This article is a summary of the Department’s findings for the real estate sector from its compliance assessments undertaken from 1 January 2019 to 31 July 2020.
Top 5 “compliant” areas
An area that real estate agents are getting right is the compliance officer role. Under the Anti-Money Laundering and Countering Financing of Terrorism Act (the Act), a reporting entity must appoint a compliance officer. This is an important role as the compliance officer is responsible for administering and maintaining the AML/CFT programme.
The DIA check that you have appointed someone to this role and look at whether they are an employee who reports to a senior manager. If you are self-employed, they expect you to be the compliance officer in most situations.
Assessing the risks of your services
When undertaking your risk assessment, you must have regard to the products or services you offer.
The DIA have found real estate agents are sufficiently assessing the risk to their services. For example, they are considering whether the client can remain anonymous, or for an ultimate beneficial owner or the source of the client’s wealth or funds to be concealed.
You must submit an annual report to your AML/CFT supervisor. This report must be in the prescribed form and submitted at the time appointed by the supervisor. The annual report is usually due between 1 July and 31 August to cover the preceding twelve months until 30 June.
The DIA have found that real estate agents’ AML/CFT programmes document the annual report requirements.
You must keep all records required by the AML/CFT Act. Record-keeping is an important part of your AML/CFT programme and must enable transactions to be readily reconstructed at any time. You must keep records for a minimum of five years after a transaction, activity, or wire transfer has been completed or your business relationship with a client has ended.
In addition to records of transactions and activities, you must keep:
customer due diligence (CDD) verification records
records relevant to the establishment of or obtained during the course of a business relationship with a client. You are required to keep all records relevant to the nature and purpose of the relationship and the activities undertaken for a client. For example, this includes correspondence with a client and any notes or written findings you have made.
records relating to your risk assessments, AML/CFT programmes and independent audits.
Your AML/CFT programme should describe how you manage the retention of your records. For example, how and where you will store your records and ensure that all required records are kept.
It has been seen that real estate agents successfully adapt their existing business processes and IT systems to meet their AML/CFT record keeping requirements. The DIA have also seen some agents successfully implement controls to ensure all CDD requirements are met and records retained before they can list a property.
Regard to applicable guidance material
It was found that most real estate agents have considered guidance material produced by the Department and the Financial Intelligence Unit (FIU). This includes the New Zealand National Risk Assessment and the DNFBP Sector Risk Assessment. These documents assist you to understand the types of money laundering or terrorism financing risks your business may face.
When undertaking a compliance review, checks are conducted to see if you have considered these documents in your risk assessment and in developing the policies and procedures for your AML/CFT programme.
Top 5 “non-compliant” areas
Examining and keeping written findings
Your AML/CFT programme must set out how you will examine and keep written findings relating to complex or unusually large transactions and unusual patterns of transactions that have no apparent or visible lawful purpose. This requirement also applies to any other activity that by its nature, may be related to money laundering or terrorism financing. What these areas of heightened risk look like for you, including what is “complex”, “unusually large” or an “unusual pattern”, will depend on your business.
The real estate sector is assessed to have an overall inherent level of medium-high risk. Real estate is a high-value asset often used domestically and internationally to launder and invest criminal proceeds. Where real estate services involve other high-risk factors such as complex ownership structures, international payments, high-risk customers, the risk of ML/TF compounds. Real estate agents should be looking to examine these engagements more closely. With financial transactions specifically, real estate agents should understand how their trust account may be vulnerable to ML/TF and what constitutes a complex, unusually large or unusual pattern of transaction.
Your first step to complying with this obligation is to identify your ML/FT risks in your risk assessment. Your findings need to be worked into your monitoring procedures in your AML/CFT programme, with triggers for you to investigate or examine further. Part of this examination may be to conduct enhanced customer due diligence, requiring you to obtain and verify information regarding your customer’s source of funds or wealth.
The outcome of your examination should be recorded as your “written findings”. After looking into the client’s circumstances, you may conclude that it is not suspicious. You should record this reasoning as part of your record-keeping. The DIA recommend keeping a register of findings to ensure you meet this obligation.
The process of identifying risks, through to examining, conducting additional customer due diligence if required, and keeping written findings, is an area in which some real estate agents are not fully compliant. This may be because agents are seeing the requirements of the Act as separate, whereas in fact, many of the obligations overlap and reinforce each other. It is important to consider how your various AML/CFT obligations can work together, be manageable, and protect your business from misuse for ML/TF.
While real estate agents are aware of this obligation, it has been found they do not have procedures or controls to ensure circumstances in which the risk of ML/FT is higher are properly reviewed and findings recorded. In some circumstances, the DIA have seen highly complicated processes and procedures documented in an agent’s AML/CFT programme. However, when visits are made, there is no evidence to show the business is following its procedures.
The diagram below shows how different obligations can work together:
Applying Enhanced Customer Due Diligence (Enhanced CDD)
When conducting enhanced CDD, a higher level of customer due diligence is required. Increased or more sophisticated measures may need to be applied to verify the biographical information that would ordinarily be obtained under standard CDD. Also, some types of enhanced CDD require you to obtain and verify information relating to the source of funds or the wealth of the customer.
The AML/CFT Act requires mandatory enhanced CDD on a customer that is a trust. This recognises the potential use of trusts to disguise the criminal origin of funds or conceal the person that is benefitting from them. Enhanced CDD must also be conducted in any other situation where you determine the level of risk is such that it is required. For example, if you know or determine the client is associated with criminal groups, or their behaviour or questions they ask raise concerns. For more information on ML/TF red flags for real estate agents please see page 40 of the Real Estate Guideline.
While real estate agents understand the requirement to conduct enhanced CDD on certain clients and in certain situations, the DIA have found when it comes to verifying enhanced customer due diligence information from reliable and independent sources, some are non-compliant.
The DIA recognise that verifying source of wealth or funds information can be difficult for real estate agents who are listing a house, especially where the house has been owned by the vendor for many years. Information you know about your client and the beneficial owners, and your assessment of the level of risk will help you to determine what steps you need to take to verify the source of wealth or source of funds. Ultimately, you need to be satisfied that your client bought and owns the house from legitimate sources.
For more information, please refer to the Enhanced Customer Due Diligence Guideline.
Amended Identity Verification Code of Practice 2013 (IVCOP)
You may choose to comply with IVCOP when verifying the identity of a customer (that is a natural person). IVCOP provides a ‘safe harbour’ for the requirement to verify the name and date of birth of a customer assessed to be low or medium risk. Alternatively, you may decide not to comply with IVCOP and to adopt equally effective means to verify a customer’s identity. If so, you should consider whether to ‘opt-out’ of IVCOP by providing written notification to the Department.
When undertaking our compliance assessments, the DIA consider whether you comply with IVCOP or have implemented equally effective means. If you use Part 1 or 2 of IVCOP, checks are done to find whether you have an exception handling procedure for a customer who is unable to satisfy the identity requirements. Make sure you document and keep records of how and why the customer was unable to comply and the process you followed. The DIA also noticed that in some cases, real estate agents have been using an exception handling procedure for when their client does not have their identity documents with them or easily accessible, which is not compliant.
For situations where you are unable to meet a client face to face, be sure to follow what is required in IVCOP. If you are using Electronic Identity Verification (EIV) under Part 3 of IVCOP, please note that a selfie, a scanned copy, or a document sent by email or an EIV provider company is not an electronic source. Rather, an electronic source is a record kept in electronic form containing authenticated core identity information about an individual. In most circumstances at least one of the sources used should be maintained by a government body. If you are using an EIV provider, ask them how they enable you to meet Part 3 of the IVCOP.
Monitoring compliance AML/CFT programme
You are required to monitor your compliance with your AML/CFT programme. The procedures and controls you use to do this should be recorded in your AML/CFT programme, including your use of internal review and your independent audit requirements.
You should actively monitor your agency’s AML/CFT compliance. In some real estate agencies, the compliance officer undertakes regular customer due diligence spot checks to ensure policies and procedures are complied with. Other real estate agents have implemented a sign-off process by which each customer file is peer-reviewed before business relationships are established, or activities or transactions undertaken. Whatever processes are adopted should be outlined in your AML/CFT programme.
It has been found that some AML/CFT programmes state that controls are in place to ensure AML/CFT compliance, there is no evidence this is occurring when inspections are undertaken. For example, the real estate agent is not able to provide records of reviews or peer review sign-offs having occurred.
Politically Exposed Persons (PEPs)
As soon as possible after establishing a business relationship or conducting an occasional transaction or activity for a client, you are required to take reasonable steps to identify whether your client (or any beneficial owner) is a PEP.
A PEP is a person, an immediate family member of that person, or someone who has close business ties to that person, who is or has been (in the preceding 12 months) in a prominent public function in an overseas country. For example, a head of state, senior politician, or an official with a public profile.
While some real estate agents conduct a PEP check through a third-party provider, others undertake open-source checks using an internet search engine. This often occurs alongside a self-declaration question that a client must answer when establishing a business relationship. What constitutes reasonable steps will depend on the client or situation, for example, if the client is based overseas or has international links the likelihood of there being a PEP is higher.
When the Department is undertaking compliance assessments, they have seen AML/CFT programmes that do not mention the requirement to take reasonable steps to determine if a client or beneficial owner is a PEP. As a requirement for an AML/CFT programme to include policies, procedures and controls to meet your obligations relating to PEPs, this will mean you are non-compliant. When interviewing staff during an on-site inspection, the DIA have also noticed that some do not understand what a PEP is, or of PEP checking requirements.
To raise compliance in this area, outline in your AML/CFT programme what a PEP is, and how you will comply with your PEP checking requirements.
Want more like this?
See more articles like this in your inbox every month when you subscribe to the ATTIC Research Magazine.