.

    Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

    Information Collection and Use

    We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

    We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

    Mondaq News Alerts

    In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


    A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

    Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

    Log Files

    We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


    This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

    Surveys & Contests

    From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


    If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


    From time to time Mondaq may send you emails promoting Mondaq services including new services. You may opt out of receiving such emails by clicking below.

    *** If you do not wish to receive any future announcements of services offered by Mondaq you may opt out by clicking here .


    This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

    Correcting/Updating Personal Information

    If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

    Notification of Changes

    If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

    How to contact Mondaq

    You can contact us with comments or queries at

    If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.

    By clicking Register you state you have read and agree to our Terms and Conditions