MAY 2016 published by Thomson Reuters
Stronger enforcement looms, while New Zealand also presses on with further AML/CFT reforms
The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (“AML/CFT Act”) introduced a broad risk-based framework that brought New Zealand’s AML crime regime into the modern era. That development was one the international community felt was overdue, as delays in implementing the upgrade had led the FATF to put New Zealand on Mutual Evaluation Follow-up status.
A wide range of reporting entities finally became subject to the full rigour of a modern FATF-compliant regime on June 30, 2013. This improved the legal system to the extent that New Zealand was taken off the Follow Up list in the most recent 2014 report with the FATF stating:
“Since the adoption of its mutual evaluation report in 2009, New Zealand has focused its attention on:
- Strengthening the AML/CFT legislative framework with the adoption of new preventive AML/CFT Legislation – the AML/CFT Act, 2009 – which came into full force and effect on 30 June 2013.
- Issuing a set of implementing preventive AML/CFT measures, a National Risk Assessment and comprehensive guidance material to assist reporting entities with the implementation of the Act.
- Introducing several changes to its supervisory framework, including establishing three statutory supervisors for reporting entities subject to the Act: The Reserve Bank of New Zealand; the Financial Markets Authority; and the Department of Internal Affairs.
- Strengthening its registration and licensing regime for financial service providers and the insurance sector.
- Introducing a new cross-border cash reporting regime.
In October 2013, the FATF recognised that New Zealand had made significant progress in addressing the deficiencies identified in the 2009 mutual evaluation report and could be removed from the regular follow-up process”.
This sea-change in the law has inevitably taken time to properly bed in with all affected businesses and, now in its third year since implementation, two developments in the AML regime are apparent:
- the regulators are starting to toughen up on entities who are still not yet fully compliant with the law; and
- the policy-makers are ready to press ahead and make further important reforms to improve the quality of data that the regime generates to provide to law enforcement agency.
In addition, a new Bill to combat organised crime and corruption has passed its final reading in Parliament. According to the Minister of Justice, it will give law enforcement agencies: “greater powers to tackle financial crime and corruption on a number of fronts. It ensures New Zealand law is in line with international best practice, improving our “ability to support global efforts to fight these pernicious crimes”
Summary of key AML/CFT legislative framework in New Zealand
Two important pieces of legislation passed in 2009 form the bedrock of New Zealand’s modern financial crime prevention system. The AML/CFT Act helps law enforcement detect and deter such crimes by demanding that private sector reporting entities (when within coverage scope) implement a compliance programme to mitigate money laundering and terrorist financing risks and to report suspicious transactions to Police. The Criminal Proceeds (Recovery) Act 2009 then allows law enforcement agencies to use the intelligence gathered from those reports to freeze and seize assets and profits of crime, under a powerful, non-conviction based, forfeiture regime. Those laws are underpinned by the core money laundering offences and provisions contained in the much-amended Crimes Act 1961.
The main obligations within the 2009 Act represent the over-arching principles of FATF’s 2003 “40+ 9 Recommendations”, implemented reasonably faithfully, but pre-dating FATF’s 2012 Recommendations reissue. The AML/CFT has broad risk-based obligations and some prescriptive detail, but further work to develop the building blocks of the regulatory regime has included release of a series of important risk assessment documents, plus Regulations that set out detailed definitions, exemptions, thresholds and related matters, as well as regulatory guidelines and codes of practice to assist entities in their compliance.
Bill to crack down on organised crime
The Organised Crime and Anti-Corruption Legislative Bill recently passed by Parliament, will toughen the AML/CFT Act in key areas and introduce new steps to combat profit motivated organised crime and bribery issues. Specific measures include:
- Requiring banks to report all international transfers of $1,000 or more and all physical cash transactions of $10,000 or more to the Financial Intelligence Unit.
- Redrafting the money laundering offence to specify that intent to conceal is not required, and any offence is a sufficient predicate offence.
- Introducing new offences to address identity crime, including selling/passing on identity information.
- Amending the people trafficking offence so that it applies to such activity in New Zealand, not just when victims are moved in or out of this country.
- Providing Police with express statutory power to share information with international counterparts.
- Revising the foreign bribery offence, including clarifying the circumstances in which a corporation is liable for foreign bribery.
- Increasing penalties for bribery and corruption in the private sector to bring them into line with public sector bribery offences.
Who are the regulators? Supervisory, reporting and enforcement agencies
New Zealand is using a multi-supervisor model with three existing regulatory agencies adding AML to their existing responsibilities. In this respect, New Zealand differs from other countries (e.g. Australia) that may have created a single specialist AML regulator. The supervisors are:
- Reserve Bank of New Zealand — for banks, life insurers and non-bank deposit takers;
- Financial Markets Authority — for other financial institutions including security issuers, trustee companies, funds management, futures dealers, collective investment schemes, brokers and financial advisers;
- Department of Internal Affairs — for casinos, money changers/remittance, non-deposit taker lenders and all other reporting entities not supervised elsewhere.
An advantage of this approach is that each of those agencies already performs other regulatory functions for those industry groups, and has established some degree of expertise and rapport. An important disadvantage is that much greater inter-agency liaison will be required to ensure consistency of approach and to minimise the risk of inconsistent approaches between the regulated sectors. Now 3 years into the modern regime, some divergences in attitude towards enforcement is starting to be seen.
Suspicious transaction reports must be made to a fourth agency, the Financial Intelligence Unit of the New Zealand Police, and not to one of the three AML/CFT supervisors. Greater awareness of the depth of new compliance that will be required has already led to an substantial increase in the number of STRs from the financial sector since 2013. A secure online STR platform has been developed by the FIU, named “goAML”, which all reporting entities are required to enrol for and use for making STRs. The FIU does not accept simple e-mail reports or oral reports (other than in situations of extreme urgency).
The Ministry of Justice also has an active role in the ongoing development and implementation of the AML regime. The Ministry manages an AML/CFT Coordination Committee that includes the 3 supervisors, New Zealand Customs Service, New Zealand Police, Inland Revenue and other invited agencies.
To date, the AML/CFT Supervisors have taken a sensible and pragmatic approach to enforcement, in effect telling the supervised entities that if a “genuine and reasonable attempt to comply” has been made, immediate enforcement action will be unlikely. However, any “honeymoon period” of transition is now coming to an end, with several public warnings issued during 2014-15, and tougher enforcement now likely, especially in cases where there has been wilful or deliberate breaches of the compliance rules.
Who is covered? Reporting entities, and transitional stages
Coverage of commercial enterprises and financial businesses was extended by the AML/CFT Act well beyond the earlier Financial Transactions Reporting Act 1996 (“FTRA”). The main exception concerns designated non-financial business and professions, such as lawyers, accountants and real estate agents, who remain subject to the older weaker rules in the FTRA.
Reporting entities under the AML/CFT Act are currently defined to include financial institutions and casinos. Section 5 further defines “financial institution” to mean a person, who in the ordinary course of business, carries on one or more of the long list of financial activities set out there, including:
- accepting deposits or other repayable funds from the public;
- making a loan to or for a customer;
- issuing a debit or credit card;
- managing the means of payment;
- supplying goods through a finance lease (other than for consumer products);
- providing remittance services that transfer money or property;
- issuing or accepting liability under life insurance policies;
- issuing or selling securities and derivatives;
- safekeeping or administering cash or liquid securities on behalf of other persons; and
- exchanging foreign currency.
Other categories of firms can be included or excluded by subsequent Regulation – for instance, some types of financial advisers and trust and company service provider firms have been included as reporting entities, to help prevent abuse by clients seeking complex or opaque business structures.
Tranche 2 coverage has been discussed for some time, the planned extension to control other sectors as reporting entities – such as lawyers, accountants, real estate agents, bullion and precious metals dealers, and dealers in other luxury assets. Although the Minister of Justice has stated that work streams to bring these further groups of entities under the regime are finally beginning, little direct sign of action has emerged from the relevant Ministry. Until these new AML/CFT measures are implemented, older existing requirements in the (FTRA 1996) continue in effect. It could be that recent political attention in 2016 due to the unauthorised release of the “Panama Papers” data set could now see acceleration of Tranche 2 coverage work.
New Zealand AML supervisors issued a 2011 Guideline to clarify how they intend to apply the meaning of the phrase “Ordinary Course of Business”. A number of contextual factors may, when considered together, indicate that an activity is in the ordinary course of business of that firm, if it:
- Is normal or otherwise unremarkable for the particular business (including as indicated by the firm’s internal processes and marketing materials)
- Is frequent, or is regular
- Involves significant amounts of money
- Is a source of revenue for the firm
- Involves significant allocation of the firm’s resources
- Involves a service or product that is offered to customers or third parties.
Key legal requirements and obligations
Summarised briefly, the main obligations in the AML/CFT Act for reporting entities include requirements to:
- Establish, implement, maintain and regularly audit an AML/CFT programme
- Prepare a written risk assessment of the money laundering and terrorism financing risks that each business faces
- Appoint an AML/CFT compliance officer
- Put in place internal KYC procedures to ensure that basic customer due diligence (CDD) measures are carried out, especially when commencing a new business relationship or carrying out an occasional transaction
- Develop mechanisms to determine if more stringent, enhanced CDD measures are required (for example, when dealing with trusts, wire transfers, correspondent banking relationships, and ‘politically exposed persons’ — listed types of prominent foreign public figures
- Carry out training and recruitment vetting for staff involved in AML procedures
- Apply continuing account and transaction monitoring processes
- Make STRs and cooperate with regulators (without ‘tipping off’ the customer)
- Ensure safe retention of account and transaction records for a minimum of five years
- Report annually to regulators on the firm’s compliance with its AML/CFT programme, and have a bi-annual independent audit of compliance.
Published guidance materials from the Supervisors include:
- Identity Verification Code Of Practice 2011 (a safe harbour prescribed form of CDD identity verification, for individuals who are low or medium risk).
- Guidelines on the Written Risk Assessment
- Guidelines on developing an AML/CFT Programme
- Guidelines on interpreting “Ordinary Course Of Business”
- Countries Risk Assessment Guideline
- Designated Business Group — Scope Guidelines, as to whether entities are eligible
- Designated Business Group — Formation Guidelines, as to process to comply, if eligible
- Business Coverage Guideline for certain Insurance businesses
- A Guide For Small Financial Adviser Businesses
- A Guide for Issuers of Securities, and Participants in Issues
- Guideline for Audits of the Risk Assessment and AML/CFT Programme
- A statement on interpretation of the Territorial Scope of the Act
- Beneficial Ownership Guidelines
- Wire Transfer Guidance
- Acting on Behalf of a Customer Guideline
- Exemption and consultation material for Managing Intermediaries
More detailed Risk Assessment and Customer Due Diligence than some jurisdictions
New Zealand law places priority on ensuring a detailed written risk assessment is prepared, that is specific to each reporting entity’s business. It is required as a first step and key platform for all AML/CFT compliance steps to follow. It must be tailored to the money laundering and terrorist financing risk that each firm is likely to face in its sphere of operations. It must be reviewed updated regularly, and available for AML supervisors to inspect. As well as the types of product/service offered, customer types and delivery/distribution to them, and institutions dealt with, a particular category of risk includes the countries dealt with. Assessing the risk posed by dealings with various countries abroad is not as simple as referring to the FATF non-compliant and non-cooperative lists. It will depend on the circumstances, and may include an assessment of a country’s AML systems, whether a customer is adequately supervised or regulated for AML purposes, and whether the country is otherwise “high risk”. In determining “high risk”, businesses should, for example, consider:
- countries subject to sanctions, embargoes or similar measures
- countries identified by credible sources, such as FATF, as lacking adequate AML/CFT systems/measures or controls
- countries identified by credible sources as having supporters of terrorism or the financing of terrorism
- countries identified by credible sources as having significant levels of corruption
- countries identified by credible sources as being tax havens
- countries that are materially associated with production and/or transnational shipment of illicit drugs
Customer due diligence/KYC
A cornerstone of any AML regime involves high quality KYC or CDD processes. Sections 10 to 17 of the 2009 Act set out the main requirements for standard CDD, with relaxations in certain circumstances for simplified CDD (ss 18-21) or additional requirements for enhanced CDD (ss 22-30). Generally, CDD will not be retrospective, meaning it does not require all existing customers to be verified upon the law coming into force (with some exceptions). It will typically apply to new relationships or accounts, or to “occasional transactions” with existing customers.
Section 15 sets out the minimum information required for standard CDD. A reporting entity must obtain: the person’s full name; date of birth; if not the customer, that person’s relationship to the customer; address or registered office; and any company identifier or registration number; as well as other information prescribed by regulations. The reporting entity must then verify that information, and verify certain additional details depending on the level of risk in certain situations (or as prescribed in regulations).
International groups/branch structures
Usefully, “designated business groups” (DBGs) are entitled to share certain AML obligations. A member of a DBG may rely on another member to carry out some obligations on their behalf. The AML Supervisors released a guideline in 2012 on the scope of these shared obligations, which include:
- Certain parts of the AML compliance programme
- Annual reporting
- Risk assessments
- Suspicious transaction reporting
- Allowing a shared AML/CFT compliance officer to be appointed for the group, in terms defined in Regulations issued in 2013.
There are obvious benefits to forming a DBG: members can focus their resources on particular aspects of the AML compliance programme, rather than each individually juggling multiple obligations. Responsibility for compliance, and potential liability, in most cases remains with the NZ member entity. To be eligible, firms must be related companies in terms of the New Zealand Companies Act 1993, or fall into certain other categories (e.g., money transfer agents or sub-agents). Where eligibility criteria are met, each entity must elect in writing to be in the DBG, and advise the relevant AML supervisor accordingly.
Reporting and record keeping, including predicate offences
New Zealand reporting entities and their auditors have specific obligations under sections 40–43 of the AML/CFT Act to make STRs where suspicion is raised in certain situations. The legal trigger for reporting is when a transaction or proposed transaction gives the reporting entity reasonable grounds to suspect that it is or may be relevant to the investigation/prosecution or money laundering or related offences.
The same predicate offences as currently apply under the Crimes Act 1961 are retained as the platform for the 2009 Act. Originally, any serious crime (being an offence punishable by a prison term of 5 years or more) could form the basis of a money laundering offence for dealing with the proceeds or property of that crime. Other specified drug transaction offences are also predicate offences. An important recent change in the Organised Crime Bill package is to lower the threshold to include any criminal offence, serious or not, as a predicate offence for money laundering charges.
Further, any act taken outside of New Zealand that would have been an offence under the equivalent New Zealand law, if done within the country, is also a money laundering offence.
The STR must be made as soon as practicable and no more than 3 working days after forming the suspicion. The New Zealand Police FIU has developed a secure online IT platform that entities must use to make STRs. If an entity makes a STR, it also has an obligation in the Regulations to perform Enhanced CDD on that customer or person as soon as practicable after reporting them.
Reporting entities must also:
- keep transaction records enabling reconstruction of any transaction within the last five years, specified financial information, and identity and verification evidence;
- make annual reports on their risk assessment and compliance programme, in the detailed format required by the AML supervisors for this reporting function; and
- arrange for an independent audit of their risk assessment and compliance programme to be conducted every two years, or sooner if requested by their AML/CFT supervisor.
Breaches: civil liabilities and criminal offences
A mix of enforcement sanctions awaits businesses that may breach the 2009 Act, with differing levels of potential penalty. Regulators can consider legal action for civil liability penalties and also for criminal offences. These can be used against senior managers and individuals as well as their corporate entities. To date several public warnings have been issued by the three AML supervisors.
Civil liability acts include:
- Failing to ensure a branch or subsidiary business comply with AML/CFT requirements; entering or continuing a business relationship without adequate evidence of identity; inadequate account/transaction monitoring; entering or continuing a correspondent banking relationship with a shell bank — penalties up to NZ$100,000 for individuals or NZ$1 million for corporates.
- Failing to keep records as required; failing to establish, implement or maintain an AML compliance programme; failing to carry out CDD — penalties up to NZ$200,000 for individuals or NZ$2 million for corporates.
Criminal offences include:
- Recklessly, knowingly, or repeatedly carrying out a civil liability act as above; failing to make STRs when required; providing false or misleading information concerning STRs; tipping off unauthorised third parties about STRs; failing to keep adequate records concerning STRs; obstructing an STR investigation — criminal fine of up to NZ$300,000 or up to two years imprisonment for individuals, or fines of up to NZ$5 million for corporates.
CFT – countering the financing of terrorism
All of the major rules and compliance obligations in the AML/CFT Act apply equally to the financing of terrorism as they do to money laundering or other criminal aspects. However New Zealand has remained a jurisdiction mercifully free of major terrorist issues, and so this area of the law has received much less profile and attention to date.
Other relevant provisions can be found in the Terrorism Suppression Act 2002, with criminal offences for persons who provide or collect funds to be used for terrorist acts. Where terrorism financing is suspected, a Suspicious Property Report must be completed under section 43 of the Terrorism Suppression Act 2002, in effect using the same process and online goAML system as for a money laundering STR.
Forthcoming issues and law changes ahead
A major change stemming from the Organised Crime and Anti-Corruption Legislative reform package will in 2017 require reporting to the FIU of all international wire transfers and cash transactions over prescribed dollar thresholds. The Law and Order Committee reported the Bill back to the House of Parliament on 4 May 2015, and its report is available online: (http://www.parliament.nz/resource/en-nz/51DBSCH_SCR62835_1/fb244777b2a0130a9317026b2332229ea4408543)
The Bill amended 12 other statutes, in particular the Crimes Act and the AML/CFT Act. A key amendment was the insertion of subpart 2A, with new requirements for reporting entities to report all “prescribed transactions” to the FIU. This is a significant change from the earlier requirements in the Act to merely report any “suspicious transaction”. Part of the rationale is to improve detection and deterrence of money laundering and terrorism financing where criminals may try to use multiple small transactions, many senders, or multiple recipients to split or “smurf” transactions into smaller amounts that can be harder to detect. Those prescribed transactions for New Zealand are:
- international wire transfers of $1000 or more
- domestic physical cash transactions of $10,000 or more.
At present, the government Ministry of Justice is seeking public consultation on matters of detail necessary to bring in the new wire transfer and cash transaction regime, such as:
- which fields should be included in prescribed transaction reports?
- when multiple reporting entities are involved in wire transfers, which entity (or entities) should have to submit prescribed transaction reports?
The new legislation, including regulations, will come into force on 1 July 2017, with details of the new regulations expected to be available around July 2016.
As a separate but notable trend, the “de-banking” phenomenon that has swept several nations already is also evident in New Zealand. At time of writing, several cases sit before the Courts awaiting judgment where money remitters and other parties are challenging decisions of competing banks to close their accounts and facilities. This issue is likely to see considerable early case-law under the AML regime.
ABC – anti-bribery and corruption measures
The Organised Crime & Anti-Corruption Legislation Bill was finally passed by Parliament at the end of 2015, and is a welcome and overdue update to New Zealand’s anti-corruption laws. The changes are not a radical reform and, while taking the country closer to international legal best practice, fail to replicate stronger, more detailed compliance and enforcement measures such as those found in the UK Bribery Act 2010.
In large part, the law reforms arose in response to international rebuke by the OECD, in publishing its Phase 3 Report (2013) on New Zealand’s levels of compliance with the OECD Convention on Combating Bribery of Foreign Public Officials. The Bill included making a number of technical amendments to criminal laws as recommended in earlier OECD reports, finally ratifying into domestic law the United Nations Convention Against Corruption 2003 and other related international criminal instruments, and updating provisions to deal with modern scourges such as human trafficking, and passport fraud or cross-border identity related offences.
New Zealand prohibits bribery of foreign public officials and domestic public officials in the Crimes Act 1961. The relevant sections of this act are sections 99 to 106, which create specific offences for bribery and corruption of judicial officers, ministers of the Crown, members of parliament and law enforcement officers. A general offence of bribery also applies to public officials. Action may also be taken against corrupt public officials and potentially private sector bribe payers under the Secret Commissions Act 1910. This civil law statute has historically been seen as weak, with lesser penalties, but that at least has been corrected by the recent legislative reform package.
To highlight some of the technical, but still important, updating aspects:
- The definition of “crime involving dishonesty” was updated in the Crimes Act 1961 to ensure that all bribery and secret commission offences were covered, with the result that people convicted of corruption offences can be prevented from holding certain positions of trust in the community, and be subject to penalties including up to 7 years’ imprisonment.
- The foreign bribery offence in the Crimes Act now no longer contains a dual criminality requirement. This ensures that New Zealand can effectively prosecute foreign bribery under local statute, regardless of whether it was an offence in the country in which the conduct actually took place.
- The definitions of “business”, “employee”, and “routine government action” were also updated to ensure the foreign bribery offence applies to bribery in relation to the provision of international aid and more clearly to corporate activities, and for trading businesses abroad to try to limit the scope for the facilitation payments exception to become open to abuse.
- New offences were created to address gaps in the pre-existing anti-corruption framework, so that it is now explicitly a criminal offence to accept, obtain, offer or attempt to arrange a bribe involving a foreign public official in New Zealand or a body corporate domiciled here. Further, it is now a specific offence to accept a bribe in return for trading in influence over an official.
- The obligations of companies who might be drawn into foreign bribery were clarified, in particular by changing Companies Act rules to ensure record-keeping of any small facilitation payments (routine minor payments intended to speed up an action or process to which the payer is already entitled) in a consistent manner. Additionally, the Income Tax Act 2007 is amended to ensure that no bribes can be made tax deductible.
- Additional measures are created so that New Zealand can provide seamless cross-border assistance in corruption investigations and prosecutions by using existing Mutual Assistance in Criminal Matters Act processes.
Apart from foreign and public official bribery provisions, New Zealand’s main law concerning corruption in the private sector and civil actions remains the somewhat archaic Secret Commissions Act 1910. While its previous small, almost trivial, penalty regime has been overhauled to bring sanctions into line with public sector bribery and fraud offences (maximum of 7 years’ jail), the rest of this creaking statutory regime survives largely in current form.
Gary Hughes is a barrister in Auckland, recognised as one of New Zealand’s leading lawyers in the field of AML and financial crime cases. He was previously a partner in leading litigation boutique law firm Wilson Harle, and has extensive experience (including in London) in handling regulatory investigations, prosecutions, and compliance. Some of his other key practice areas include competition & consumer law, fraud, privacy, insurance law, technology and contract/commercial disputes.
Gary is the New Zealand Programme Director for ACAMS, and Country Officer for the IBA Anti-Corruption division in New Zealand.[/vc_column_text][/vc_column][/vc_row]