- An illustrative risk assessment and AML/CFT programme to help get you started
- A 'one stop shop' for conducting customer due diligence
- How to perform an AML audit if you want to explore this opportunity
As we have reported over the last year or so, the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 has been extended to accounting practices who provide certain services that are prescribed in the Act (“reporting entities”). This legislation takes effect on 1 October 2018, by which time reporting entities will need to have a compliance officer, risk assessment and AML/CFT programme in place.
The compliance officer is responsible for administering and maintaining the AML/CFT programme. This should be an employee who reports to a senior manager. In the case of a sole practitioner, the supervisor (DIA) expects the sole practitioner to be the compliance officer. If that is not possible, an external person must be appointed as a compliance officer.
Performing a risk assessment involves identifying and assessing the risks your business reasonably expects to face from money laundering (ML) or financing of terrorism (FT). Section 58 of the Act contains some mandatory requirements, and six factors it must specifically address.
The AML/CFT programme is based on the Risk Assessment. It sets out the adequate and effective policies, procedures and controls that are in place in your business to detect ML/FT if it were to occur. Section 57 of the Act contains some mandatory requirements, and 13 areas it must specifically address.
AML 'how to' guides
Select ‘New Zealand’, then ‘Anti-Money Laundering’. You will need to login for these member-only resources.Access now
The main issue for the majority of firms appears to be where to start in the preparation of these two key documents. When faced with a blank piece of paper and a high level principles “risk-based approach”, attempting to translate the obligations in the Act into a tangible output can be challenging. We know that some members have been hoping for templates from us that you could simply fill in. The reality is that due to diversity of accounting practices, we are not able to provide a “turn-key” compliance solution.
Instead, we have produced an illustrative risk assessment and an illustrative AML/CFT programme. These documents provide you with a structure you can follow, but they are only indicative of what these documents could look like in practice. The illustrative risk assessment includes one possible risk methodology you may apply, but there are others. The illustrative AML/CFT programme includes examples of policies, procedures and controls, some of which may be appropriate for your business, others may not be.
We cannot emphasise enough the importance of ‘owning’ these documents. They are not just a ‘set and forget’, they are living documents that need to be updated as developments occur and as your business changes.
If you adopt these illustrative examples as templates with little or no attempt to adapt them to your particular business, then be prepared to receive negative supervisory comments during desk-top reviews and on-site inspections.
With a little just over three months left to become AML/CFT compliant, it is vitally important that affected firms move quickly now to meet the 1 October 2018 timeframe.
Customer due diligence
A cornerstone of the AML/CFT Act is the performance of customer due diligence (CDD). The core principle is about knowing your client. You will need to integrate identification verification into your existing client acceptance and continuance procedures.
The requirements around CDD are many and varied so in this ‘how to’ guide we break it down into digestible pieces. Also the existing guidance that is out there is dispersed across multiple documents and this guide brings it all together into a ‘single source of truth’.
This will enable you to work through the requirements on a systematic basis and determine what you need to do to comply more efficiently and how practically you can achieve compliance.
The AML audit
On the upside, the AML/CFT Act also brings with it a new business opportunity. All phase 2 reporting entities (estimated to be in the region of 6,000) are going to need an assurance engagement over their risk assessment and AML/CFT programme every other year. Currently there are only 1,700 Phase 1 reporting entities. This creates a potential additional service offering for accounting practices, whether your business is a reporting entity or not.
As a New Zealand based CA ANZ member, you must hold a Certificate of Public Practice before undertaking AML audits.
Should you wish to start providing AML audits, or you just want to understand more about how your AML audit will be carried out, this ‘how to’ guide explains how such an engagement maps to the assurance framework and the CA ANZ Regulations. It also includes an illustrative engagement letter, representation letter and assurance report.