2023 Amendments to the New Zealand AML/CFT Act

The new Anti-Money Laundering and Countering Financing of Terrorism (Requirements and Compliance) Amendment Regulations 2023 (Regulations) has now been published bringing with it the most significant changes to the framework since the incorporation of Phase 2 entities.

The long-awaited Regulations have broadened the scope of the existing AML and CFT framework aiming to include a wider range of activities and entities.

These changes are intended to provide regulatory relief for reporting entities where risk has been identified as low, and to clarify existing compliance obligations within the AML/CFT regime.

The Regulations emphasise the importance of having effective measures in place when it comes to verifying identities and assessing potential risks associated with money laundering and financing terrorism.


The rollout of the Regulations has been staggered through three stages. 

Effective 31 July 2023

The first stage will provide immediate regulatory relief to reporting entities.

Effective 1 June 2024

The second enforces new obligations for existing reporting entities.

Effective 1 June 2025

The final phase extends the coverage of the regime to sectors not currently covered.


In essence, the new regulations aim to address the biggest complaints from industry and better align New Zealand legislation with FATF recommendations. 

Specifically the regulations:

  • Improve clarity;
  • Cover loopholes, gaps, and unintended consequences; and
  • Provide staggered implementation allowing time for maximum compliance with a focus on regulations desired by industry coming into effect as soon as possible, whilst the regulations that most substantively increase obligations will have a two-year implementation period.

Who’s affected

All current reporting entities under the AML/CFT Act are affected by these changes.

It’s also important to note that they are exploring or committing to extending the regulations to previously non-captured entities and activities.


Time’s up

The Act has been designed to mature the regime from ‘detect and deter’ to ‘prevent, detect and deter.’

In our opinion, this means the grace period is up. This new amendment answers the biggest criticisms from industry in exchange for the requirement of embedding a culture of compliance into every reporting entity. This is most evident in the shift to a risk-based approach.

“A risk-based approach should also ensure that an AML/CFT regime is flexible and adapts to changes in risks, and that resources are allocated efficiently and in proportion to levels of risk.”


They have also stated that non-compliance will be met with heavy penalties, in short, the Act now has ‘teeth’.

  • R102. Amend the Act to enable infringement notices to be issued in appropriate circumstances (e.g. failure to provide annual report on time, failure to have an AML/CFT programme).
  • R103. Enable AML/CFT supervisors to restrict, suspend, or cancel a business’ AML/CFT or prudential licence or registration (and/or request the relevant registration or licensing authority to do so) following AML/CFT non-compliance.
  • R105. Amend the Act to increase available penalties ensuring they are able to be proportionate to the level of non-compliance and appropriate to the size or nature of the business. This could be achieved by increasing the maximum penalties available or prescribing different maximum penalties depending on the size or the type of business.
  • R107. Extend civil sanctions to directors, senior managers, employees, and agents in appropriate circumstances, such as where they were responsible for making the decision that resulted in the business not complying with their AML/CFT obligations.
  • R109. Extend the time limit for prosecuting AML/CFT offences from three years to seven years.


The Act also recognises the potential (and arguably, the need) for technology to improve the effectiveness and efficiency of implementing the regime. 

We welcome their recommendation to “Explore amending the Act to provide for an accreditation or certification process for technological solutions to make it easier for businesses to identify what products will be useful. In the interim, the AML/CFT supervisors should issue guidance about how businesses can use technology.” 

Real estate under the microscope

The Act explicitly calls out real estate as a focus area, “We have identified a number of ways the Act could be strengthened to combat areas of high risk. In particular, we are concerned that illicit capital is still able to enter the real estate market despite the inclusion of law firms, conveyancers, and real estate agents in the regime between 2018 and 2019.”

They go further by calling it out in detail, “Real estate continues to be the asset of choice for money laundering… For example, in the financial year ending June 2021, 100 properties totalling NZD 73.7 million were seized by the Police, which was an increase from the previous year where 51 properties totalling NZD 55.7 million were seized. This suggests that large sums of illicit capital may still be able to enter the market, and also may be contributing to inflating property prices in New Zealand.”

2023 impact - all industries

We’ve highlighted relevant parts of the Act that relate to some of the most common problems and queries we see across our client base.

Definition of “beneficial owner” extended. (Reg 5AA)

This change has introduced the concept of “ultimate ownership” and “indirect” ownership. This helps reporting entities to more accurately assess beneficial owners especially in scenarios where your client may be acting on behalf of another person.

Countries with insufficient AML/CFT measures in place (Reg 22)

This clarifies that a country with insufficient AML/CFT systems in place is identified by the Financial Action Task Force (FATF) as being a high-risk jurisdiction, and requires a call for action. Transacting with clients from high-risk jurisdictions will require enhanced CDD. North Korea and Iran are included on this list.

Changes for Designated Non-Financial Businesses or Professions (DNFBP)

A DNFBP is not required to do CDD on an already existing client that they have previously provided captured services for. Unless there are reasonable grounds to doubt the adequacy   or veracity of the documents, data, or information previously obtained or the level of risk involved otherwise requires it.

If DNFBP has an existing customer that they previously provided non-captured services for, where they will now provide captured services, they will be required to perform CDD on that customer.

2024 - 2025 impact

Addition of a requirement to risk-rate customers as part of the CDD process (2025)

Some of the earlier proposed changes have not featured in the amended Regulations. These include relaxing the requirement address verification during standard CDD, and taking a risk-based approach to enhanced CDD on low risk trusts. These will require a legislative approach.

A gradual approach over the next few years will allow reporting entities time to be prepared and implement changes where and when required. The AML/CFT regime leaning towards a more risk-based approach allows reporting entities to ensure the processes they put in place are not only compliant, but also practical for them and their clients. 

The process is becoming more subjective, which means that many of our customers will be making changes to their compliance programmes and practices. We encourage our customers to start operationalising any changes that will affect their business, or start to think through how to bring their operations into compliance for the changes that are coming in 2024 and 2025.


The Act recommends that it:

Extend the timeframe for which a person is considered a PEP from 12 to 24 months, and require businesses to take a risk-based approach to determine whether a person should still be treated as a PEP after 24 months.

Amend the Act to require senior manager or compliance officer approval to establish or continue a business relationship with a foreign PEP, and to take reasonable steps to obtain information and verify the source of wealth and source of funds of the foreign PEP.

Virtual assets

Include virtual asset service providers as a type of reporting entity, in line with the definition provided by the FATF. This should be achieved initially through issuing regulations, and then the definition should be included in the Act itself.

High value dealers

Amend the Act to remove the phrase “in the ordinary course of business” from the definition of a high-value dealer. This will set the capture point as an HVD as any business that transacts in cash over the relevant threshold. In the interim, AML/CFT supervisors should produce guidance which provides a clearer interpretation of “in the ordinary course of business”. 

CDD for trusts

Review whether mandatory CDD remains necessary for all customers that are trusts or other vehicles for holding personal assets. If not, repeal sections 22(1)(a)(i) and 22(1)(b)(i) of the Act. R126. In the interim, implement Regulations to prescribe a process for conducting enhanced CDD on trusts, including identifying types of trusts that are suitably low risk and other factors to consider when assessing the level of risk. If certain low-risk criteria are met, an exemption from verification requirements should apply. This should be accompanied by guidance from supervisors regarding a risk-based approach.

Undertake a review to identify further categories of customer and any products or services where the money laundering and terrorism financing risk is sufficiently low to enable simplified CDD. Issue regulations to allow simplified CDD measures for these situations. These changes should then be amended in the Act itself.

Impact for the real estate sector 

Key changes impacting the real estate sector include:

CDD timing

For commercial lease transactions, assignment to lease transactions, or sub-lease transactions, CDD must be conducted before the real estate licensee presents a lease agreement to the landlord, or an assignment of lease to the assignee, or a sublease agreement to the outgoing tenant. See Regulation 16(1).

In relation to any other real estate transactions, CDD must be conducted once there is a fully signed agency agreement, but before carrying out any further real estate work for the ‘customer’. See Regulation 16(1).

The regulatory expectation continues to be that all licensees will undertake CDD as soon as possible, but these changes better align the timing with industry practice.


A specific definition for who a ‘customer’ is in a real estate context has been added. A customer means “a client of a real estate agent” or “a person who conducts an occasional transaction with a real estate agent”. See regulation 5B.

Clarification as to how the term ‘beneficial owner’ (as defined in section 4 of the AML/CFT Act), should be applied in the context of CDD. See Regulation 5AA.

Clarification of requirements

Removal of the requirement for a real estate licensee that makes or receives a wire transfer into their trust account to conduct CDD on that transaction. See Regulation 24A.

Removal of the requirement to conduct new CDD when undertaking new engagements with existing ‘customers’, unless there are “reasonable grounds to doubt the adequacy or veracity of the documents, data, or information previously obtained, or the level of risk involved otherwise requires it”. See Regulation 12B.

Removal of the obligation on conjunctional agents to conduct CDD on a ’customer'. See Regulation 16(2).


The changes to the Act are a good thing for New Zealand. The concerns of reporting entities have been heard and the resulting Act strikes a solid balance between expectations and flexibility with added clarity.

Next steps

Now’s a good time to review your compliance programme and practices in preparation to operationalise these changes. As always First AML is here to support you with building a strong culture of compliance within your business.

Additional reading

Russell McVeagh's Jamie Lynch's commentary

Minter Ellison's commentary


First AML has taken reasonable care to ensure that the information materials contained in this article are true and correct at the time of publication and is for general information purposes only. Information and material are not intended to constitute legal or other professional advice, and the information should not be relied upon as specific advice as relevant to any particular circumstances. First AML accepts no responsibility or liability for any loss, errors, omissions which may arise for any reliance of information or materials published on this website.

Some parts of this article to other external internet sites. The views expressed on those external internet sites are the view of those authors of those websites and so not necessarily reflect the view of this Company. First AML is not responsible for the content of any external internet sites.

Although First AML attempts to provide accurate, complete and up to date information which has been obtained from sources that are considered reliable, First AML makes no warranties or representations, express or implied, as to whether the information provided on those external websites are accurate, complete or up to date.

About First AML

First AML simplifies the entire anti-money laundering onboarding and compliance process. Its SaaS platform, Source, stands out as a leading solution for organisations with complex or international onboarding needs. It provides streamlined collaboration and ensures uniformity in all AML practices.

First AML transforms an otherwise complex and manual process into one that is simple, cost-effective, and compliant for businesses. By delivering efficiency and time savings, it protects reputations and enables companies to stay on the right side of history in the face of global threats.

Keen to find out more? Book a demo today! No time for a long demo? No problem. See what Source by First AML can do for your business in 2 minutes – watch the short demo here.