The Ministry of Justice has now released its consultation document on first priority matters in relation to the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (the AML/CFT Act).
This will provide an important opportunity to influence key design elements of the new regime, including which entities and transactions should be exempt, various applicable threshold values, customer due diligence (CDD), third party reliance and designated business group issues, and annual reporting requirements. But timing is tight: submissions close on 6 September 2010.
The Ministry provided an early guide to its thinking in a preliminary scoping paper released in February 2010. Feedback received has been incorporated into the consultation document, and refined proposals for regulations and generic codes of practice under the Act are now put forward. The proposals are intended to provide industry with sufficient certainty about the extent of responsibilities under the regime to enable business planning to commence. This Brief Counsel summarises the key changes.
| TIMELINE | |
| September 2010 | Final decisions on regulations made and communicated |
| December 2010 | Regulations gazetted |
| December 2010 | Codes of practice on key aspects of CDD issued |
| December 2010 | Preliminary national and sectoral risk assessments available |
| November /December 2012 | Commencement of obligations for reporting entities (two years from the date regulations are gazetted) |
| Over the two years following gazetting of regulations | Guidance material and remaining codes of practice developed |
| "Second phase" entities deferred until regulations to complete the first phase are finished |
Key issue – financial advisers
Under the proposals, persons required to be authorised financial advisers under the Financial Advisers Act 2008 (FAA) will be explicitly included within the definition of "reporting entity".
This means they will be required to comply with all the obligations of the AML/CFT Act, although this would be limited to the extent that they arrange for other reporting entities to provide financial services to a customer. Persons who provide financial adviser services to only wholesale clients (who are not required to be authorised financial advisers under the FAA) will also be explicitly included. However, this should be limited to those wholesale financial advisers who provide services in respect of category one (complex) financial products. If a group of persons required to be authorised financial advisers operate as a firm, AML/CFT Act obligations will apply to the entity rather than separately to each individual financial adviser.
Simplified obligations will apply, however: financial advisers will be subject to the core obligations of CDD and suspicious transaction reporting, but not to ongoing due diligence. It is also intended that a simplified AML/CFT risk assessment and compliance programme will be permitted under a code of practice or regulator guidance, to avoid duplication of obligations under the FAA.
Lawyers and accountants who provide financial adviser services are expected to be transitionally exempt from the AML/CFT Act (as discussed further below), but where lawyers or accountants act on behalf of a customer, CDD on both the customer and the person acting on behalf will be required in the usual way. Alternatively, if securities firms wish to rely on lawyers and accountants in the same manner as authorised financial advisers, agency agreements may need to be considered.
The risks arising from third party reliance will be an ongoing issue in the financial adviser areas and we think further general guidance on when reliance will be reasonable is still required.
Who falls outside the regime?
Exemptions
Recognising the risk-based approach intended by the AML/CFT Act, regulatory exemptions are proposed for a number of entities and products, including:
- securities registries (exempted from all obligations other than suspicious transaction reporting and record-keeping, provided that in respect of off-market or paper-based share transfers, CDD must be undertaken on the transferor before the transfer takes place)
- general risk-based insurance and reinsurance products (although the insurance sector has been specifically earmarked for further consideration in the second phase of reforms)
- premium funding agreements that relate to insurance products not covered by the AML/CFT Act (exempted from CDD obligations)
- low-risk products and services, such as pure-risk life insurance products (with no minimum surrender value), insurance products which are closed to new customers or premiums, and certain funeral policies (full exemption)
- certain low-value life insurance products (exempted from CDD verification until payout of the policy)
- certain workplace-based superannuation funds, including KiwiSaver for employed persons (exempted from CDD verification until cash out. Full obligations apply to KiwiSaver for non-employed individuals, although reliance on CDD carried out by IRD will be permitted)
- low-value superannuation funds (full exemption)
- corporate treasury functions provided within corporate groups, provided that all members of the group are registered and operating in either New Zealand or a jurisdiction (such as Australia) that has a broadly equivalent AML/CFT regime (full exemption)
- debt collection agencies (required only to report and keep records relating to suspicious transactions)
- safety deposit boxes in the accommodation industry (full exemption, mirroring the Australian approach)
- overseas pension accounts for certain countries (exempted from CDD verification), and
- non-bank deposit takers in the process of being wound up (reduced CDD obligations).
In addition, an exemption is proposed for all reporting entities from the requirement to verify the address of non-New Zealand residents (although reporting entities will be expected to demonstrate that there are procedures in place to prevent the exemption from being exploited or misused). This is expected to substantially reduce compliance costs. Casinos will also be exempted from the requirement to verify the address of customers undertaking an occasional transaction, recognising that casinos are entertainment venues where patronage is often spontaneous. Casinos will be subject to address verification requirements in relation to any currency exchange and money remittance services, however.
An exemption for entities which engage in financial activities on only a very limited basis, such as retailers and other non-financial service providers, is not being proceeded with. We assume the Australian approach of seeking case by case exemptions is intended to be adopted. Similarly, casino loyalty schemes and credits on gaming machines are proposed to be managed not through a blanket exemption but through case by case Ministerial exemptions. A copy of the new Ministerial exemption policy is available here.
Some items on which feedback was specifically sought, such as the issuance of shares by a reporting entity to its employees, the issuance of securities or derivatives, or options for securities or derivatives in government agencies, have not been addressed.
"Second-phase" entities
Further transitional exemptions are proposed for the following second-phase entities:
- those who fall within the Act's definition of "financial institution", but which are intended to be subject to the Act only in the second phase of reforms (such as real estate agents, lawyers, accountants, conveyancing practitioners, the Lotteries Commission and the Racing Board)
- retailers who provide short term self-funded credit to customers
- pawnbrokers, and
- core government departments.
It appears that other entities intended to be included in the second phase of reforms, such as high value dealers, traders in wholesale market instruments (such as electricity futures, fishing quotas, and emissions units), and other government entities, such as the Reserve Bank of New Zealand, will not be transitionally exempt.
Charitable organisations and Crown entities (such as ACC, EQC or the Guardians of New Zealand Superannuation) who fall within the definition of "financial institution" are specifically advised to contact the Ministry of Justice, where applications for Ministerial exemptions may be considered on a case by case basis.
Thresholds and inclusions
The occasional transaction threshold is proposed to be retained at NZ$10,000, which is lower than the Financial Action Task Force (FATF) maximum and has numerical, rather than value, alignment with Australia. However, the deterrence benefits of having a lower threshold are acknowledged. Casinos' occasional transaction threshold will be even lower at NZ$6,000, but specific address verification and record-keeping exemptions for casinos are expected to mitigate the compliance costs of this lower threshold.
It is proposed that 25% will be used as the threshold for when a person is deemed to be the "beneficial owner" of a customer and so subject to CDD requirements. This is consistent with the Australian and UK thresholds and the Companies Act 1993.
The thresholds for travellers' cheques (NZ$5,000), money and postal orders (NZ$1,000), and foreign exchange occasional transactions (NZ$1,000, with the compliance costs mitigated by the proposed exemption from address verification requirements for non-residents discussed above), have not changed from the February discussion document. The maximum value threshold suggested for non-cash redeemable stored value cards, which will be included within the Act's scope under regulations, has been doubled to NZ$5,000. For cash redeemable cards, a maximum value of NZ$1,000 at any one time is still proposed, but the requirement for an annual maximum value is not being proceeded with.
Trust and company service providers (TCSPs)
Trust and company service providers, highlighted by FATF as an area of regulatory gap in New Zealand, have been brought forward for explicit inclusion within the definition of "reporting entity" in phase one. Inclusion as a reporting entity means they are subject to the full requirements of the AML/CFT Act. Those seeking trust and company services may therefore favour lawyers to undertake this work, due to their transitional exemption from the AML/CFT Act regime. However, requirements under the Financial Transactions Reporting Act 1996 (FTRA) will continue to apply. In addition, due diligence information to an AML/CFT Act standard will need to be provided to other financial institutions in New Zealand (for example banks) when the entity utilises financial services.
Wire transfers
The proposals set out in the February discussion document in the context of wire transfers have not changed: wire transfers under NZ$1,000 are still proposed to be exempt from AML/CFT requirements, and, for domestic wire transfers, the information relating to the transaction itself (which may be an account number or record) is still proposed to constitute sufficient identifying information.
Customer due diligence
Standard, simplified and enhanced due diligence
The extended list of organisations considered suitable for simplified due diligence has been further extended to include certain overseas government bodies, but at this stage it does not appear that statutory charitable trusts will be included.
The proposals for dealing with the difficulties inherent in identifying and verifying the beneficiaries of certain trusts (currently requiring enhanced due diligence) have been modified. Reporting entities will still be required to identify, but not verify, the name and date of birth of beneficiaries of trusts. However, where a trust has a large number of beneficiaries the intelligence gains in requiring the identification of ten out of hundreds of beneficiaries were considered to be limited. Instead, reporting entities will be required to record the types of beneficiaries (and where practicable the numbers within each type). This proposal is also intended for discretionary trusts. The proposal to requirement identification of beneficiaries of trusts when disbursements are made is not being progressed.
It is still proposed that reporting entities who are, or become, aware of existing anonymous accounts be required to undertake CDD in relation to those accounts.
Verification
The February discussion document canvassed in considerable detail the basis upon which a customer's identity should be verified. It considered documentary, electronic and various other non-face to face verification procedures. The basis for verification proposal that it described was informed by the guidance in the Evidence of Identity (EOI) standard. However, feedback from industry clearly signalled that the proposal represented a significant departure from current business practice (and the requirements of the Australian regime) and that the compliance costs and customer convenience impact would be substantial.
In response, a modified basis of verification proposal has been put forward, and the code of practice "safe harbour" option has been selected. The code of practice structure is intended to provide certainty of requirements, while at the same time leaving flexibility for reporting entities to develop exception handling protocols and innovative solutions to obligations. The modified proposal addresses some of the concern associated with the ubiquitous driver's licence, but is expected to be able to be implemented without substantial impact on customer convenience or compliance costs: the driver's licence will be able to be used in combination with another form of "wallet-friendly" source of verification, such as a credit card, community services card, or even bank statements and statements issued by government agencies. The two-document approach is modified for low to moderate risk customers.
The proposals for documentary certification by a trustee referee when a reporting entity cannot undertake documentary identification in person have been modified to a more generic approach: the requirement for the trusted referee to have known the person for more than 12 months will be replaced with simply a person of particular standing in the community, referencing criteria commonly used by the Department of Internal Affairs for identification purposes.
Electronic verification is not precluded, provided it is reliable and independent. A generic safe harbour proposal for electronic verification is set out, but reporting entities will generally be expected to determine for themselves what might constitute reliable and independent sources, according to the level of risk involved with each customer. The minimum safe harbour may be modified over time, as a broader range of improved products becomes available.
Third party reliance
The ability of a reporting entity to rely on another entity's customer due diligence investigations will be central to the efficient operation of the Act. The Act permits a reporting entity to rely on some third parties' due diligence investigations in certain circumstances. However, the Act also provides that the reporting entity remains liable for ensuring due diligence is carried out in accordance with the Act.
The proposal to exempt pooled or nominee accounts from due diligence, account monitoring and record-keeping obligations does not appear to be being progressed. Instead, a proposal to exempt reporting entities from beneficial ownership obligations with respect to certain trust accounts is put forward. The reporting entity will have to take reasonable measures to satisfy itself that the account is being legitimately operated for business or professional purposes and not to obscure the identity of beneficial owners.
The proposal to extend the scope of designated business groups (DBGs) that can share anti-money laundering compliance, to network agents and sub-agents engaged in money remittance services, has been retained, although limited to where both the agent and sub-agent are resident in New Zealand. In addition, the requirements for the DBG election process will be prescribed, and compliance made a condition for membership of a DBG.
These regulations and codes of practice will be helpful, but we think broader third party reliance issues should also still be considered further. Retaining liability for CDD with a reporting entity that relies on a third party is consistent with FATF's recommendations, but without more general guidance on when reliance will be reasonable (and so potentially within the immunity and defences in the Act), reporting entities may be reluctant to risk liability based on another's actions or inactions.
Other matters
Annual reporting
In response to industry feedback, annual reporting requirements have been moved to a first priority matter, and proposals as to the information that reporting entities need to provide to their supervisor as part of the annual reporting required under the AML/CFT Act are included in the consultation document.
Record-keeping
The record-keeping requirements in the AML/CFT Act are more extensive than those currently in the FTRA, requiring additional records to be kept and potentially for significantly longer periods, following which they must be destroyed unless there is a lawful reason for retaining them. The record-retention period is potentially either shorter or substantially longer than that required for tax purposes, due to the fact that it is relationship-based. Reporting entities should be aware of the potential for systems error in having different overlapping periods in respect of the same records.
The consultation document sets forward a new proposal to exempt reporting entities from maintaining records of the parties to one-off transactions under applicable occasional transaction thresholds. The intelligence benefits from one-off low level transactions were not considered to outweigh the compliance costs of obtaining and keeping this information. Where a record is made during the course of a transaction, however, it will be required to be kept.
What's not covered
We hope the opportunity will be taken prior to implementation to align the definition of "financial institution" with the definition of "financial service" in the Financial Service Providers (Registration and Dispute Resolution) Act 2008 (the FSPA). It appears the recent refinements that have been made to the FSPA definition during its protracted pre-implementation process have not been replicated in the AML/CFT context, resulting in an unhelpful mismatch in coverage.
It will also be helpful to have guidance on what will constitute a "regular review" for the purposes of the ongoing account monitoring and CDD requirements: will regular system alerts be sufficient on their own to satisfy this requirement, or will more be required? Guidance on how often a "review" of an entity's risk assessment will be required would also be helpful.
More fundamentally, reporting entities will be required to have AML/CFT programmes to detect, manage and mitigate the risk of money laundering, but there is still no guidance on what exactly "money laundering" is. It seems it may be a concept akin to tax avoidance and pornography: too hard to define, and we just have to "know it when we see it".
Further information
A copy of the discussion document is available here.
The information in this article is for informative purposes only and should not be relied on as legal advice. Please contact Chapman Tripp for advice tailored to your situation.
