How the AML/CFT Act affects your firm
Although New Zealand’s AML/CFT Act was first introduced in 2009, amendments in 2018 broadened its scope, expanding compliance obligations for law firms. Now, most firms must register as reporting entities under the Act and need to have robust ‘know your customer’ (KYC) processes in place – among other requirements.
KYC starts when a new client approaches your practice and continues throughout your relationship with the client. It’s about verifying key details and keeping an eye on potentially suspicious activity so it can be flagged early on.
Is your firm affected?
AML/CFT obligations don’t apply to every single law firm or conveyancing practice – it depends on the type of work you do. If you handle certain types of work in the day-to-day course of your business, you may need to register as a reporting entity and establish AML/CFT compliance processes in your practice.
If you handle conveyancing work or other real estate transactions, act as a formation agent, work with trusts or manage client funds, you’re likely to be affected. For a full breakdown of services covered under the act, read this guide from the DIA.
Your KYC obligations
If your firm is a reporting entity under the Act, you have several compliance obligations, including appointing an AML/CFT officer, completing a risk assessment and setting up procedures to minimise the risk of money laundering or other illegal activity. A key provision is the KYC requirement, which is about collecting and verifying identification details and other key information for every client. At a minimum, you need to verify:
- Full name and birthdate – taking a copy of a valid passport, NZ drivers’ licence or birth certificate
- Address details – a recent letter from a utility provider or a bank statement
You’re required to take reasonable steps to verify any information provided, which may mean viewing and taking copies of documents or asking clients to have them verified by a Justice of the Peace if you can’t see them in person.
Depending on the type of service you’re providing, you may also need to collect other information – details about trusts or trustees, the source of funds or the work being proposed. If clients are unable to produce this information, you may be unable to provide them with services.
Ongoing monitoring and suspicious transactions
Your AML/CFT obligations don’t end at sign-up. Your compliance officer is also required to monitor activity throughout your relationship with the client, keep secure records, and report suspicious transactions or behaviour to the senior manager of your firm.
Suspicious activity can include:
- Unusual methods or timing of payments – e.g. paying a deposit early in the purchase process
- A client avoiding in-person contact without a reason
- Rapid back-to-back property purchases
- Unusual activity with trust accounts – e.g. ‘overpayments’ and refund requests.
- Lack of legal documentation around a transaction
- Large cash payments
- Lack of information about clients and/or their business
If this suspicious activity is noted, your firm may need to report details to the Financial Intelligence Unit.
Managing your KYC obligations may seem relatively straightforward – but it can also add to your already heavy workload. Outsourcing at least some aspects of your compliance programme to an expert agency like FirstAML can be a lifesaver.
FirstAML can take over the KYC elements of your compliance, automating ID verification and ensuring secure storage of customer data. We understand the importance of balancing compliance with customer service, so we focus on meeting your obligations and making the process simple for everyone involved.
Streamline your KYC processes now – get in touch.