The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 – issues for the legal profession
Guy Burnett is a lawyer and director with Helmores Compliance Limited in Auckland. After commencing his legal career in criminal practice, with a focus on money laundering and the trafficking of narcotics, he moved into legal and compliance roles with a wide range of international financial institutions, including a leading private hedge fund, an investment bank and a number of trust and company service providers. Here, he takes a look at the stage by stage implementation of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act) from a compliance point of view, and examines what lawyers need to be aware of when the second tranche of the legislation is enacted.
Effect of AML/CFT on lawyers
The new regime under the AML/CFT Act is being brought into force in two tranches. Tranche 1, which caught financial institutions, the casinos, financial advisers and trust and company service providers (all referred to as “reporting entities”), came into force on 30 June 2013.
At the same time, regulations came into force expressly excluding lawyers, incorporated law firms, conveyancing practitioners, incorporated conveyancing firms, accountants, and real estate agents, if they were providing a financial or other relevant service, so long as that service was being undertaken in the ordinary course of their business in that capacity. Tranche 2, which is expected to come into force in 2015, will most likely repeal this regulatory exclusion and bring those acting in these professions within the scope of the AML/CFT Act.
The government has felt able to implement this exclusion as the excluded professions already have existing obligations under the Financial TransactionsReporting Act 1996 (FTRA). For example, the current position is that if a lawyer were to receive funds in the course of his or her business for the purposes of deposit, investment or settling real estate transactions, he or she would most likely be required to verify the identity of the client, keep transaction and verification records for at least five years and report any suspicious transactions to the Financial Intelligence Unit (a police agency) in Wellington.
Compliance and documentation requirements under the AML/CFT Act
The practical effect of the AML/CFT Act is not very different to that of the FTRA. However, the AML/CFT Act requires reporting entities to go to greater lengths to achieve compliance. Further, all reporting entities must be supervised by a statutory supervisor (of which there are currently three) and these supervisors are afforded wide powers to actively enforce the legislation.
Each reporting entity must appoint an AML/CFT compliance officer. The statutory role of this person is to administer and maintain the reporting entity’s AML/CFT programme. If the reporting entity employs staff, the AML/CFT compliance officer must be an employee. In any event, the appointee must report to senior management.
Reporting entities must produce two important documents. The first is a risk assessment, setting out the inherent (uncontrolled) risks of money laundering and terrorist financing taking place in the reporting entity’s business. When producing this document, the reporting entity must have regard to the nature, size, and complexity of its business, the products and services it offers, the methods by which it delivers products and services to its customers, the types of customers it deals with, the countries it deals with and the institutions it deals with.
Once it has identified the risks, the reporting entity must go on to assess those risks and record the outcome in the risk assessment. When conducting this process, it must have regard to any applicable guidance material produced by the AML/CFT supervisors or the Commissioner of Police relating to risk assessments. This is an important exercise for the reason that, if not performed to sufficient depth, the AML/CFT programme will not be able to adequately or effectively manage and mitigate areas of
Once it has completed its risk assessment, a reporting entity must establish, implement and maintain the second document, a written AML/CFT programme. This must set out the reporting entity’s adequate and effective procedures, policies and controls on, inter alia: vetting its senior management, AML/CFT compliance officer and other staff involved in AML/CFT duties, training those people, conducting customer due diligence (both at the start of the relationship and on an ongoing basis), undertaking account monitoring, reporting suspicious transactions, keeping a wide range of business records, managing and mitigating areas of risk, setting out when enhanced customer due diligence is required or simplified customer due diligence may be performed, along with the monitoring of, managing compliance with, the internal communication of and training in those procedures, policies, and controls.
While this document must comply with the AML/CFT Act, care should be taken to ensure that it does not contain so much “legalese” that it is incomprehensible to half the firm. The inclusion of statutory references is undesirable, as these will simply serve to refer readers back to the AML/CFT Act, and to detract from the obligation to secure adequacy and effectiveness in the firm’s procedures and internal controls.
Every year, a reporting entity must submit an annual AML/CFT report to its AML/CFT supervisor. This must disclose specified details regarding the reporting entity’s AML/CFT documentation and related matters. Further, every two years, a reporting entity must have its risk assessment and AML/CFT programme audited by an appropriately qualified and independent auditor.
Verifying customer identity
As under the FTRA, reporting entities are still required to verify the identity of their customers. However, the requirements are now subject to greater prescription. It is now necessary to verify the customer’s name, date of birth and address, with the means adopted to verify the name and date of birth being in compliance with the Identity Verification Code of Practice (last amended in 2013). Further, reporting entities are also required to verify the identity of their customers’ beneficial owners and anyone acting on their behalf.
If a reporting entity were to identify a customer as constituting a material level of risk, as a “politically exposed person”, or as a resident in certain countries (for example), it would also be required to verify the source of the funds or wealth of the customer.
Enforcement and consequences of breach
The AML/CFT Act provides the supervisors with a wide range of enforcement tools. These include formal warnings, enforceable undertakings, injunctions and pecuniary orders. Any breach of the AML/CFT Act might be regarded as a civil liability act, each of which can result in a fine of up to $2 million. However, if a reporting entity were to commit the breach knowingly or recklessly, it would be liable to criminal prosecution and face a fine of up to $5 million per offence. Several offences can also lead to up to two years’ imprisonment.
Role of supervisors – where would lawyers fit in?
A fundamental part of the AML/CFT Act is the role of the supervisors. The AML/CFT Act appoints the Reserve Bank, the Financial Markets Authority and the Department of Internal Affairs as supervisors, each with oversight of its own sector. Whereas the Reserve Bank and the Financial Markets Authority have their sectors expressly defined in the Act, the Department of Internal Affairs has responsibility for certain specified classes of business and also those reporting entities not subject to supervision by the other two supervisors.
It would therefore appear to be the case that those reporting entities caught by the second tranche (likely to include lawyers, as noted above) would be subject to the supervision of the Department of Internal Affairs. However, given that Department’s current resources, the fact that it already supervises more reporting entities than either of its counterparts and that those numbers would dramatically increase if it were to take on just one of the new sectors, this might require further consideration.
It should be noted that the policy of the Financial Action Task Force, which shapes anti-money laundering and counter-terrorism financing legislation internationally, and of which New Zealand is a full member, allows appropriate self-regulatory organisations to fulfil the supervisory functions. This is something which might be considered in New Zealand. Certainly, the current position appears to remain undecided, leaving the question very much in the air as to whether the second tranche is really likely to be implemented in 2015.
Comparison with experiences across the Tasman
Australia enacted equivalent legislation in 2006. Similar to the position in New Zealand, the Australian legislation was supposed to come into force in two tranches. While the first tranche has now bedded in over a number of years, the second tranche remains subject to further review.
This side of the Tasman, the Ministry of Justice appears to have built up much greater momentum and the current view is that our second tranche will come in to force in 2015. However, this cannot be certain.