The 12 Days Of Christmas: AML Edition

Dr AML: Alice Tregunna, CEO, The TIC Company


Another year nearly over and it’s now well over eight years since the AML/CFT Act became a feature of our lives. We were gently eased into the new regime during 2013, and regulators trod softly, giving entities the opportunity to embed processes and procedures. But now older and wiser we have to be ready to hit the ground running in 2022 as regulators are more ready than ever to take formal enforcement action, and the increase in illegal money laundering activity continues.


Before we ring in the New Year and get ready to tackle our 2022 AML obligations, we take a look back at the year that was in the AML world, and what learnings we can take into the New Year to make all our lives a little bit easier.


1. A stack of papers called Pandora

A gift of secret papers wrapped carefully with a bow, revealing the questionable goings on of billionaires and politicians, offshore havens, hidden riches, and how weaknesses in country regulations can facilitate money laundering activity.


And this is where New Zealand comes in. With no requirements to register a trust or the ultimate beneficial owner, New Zealand is an easy place to set up a trust or business. A fact which Pandora exposed, but was already well noted as a weak link in the fight against money laundering.


This not-so-secret secret, means we have to be extra vigilant when dealing with trusts, and as part of a robust compliance programme make sure we are asking the right questions:

  • Who benefits from the company?

  • Who benefits from the trust?

  • Who is the professional trustee?

We’re not yet gifted with a law change to help make identifying trust ownership any easier, but a statutory review is underway so we will see what changes that brings in 2022.


2. Statutory review


Not two turtle doves offering love and friendship, but an offer to share your experiences of current AML/CFT legislation and how it impacts your life came in the form of the regulator’s statutory review. Submissions closed on 3 December, and the review will finish in June 2022. The review is interested in views on:

  • Institutional arrangements and stewardship

  • Scope of the AML/CFT Act

  • Supervision, regulation, and enforcement

  • Preventive measures

  • Other issues or topics

  • Minor changes

This will help examine some key areas, such as the transparency and beneficial ownership of legal arrangements for trusts, but a review won’t solve all our problems. We need to create a true public-private partnership with a willingness to share data, an assurance that outsourcing companies are properly regulated, and enhance AML/CFT literacy at all levels of society.


3. EIV and biometrics


An amendment was issued by the regulators in July which was a timely reminder that there are two components to EIV, neither of which should be overlooked:

  • Confirmation of identity information via electronic source(s); and

  • Matching the person you are dealing with remotely to the identity that they are claiming.

There were a number of methods being used when identifying a person via an electronic source which prompted the amendment, such as use of a selfie photo or video, and uploaded images of a person’s identity documents. Neither of these methods provide sufficient evidence.


It is important to note that when identifying information via an electronic source it should be from an underlying database where authenticated core identity information is held, and against which an individual’s identity can be properly verified.

4. Regulators come a calling


We can expect to see more enforcement activity from all three regulators as their expectation on entities to meet their AML obligations increase, and they issue formal enforcement action as well as requiring entities to take remedial action.


So, whose door did the regulators knock on in 2021?


The three big ones that made the headlines were:

  • Westpac for failing to detect and report corporate transactions to overseas recipients.

  • TSB also got pulled up for a lack of adequate procedures, failure to review its AML programme, and failure to conduct a risk assessment of its real estate business.

  • Sharesies received an official warning for failure to obtain correct, or sufficient information, and for not completing identity verification for some customers when they should have.

These companies weren’t accused of being involved with money laundering, but it’s a lesson to us all that we need to have the correct processes and procedures in place to ensure robust AML compliance, prevent any exploitation by criminals, and to avoid remedial action, warnings and fines from the regulators.


5. FATF Evaluation Report


Not quite five golden rings but the results of the FATF Evaluation Report saw NZ praised for, among other things, having a robust understanding of its money laundering and terrorist financing risks, and identifying and pursuing parallel money laundering investigations alongside investigations of significant proceeds.


Good news for New Zealand, but several shortcomings were also identified in legislation which has resulted in the current statutory review of the AML/CFT Act.


6. Technology in AML


We couldn’t go too far without mentioning technology and how we can use new technology to be more effective when carrying out our AML obligations. There has been a huge surge in investment in AML tech companies for a good reason – the requirement to ‘know your customer’. This requirement can be hard to manage on an ongoing basis, is time consuming, and open to human error, so the time is ripe to find a technical solution which provides both speed and compliance.


Technology won’t take away the need for manual intervention or a robust compliance programme, but it can go a long way to help create a more streamlined accurate AML process.


7. The rise of crypto


Just like our ‘seven swans a swimming’ there are factors moving below the surface which have driven the rise of cryptocurrency. It’s no longer confined to dark web activity but is commonplace enough to require regulation by the DIA.


Constant new trends and technologies make the potential for compliance issues high in the cryptocurrency world, and VASPs or Virtual Asset Service Providers should pay particular attention to customer due diligence, enhanced customer due diligence, account and transactions monitoring, compliance reviews and customer spend limits to help avoid the potential for money laundering.


8. Changes for real estate


With people’s increasing familiarity with technology, and COVID restrictions, buying property ‘sight unseen’ is on the rise which is great if you’re trying to sell your house, but can also be viewed as an attractive vehicle for the money laundering criminal.


In recognition of this, the regulators say this type of transaction must be addressed in your risk assessment and AML/CFT programme. The DIA state key obligations when dealing with sight unseen property buyers are:

  • Customer due diligence – in particular delayed verification, electronic identity verification, and relying on another reporting entity or persons in another country.

  • Politically exposed persons - the identification of their potential status as a PEP as well as meeting enhanced due diligence requirements when they are.

  • Account and transaction monitoring and suspicious activity reporting – this will assist you in identifying suspicious activity.

  • Wire transfers and prescribed transaction reporting – when receiving funds into your trust account from or for your client.


9. Global fines in 2021 to date


Some companies around the world will be feeling a bit lighter in the pocket as they pay out some hefty fines for not complying with anti-money laundering laws. Kroll consulting firm’s research shows that there were $994 million worth of fines in the first six months of 2021, with regulators imposing tougher penalties.


Larger fines included $390 million against Capital One and $100 million against cryptocurrency platform BitMEX.


10. Changes to European AML regulations


July 2021 saw the EU propose anti-money laundering regulations affecting technical and operational aspects of AML obligations. EY outlines these changes as:

  • An EU rule book on AML and combatting the financing of terrorism.

  • The establishment of an EU-wide AML supervisory authority called AMLA.

  • An EU-wide financial intelligence unit (FIU) to be overseen by AMLA.

  • An extension of the scope of the wire transfer regulation to cover crypto assets and new requirements for crypto asset service providers (CASPS), payment service providers (PSPs) and intermediate payment service providers (IPSPs).

Some of these changes will require more information collecting from entities, and like New Zealand recognises the need for regulation with emerging technologies such as cryptocurrency. The potential upside for EU entities is that they will be dealing with a single EU supervisory body, improving consistency and standards.


11. Customer due diligence


Knowing your customer, and conducting the right type of customer due diligence sits at the heart of a robust AML compliance programme, and done right can make all the difference in helping to prevent money laundering and getting good results from your audit.


We all have to do it so it pays to get it right. Make sure you pick the right level of CDD for your customer and given situation:


12. Professional development


Drumroll please from our ’12 drummers drumming’, for recognition of professional development in the AML space.


We have a way to go, but right now, Massey University offer a new credential called ‘the New Zealand anti-money laundering compliance officer’, which aims to ensure employees are well equipped to manage AML compliance obligations. And the University of Waikato, alongside the Indonesian Government, offers a number of scholarships for Indonesian postgraduate and doctoral students to research aspects of New Zealand law and money laundering.


Without providing training in AML and support to compliance officers, AML teams won’t have the backing, education and tools to effectively manage AML requirements, so professional development is critical to our continued learning and compliance.


That wraps up our 12 days of AML, if you think we’ve missed a few, feel free to contact me here at TIC Company.


Alice Tregunna, CEO, TIC. Co.

Read more from Dr AML in 'Exposed! Pandora shines a light on NZ's AML Compliance failings'