This article is a summary of the Department’s findings for the accountancy sector from its desk-based reviews and on-site inspections undertaken from January 2019 to January 2020.
Top 5 “compliant” areas
Review of AML/CFT programme
A business must review its AML/CFT programme to ensure it is current, identify any deficiencies in its effectiveness and then make changes as necessary. Many accountants have adequate procedures and policies for reviewing the AML/CFT programme.
The DIA checks to see if you have a process for review, who is responsible for undertaking reviews and how often this occurs. They see best practice as having effective version control. This allows you to keep track of your review procedures and see what and when changes have been made.
Another area that businesses are getting right is the compliance officer role. Under the Anti-Money Laundering and Countering Financing of Terrorism Act (the Act), a reporting entity must appoint someone to be the compliance officer. This is an important role as the compliance officer has responsibility for administering and maintaining the AML/CFT programme.
The DIA checks that you have appointed someone to this role and look at whether they are an employee who reports to a senior manager. If you are a sole practitioner, you are expected to be the compliance officer in most situations.
Regard to applicable guidance material
The DIA found that most accountants have considered guidance material produced by the AML/CFT supervisor and the Financial Intelligence Unit (FIU). This includes the New Zealand National Risk Assessment and the Accounting Sector Risk Assessment. These documents assist you to understand the types of money laundering or terrorism financing risks your business may face.
When undertaking a compliance review, checks are conducted to see if you have considered these documents in your risk assessment and in developing the policies and procedures for your AML/CFT programme.
Suspicious activity reporting
Reporting suspicious activity is a cornerstone of the AML/CFT regime. Your AML/CFT programme is checked carefully to ensure that it has effective policies, procedures and controls to meet this requirement.
The DIA checks whether your AML/CFT programme covers the required reporting timeframes, who is responsible for submitting the reports and how you ensure there is no “tipping off”. They also check whether you are registered for goAML, the FIU’s online portal for submitting suspicious activity reports.
Keeping risk assessment current
Most accountants have policies, procedures and controls for keeping their risk assessments current.
Keeping your risk assessment current involves regular review to identify deficiencies and then making changes as necessary. It also means staying informed on new or emerging money laundering and terrorism financing typologies and adjusting your risk assessment when this is relevant to your business.
Top 5 “non-compliant” areas
Wire transfer provisions
The Act contains requirements relating to information that must accompany a transfer of funds by electronic means. This ensures that a business passes on, or receives, information relating to the Originator and Beneficiary of every transfer of funds. Wire transfers present a high risk of money laundering which is why these requirements exist.
There are different parties to wire transfers; the Originator, the Ordering Institution, any Intermediary Institution, the Beneficiary Institution and the Beneficiary. Businesses should ensure they understand the relevant obligations when they are an Ordering or Beneficiary Institutions of a wire transfer. If a wire transfer is international, there is a further requirement to submit a Prescribed Transaction Report (PTR) to the FIU.
Some accountants have not demonstrated an understanding of what is required if they are an Ordering or Beneficiary Institution of a wire transfer.
If you don’t have a trust account, or do not make wire transfers on behalf of your customer, this should be stated in your AML/CFT programme.
For more help on wire transfers, please see the DIA's Wire Transfers Guideline.
Examining and keeping written findings, and adopting additional measures, for dealing with countries with insufficient AML/CFT systems
An AML/CFT programme must contain procedures, policies, and controls for monitoring, examining, and keeping written findings relating to business relationships and transactions involving countries that do not have or have insufficient AML/CFT systems. Additional measures should also be implemented for dealing with or restricting dealings with such countries.
It was found that some accountants are unsure how to determine which countries have insufficient AML/CFT systems or how to apply these requirements. In practice, the Financial Action Task Force (FATF) list of high-risk and other monitored jurisdictions should assist your AML/CFT programme relating to countries with insufficient AML/CFT systems.
That said, it is also important to note the money laundering and terrorism financing risks associated to a country are wider than whether it has insufficient AML/CFT systems. For example, it includes whether it has high levels of organised crime, bribery or corruption, or is known as a tax haven, or whether it borders a conflict zone or is associated with the production of or transnational shipment of illicit drugs. For more information on country risk, please refer to the Countries Assessment Guideline.
You must submit an annual report to your AML/CFT supervisor. This report must be in the prescribed form and submitted at the time appointed by the supervisor. The annual report is usually due between 1 July and 31 August to cover the preceding twelve months until 30 June.
The DIA reviews whether your AML/CFT programme includes your annual report requirements and whether you filed your last annual report on time. During an on-site inspection they may also check the content of your annual report to see that the data is accurate and reflects what we find during an on-site inspection.
Monitoring compliance AML/CFT programme
You are required to monitor your compliance with your AML/CFT programme. The procedures and controls you use to do this should be recorded in your AML/CFT programme, including your use of internal review and your independent audit requirements.
You should actively monitor your business’ AML/CFT compliance. In some businesses, the compliance officer undertakes regular spot checks on certain areas like customer due diligence to ensure policies and procedures are complied with. Other businesses have implemented a sign-off process by which each customer file is peer reviewed before business relationships are established or transactions undertaken. Whatever processes are adopted should be outlined in your AML/CFT programme.
It was found that while a business’ AML/CFT programme may state that compliance with all requirements is monitored, there is no evidence this is occurring when the business is checked on-site. For example, there was no record or regular spot checks or a peer review sign-off process being completed.
Examining and keeping written findings for large, complex and unusual patterns of transactions
Your AML/CFT programme must set out how you will examine and keep written findings relating to complex or unusually large transactions and unusual patterns of transactions that have no apparent or visible lawful purpose. This requirement also applies to any other activity that by its nature, may be related to money laundering or terrorism financing. What these areas of heightened risk look like for you, including what is “complex”, “unusually large” or an “unusual pattern”, will depend on your business.
Therefore, your first step to complying with this obligation is to identify your money laundering and terrorism financing risks in your risk assessment. Your findings need to be worked into your account monitoring procedures in your AML/CFT programme, with triggers for you to investigate or examine further. Part of this examination may be to conduct enhanced customer due diligence, requiring you to obtain and verify information regarding your customer’s source of funds or wealth.
The outcome of your examination should be recorded as your “written findings”. After looking into the activity or transactions, you may conclude that the activity was not suspicious. You should record this reasoning as part of your record-keeping. We recommend keeping a register of findings for large, complex or unusual patterns of transactions or other activities you have examined to meet this obligation.
The process of identifying risks, through to examining, conducting additional customer due diligence if required, and keeping written findings, is an area in which some businesses are not fully compliant. This may be because businesses are seeing the various requirements of the Act as separate, whereas in fact, many of the obligations overlap and reinforce each other. It is important to consider how your processes for each obligation can work together, be manageable, and protect your business from misuse for money laundering or terrorism financing.
It was found that businesses are aware of this obligation, but they do not have procedures or controls to spot the complex or unusual transaction, investigate it or record their findings. The DIA are also seeing highly complicated processes and procedures written into businesses' AML/CFT programmes, but when they visit there is no evidence to show the business is following its procedures.
This diagram below shows how different obligations can work together:
Want more like this?
See more articles like this in your inbox every month when you subscribe to the ATTIC Research Magazine.