FREQUENTLY ASKED QUESTIONS
-
WHAT IS CUSTOMER DUE DILIGENCE (CDD)?
Generally, you need to identify and verify your customer's identification and address information, this typically means collecting and retaining passport, drivers licence and utility bill from your customer, shareholders with more than 25% interests, directors of a company, trustee and any persons acting on behalf of your customer.
-
WHAT ABOUT ENHANCED CUSTOMER DUE DILIGENCE (ECDD)?
ECDD applies when your customer is one of the following:
- Politically Exposed Persons (PEP) or close associates
- Trust or a vehicle holding personal assets
- Non-resident customer from a high risk country
- Company with nominee shareholders
- Customers rated as high risk based on your risk assessment
You need to collect all the information you need to under Standard CDD, plus information regarding the source of funds / source of wealth and verify the information collected.
-
WHAT TRAINING DO I NEED TO PROVIDE TO MY STAFF?
Under the AML/CFT Act, you need to provide training to your AML/CFT Compliance Officer, staff engaged with AML/CFT duties and senior manager. Generally the types of training provided will be different for different audiences in order to provide the most value. Riskverse can help you with designing and delivering the training materials to meet your obligations.
-
WHAT IS THE VETTING REQUIREMENTS UNDER THE AML/CFT ACT?
Similar to training, you are required to vet your AML/CFT Compliance Officer, staff engaged with AML/CFT duties and senior manager. There are no required checking you need to perform under the Act so it will depend on your business and environment. For example, if you hire a new AML/CFT Compliance Officer after the Act comes into effect you should be able to demonstrate how you have satisfied yourself that the candidate has sufficient knowledge and integrity required to carry out his/her duties.
-
HOW DO I DOCUMENT THE AML/CFT RISK ASSESSMENT (RA) AND COMPLIANCE PROGRAMME (CP)?
This is one of the most complicated AML/CFT topics to many small businesses new to the regime. The AML/CFT Supervisors have published guidance materials on how to complete these documents which can be found on their websites. Your Risk Assessment should consider the various guidance materials published by the supervisors but we recommend you start with the Sector Risk Assessment first.
There is no required format on how to present/structure your RA and CP but we recommend that you align these documents with the topics required by the Act under Sections 57 and 58 as this will also help you make sure that you have covered the minimum requirements.
Your RA and CP should also be reviewed regularly, which also includes when new information comes to your attention such as an updated SRA.
Please contact us if you need assistance writing up your RA and/or CP and we will help you customise the document to fit your specific requirements.
-
WHEN DO I NEED TO FILE ANNUAL REPORT?
Your AML/CFT annual report is due by 31 August for the period of 1 July to 30 June each year. The information you need to complete your annual report should be available in your Risk Assessment and Compliance Programme. If you need assistance completing the annual report please let us know and we can help.
-
WHAT IS PTR?
A Prescribed Transaction Report is a report that you need to file with the NZ Police Financial Intelligence Unit (FIU) every time there is a transaction (or a series of related transactions) which:
- Exceeds $10,000 in cash, or
- Exceeds $1,000 in wire transfers.
You can file a PTR through goAML which can be found here: https://www.police.govt.nz/advice/businesses-and-organisations/fiu/goaml
-
WHAT IS SAR?
A Suspicious Activity Report (SAR) is a report that you need to file with the NZ Police FIU when there is a suspicious activity. You need to have a monitoring mechanism in place to detect suspicious activities in your organisation which should be documented in your Compliance Programme.
A Suspicious Activity Report doesn't need to be linked with a customer, if someone tries to obtain services from you which seems suspicious but failed to do so (for example, because it was rejected by you) you can still file a SAR.
You can file a SAR through goAML which can be found here: https://www.police.govt.nz/advice/businesses-and-organisations/fiu/goaml
-
WHAT IS ONGOING CUSTOMER DUE DILIGENCE (OCDD)?
OCDD includes a number of requirements. Generally, you need to regularly review your customers' accounts and transactions (based on their risks) to evaluate whether they are consistent with your understanding/expectation. You should also have a monitoring mechanism in place to detect suspicious behaviour to meet your SAR obligations.