AML/CFT regulators crack down hard

The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 imposes strict compliance obligations on businesses (reporting entities) in a bid to curtail money laundering and terrorism financing risks. It is now being strongly enforced.

Kavanagh Chu

The three AML/CFT supervisors – the Department of Internal Affairs (DIA), Financial Markets Authority (FMA) and Reserve Bank of New Zealand (RBNZ) – have become much more active in enforcement.

The DIA has led the way, succeeding in three civil proceedings against reporting entities for noncompliance with AML/CFT obligations.

The ramifications of non-compliance can be severe with enforcement action potentially giving rise to both civil and criminal liability, especially for entities which have been subject to the regime since 2013.

In 2017, the High Court ordered Ping An Finance (Group) New Zealand Company Ltd to pay pecuniary penalties totalling $5.29 million for multiple breaches of the Act.

In 2018, Qian Duo Duo Ltd paid $356,000 in pecuniary penalties and this year Jin Yuan Finance Ltd was ordered to pay a pecuniary penalty of approximately $4 million.

Having recently filed its fourth civil proceeding and the first criminal proceedings under the Act, the DIA is showing no signs of slowing down.

The criminal proceedings were brought against an unnamed company and two employees accused of failing to report several suspicious transactions worth more than $53 million.

To date, the FMA and RBNZ have preferred to issue formal and informal warnings or accept enforceable undertakings. However, they are expected to become more assertive in enforcement.

To avoid incurring severe penalties – and potential imprisonment – it is vital reporting entities ensure they understand their obligations and are fully compliant with the AML/CFT Act.

Six years on

It is more than six years since the Act came into force on 1 July 2013.

But due to ambiguous provisions, myriad inclusions and exemptions, and different entities being brought into the regime on a staggered basis, many businesses are still getting to grips with compliance.

In fact, some businesses and individuals may not even be aware that they are caught under the Act.


The AML/CFT Act applies to reporting entities to the extent they carry on any of the activities specified in the Act.

Reporting entities include casinos, financial institutions, high-value dealers, the Racing Industry Transition Agency (formerly the New Zealand Racing Board), and designated non-financial businesses and professions such as lawyers, accountants and real estate agents, as well as trust and company service providers.

Not clear-cut

It is not always clear-cut when a person is a reporting entity for the purposes of the Act.

A financial institution is defined as a person who, in the ordinary course of business, carries on one or more of the financial activities specified in the Act.

This list of financial activities is broad and sometimes ambiguous, and there is limited published guidance available on what is and is not included.

A person may be a “financial institution” if, in the ordinary course of business, they, for example:

  • accept deposits or other repayable funds from the public;
  • lend to or for a customer;
  • transfer money or value for, or on behalf of, a customer; safe-keep or administer cash or liquid securities on behalf of other persons; and/or
  • invest, administer, or manage funds or money on behalf of other people.

The list is a summary of only some of the captured activities.

The definition of a trust and company service provider is also wide-ranging, covering any person not already specified who is carrying out any of the designated activities of a designated non-financial business or profession.

These include, in the ordinary course of business:

  • acting as a formation agent - eg, of companies, partnerships or trusts;
  • acting as, or arranging for a person to act as, a nominee director or nominee shareholder or trustee;
  • providing a registered office or a business address, a correspondence address, or an administrative address for a company, or a partnership, or trust (unless the office or address is provided solely as an ancillary service to the provision of other services);
  • managing client funds (other than sums paid as fees for professional services), accounts, securities, or other assets; and
  • engaging in, or giving instructions on behalf of a customer to another person for:
    • a transaction on behalf of any person in relation to the buying, transferring, or selling of a business or legal person (eg, a company) and any other legal arrangement; or
    • a transaction on behalf of a customer in relation to creating, operating, and managing a legal person (eg, a company) and any other legal arrangement.

So, for example, on a literal reading of the AML/ CFT Act, any person who in the ordinary course of business manages client funds or payments, or provides a business address may be a reporting entity. There are some exemptions but they do not help in all cases.

Broad and ambiguous provisions like these can mean many businesses and individuals who would not typically be considered financial institutions or trust and company service providers could be surprised to discover they are caught under the Act.

Deliberately ambiguous

The AML/CFT Act is a principles-based statute, meaning it is intentionally less prescriptive than other New Zealand legislation to allow for a broader, purposive approach to interpretation.

The purpose of the Act is to detect and deter money laundering and terrorism financing.

When originally enacted, it was expected the Act would be accompanied by extensive official guidance to provide clarity.

While there is some guidance, it can be hard to find, is often limited and may itself be hard to interpret or apply.

When assessing whether an entity is caught under the Act, in addition to a technical reading of the provisions (and any guidance), the money laundering and terrorism financing risks associated with a business need to be taken into consideration to apply the regime.

However, as money laundering strategies become more sophisticated, this is not always easy to determine.


It is a common misconception that AML/CFT compliance is limited to doing customer due diligence such as identity verification during the customer onboarding process.

The applicable compliance obligations can differ between reporting entities – eg, high-value dealers will be subject to less onerous obligations – but they are extensive.

They generally include putting in place and maintaining formal AML/CFT compliance infrastructure such as appointing an AML compliance officer reporting to senior management, a written risk assessment of the money laundering and terrorism financing risks associated with the reporting entity’s business, and a written AML/CFT program responding to those risks.

Other obligations include:

  • staff vetting and training;
  • conducting initial and ongoing customer due diligence;
  • monitoring transactions and accounts on an ongoing basis to detect suspicious activities and transactions;
  • reporting suspicious activities and transactions to the police FIU; and
  • complying with the auditing and reporting requirements under the Act.

Even if no money laundering has occurred, a reporting entity may be prosecuted for not having the required infrastructure or failing to perform other obligations.

In fact, some of the cases mentioned earlier have involved exactly that scenario.

Seek advice

We recommend anyone concerned about AML/ CFT compliance obligations seeks legal advice as soon as possible.

Alternatively, they could contact the DIA, FMA or RBNZ directly to seek guidance.

Lloyd Kavanagh is a partner and Judy Chu is a solicitor at MinterEllisonRuddWatts

Contact Us
Phone 09 303 5270
Fax 09 309 3726