Your Time Is Up: AML Fines & Penalties Will Become More Commonplace In NZ If We Don't Raise Our Game

Dr AML: Alice Tregunna, CEO, The TIC Company


We’ve all heard about breaches of AML regulations from around the world and even a few from the big banks in New Zealand and Australia. These breaches can add up to some huge financial penalties for the businesses involved which seem way beyond the realm of most of us working in small to medium sized Kiwi businesses.


Let’s not kid ourselves though and start believing it’s only the big guys who are going to feel the impacts of breaching regulations. Authorities are issuing warnings to smaller businesses when necessary – it’s just not making national headlines.


We’ve been given long enough to get our AML ducks in a row and our time is up. Regulators will use every arsenal in their toolbox to ensure we meet our AML obligations so it's time to make sure we get things right. And if we don’t, we face the risk of lengthy and difficult remediation actions, damage to reputation and unwanted fines.


The regulators at large


It was over ten years ago that the AML/CFT Act 2009 was passed into law and over eight years since the law came into effect in 2013.


The three regulators responsible for enforcing these laws are:

  • The Reserve Bank of New Zealand (RBNZ) who are responsible for banks, non-bank deposit takers and life insurers.

  • The Financial Markets Authority (FMA) who supervises financial service providers such as issuers of securities, trustee companies, futures dealers, brokers, financial advisers and collective investment schemes.

  • The Department of Internal Affairs (DIA) who oversees compliance of casinos, non-deposit taking lenders, money changes, real estate agents, lawyers, accountants, conveyancers, and any other financial institution not supervised by the RBNZ or FMA.

We’ve been given time to learn and adapt to the law changes and implement compliance programmes and it’s not been an easy or simple process, but by now most of us have some AML practices in place designed to meet the requirements.


The risk is that after the initial burst of activity to meet the requirements we forget AML compliance is an ongoing process that takes ongoing effort. A lack of attention to monitoring and managing ongoing compliance will put businesses at risk of non-compliance at a time when regulators are becoming less tolerant of breaches and are increasingly using the law to enforce compliance.


What enforcement action can be served?


The regulators have a few choices when it comes to taking enforcement action.

  • Formal warnings

A formal warning notifies entities of where they have failed to comply with parts of the AML/CFT Act and what actions must be taken to ensure compliance with the Act.


A plan must be prepared by the entity detailing how and when it will complete actions outlined in the formal warning. Actions must be completed by the date agreed or set by the regulator. Failure to comply with a formal warning may result in enforcement action.

  • Enforceable undertakings

Enforceable undertakings are the specific steps an entity has to take to amend or correct deficiencies in its risk assessment and AML/CFT programme identified by the regulator.

  • Seek an injunction for the High Court

In the event an entity fails to meet the terms of the enforceable undertaking, the regulator may apply to the court for a court order directing the entity to comply with the enforceable undertaking.

  • Apply to the court for pecuniary penalties

The regulator may apply to the High Court to order a person to pay a pecuniary penalty.


For a civil liability act specified in section 78(b), (c), (d), or (g), the maximum penalty for an individual is $100,000 and for a body corporate or partnership it is $1,000,000.


For a civil liability act specified in section 78(a), (da), (e), or (f), the maximum penalty for an individual is $200,000 and for a body corporate or partnership it is $2,000,000.


Civil liability acts cover the fundamentals of the AML/CFT Act and include non-compliance activity such as, failure to adequately monitor accounts and transactions, failure to carry out customer due diligence, failure to adequately monitor accounts and transactions, and failure to implement or maintain an AML/CFT programme.