Date posted: 17/09/2020

AML audit requirement – Has yours been completed yet?

The AML/CFT Act requires all reporting entities to complete an independent audit every two years.

In brief

  • Accountants and bookkeepers are required to have their first independent audit completed by 30 September 2020
  • Chartered Accountants cannot enter into reciprocal audit arrangements as this would breach their professional obligations
  • Only Certificate of Public Practice (CPP) holders may undertake AML/CFT audits

Independent audit obligation

The AML/CFT Act requires all reporting entities to complete an independent audit every two years.

Accountants and bookkeepers are required to have their first independent audit completed by 30 September 2020.

Despite this, the DIA notes that some reporting entities may have been adversely affected by COVID-19 and are unable to complete their first independent audit by the deadline. As such, the DIA has confirmed that no adverse compliance action will be taken where the relevant deadline is not met, provided the reporting entity has acted in good faith. Reporting entities should be able to explain how COVID-19 affected their ability to complete their audit and be able to demonstrate steps taken to do so upon lifting of Alert Levels.

The audit obligation is a systematic check of a reporting entity’s AML/CFT programme, and assesses whether the AML/CFT programme is functioning in practice and that the policies, procedures and controls in place are based on the money laundering and financing terrorism risks identified by that business. The DIA has also released a webinar which provides further background on this obligation and can be found further below.

Reciprocal audits

To help with meeting the independent audit obligation, the DIA also notes that some sectors may be able to meet this obligation through reciprocal audits.

Chartered Accountants (i.e. members of Chartered Accountants Australia and New Zealand, (CA ANZ)) are required to comply with the assurance standards and the professional and ethical standards issued by the External Reporting Board (XRB) to ensure quality, consistency and reliability of their work. As such they are required to meet high standards of independence, and internal audits or reciprocal audits would not be considered independent under these standards. 

Further, it is important to note that under paragraph 10.5 of the NZICA Rules, only members who are Certificate of Public Practice (CPP) holders may undertake AML/CFT audits. For completeness, auditors who are not members of a professional body are still required to demonstrate independence in accordance with the DIA guidelines.

Risks arising from COVID-19

Physical distancing due to COVID-19 has created an increased emphasis on providing online services which has increased the risk of reporting entities being used in scams and fraudulent schemes. 

In particular, the DIA has noted that common fraud and scams (such as charities scams, immigration scams, phishing and identity theft) have increased both nationally and globally during COVID-19.

The DIA recommends that reporting entities review their risk assessment and AML/CFT programme to identify any emerging risks from COVID-19 and ensure policies and processes reflect current business practices, such as increased online interactions and transactions.

Related links

DIA webinars

Search related topics