What NZ accountants need to know about implementing an anti-money laundering programme
If you are a public practice accountant operating in New Zealand, you are required to comply with the Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) obligations outlined in Phase 2 of the AML/CFT Act 2009, which commenced in October 2018.
Under the new requirements, you must carry out an AML risk assessment and implement a compliance programme. An effective compliance programme should have systems and controls in place to detect AML activity and be founded on an in-depth understanding of regulatory requirements. It should also be regularly overseen by AML experts to ensure compliance at every level of your organisation.
Being fully aware of, and meeting your obligations to the level of detail expected by an AML regulator can present a significant challenge for accountants.
What are the core components of an AML programme under the Act?
- Commitment to compliance from the top: The Board and senior executives should be dedicated to ensuring every person in the organisation includes compliance as part of their responsibilities.
- Assign a designated compliance officer: The duty of the compliance officer is to administer and maintain the AML programme, and oversee implementation of policy throughout the organisation. Their role is to liaise with authorities, auditors and senior management and make policy recommendations based on audit outcomes.
- Conduct a risk assessment: Regulated entities must apply a risk-based approach to compliance and a regular risk assessment should be a core part of an AML programme. The risk assessment should include a comprehensive risk profile, identifying areas vulnerable to money laundering, and evaluating the adequacy of the controls in place to mitigate such risks.
- Develop internal policies, procedures, and controls: The internal controls and systems should effectively detect and report the financial crime, and ensure that all compliance obligations are adequately and effectively met. Additionally, a regular review should be conducted to measure their effectiveness in meeting compliance requirements.
- Know Your Customer (KYC) programme: A KYC programme is a set of procedures to gather information about your clients and understand the identity of individuals. It should be conducted as part of the new-employee onboarding process and re-assessed regularly.
- Ongoing training programme: Employees with responsibility for compliance reporting, information gathering, and risk management procedures should undergo regular training to ensure compliance with the Act.
- Independent audit: The AML programme should undergo independent auditing and assessment by a third-party organisation at least every two years. In large organisations, this may be conducted by an internal team, which is independent of the AML function.
- AML programme manuals: Once you have completed the AML risk assessment, you must maintain an AML programme manual, documenting the systems, procedures, and controls that you have in place to mitigate and manage identified risks.
Using an automated solution like AML Accelerate takes the pain and expense out of running a compliant AML programme. To learn more about how AML Accelerate can help you protect your business and meet your regulatory obligations, contact Arctic Intelligence for a no-obligation, confidential discussion.