FMA takes a tougher stance on anti-money laundering breaches

In its latest AML/CFT Monitoring Insights Report, published 1 August 2021, the Financial Markets Authority (FMA) announced it is stepping up enforcement of anti-money laundering breaches under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act).

Report background

This report follows an FATF report on the effectiveness of New Zealand’s AML/CFT measures, which it found were ‘delivering good results’.

As New Zealand’s AML/CFT Act has been in force for eight years, the FMA believes that businesses have now had plenty of time to comply with these regulations.

“Accordingly, we have now less tolerance for companies not meeting their obligations,” James Greig, FMA Director of Supervision said, noting the authority’s increase in enforcement actions.

The FMA regularly monitors businesses for regulatory compliance, including the adequacy and effectiveness of policies, procedures, and controls to deter and detect money laundering and financial terrorism activities.

“Disappointingly, we found numerous instances of businesses not meeting basic requirements, particularly around having a robust AML/CFT programme,” Mr Greig said.

Enforcement of the AML/CFT Act goes from a formal warning, up to $1 million per each breach of the Act.

Customer Due Diligence an ongoing problem

Failure in ongoing Customer Due Diligence (CDD) was one of the most common areas requiring remediation.

CDD requires the gathering and verification of information about the customer’s identity, any beneficial owner of a customer, or any person acting on behalf of a customer.

During monitoring, the FMA reviewed client files to assess if CDD policies, procedures and controls implemented by businesses were adequately designed and operating effectively during the period under review.

The FMA detected numerous critical deficiencies at onboarding which included:

• Inadequate information on the nature and purpose of the proposed business relationship being collected and recorded.
• Ownership structures not being verified to determine beneficial owners of customers (including trusts).
• Insufficient or no checks being undertaken to confirm if the customer is a Politically Exposed Person (PEP).
• Verification of identity not conducted in line with the requirements of Identity Verification Code of Practice (IDVCOP).
• Inadequate Electronic Identity Verification (EIV) being done as part of CDD processes, with customers not being linked to the claimed identity or name, and date of birth information not being verified against government databases.

Rigorous CDD processes for new customers during onboarding are necessary for businesses to obtain sufficient knowledge of the customer and the money laundering and financial terrorism risks they might pose to their business.

Examples of good practice:

• Having a risk rating for each customer which is used to determine the frequency of ongoing CDD.
• Flagging customers for ongoing CDD review when a material change to the business relationship occurs.

Examples of unsatisfactory practice:

• Accepting identity verification documents that do not meet CDD requirements as per the IVCOP. For example:
  • Accepting certified copies of certified copies of passports.
  • Accepting certified copies that were certified more than 3 months earlier.
  • Not conducting any verification process.

Electronic Identity Verification (EIV)

The FMA expects businesses using EIV as part of their CDD processes to clearly describe in their AML/CFT programme how their EIV will meet the relevant criteria under:

• The AML/CFT Act;
• Part 3 of the Identity Verification Code of Practice (IDVCOP); and
• The updated ‘Explanatory Note: Electronic Identity Verification Guideline’ (for Part 3 of the IDVCOP) published July 2021 (the EIV Guideline).

Politically Exposed Persons (PEPs)

The FMA states that PEP checks must be performed when onboarding new customers, and thereafter on an ongoing basis, depending on the level of money laundering and financial terrorism risk. High-risk customers should be checked more frequently.

CDD must be ongoing

Section 31 of the AML/CFT Act requires businesses to conduct ongoing CDD and undertake account monitoring with customers on an ongoing basis. The purpose of this is so that the business maintains a sufficient level of knowledge about its business relationship and the transactions relating to that customer.

The FMA has found instances of businesses:

• Continuing to struggle in performing ongoing CDD and account monitoring.
• Not conducting any ongoing CDD, or only performing minimum account monitoring.

Record keeping an emerging issue

Record keeping has also been identified as an emerging issue, with businesses maintaining insufficient records for:

• Identity verification relating to CDD.
• Interactions with customers.
• Suspicious and unusual activities identified.
• CDD exceptions.
• High-risk customers, PEPs and customers subjected to enhanced CDD.
• Training undertaken by senior management and staff.
• Staff vetting.

Automating processes without losing control over risks

With illion’s solutions, you can meet every requirement in your onboarding and ongoing CDD process and make faster decisions.

Our Green ID, Simple KYC, PEP and Sanctions, ODS and Data Hub solutions enable you to:

• Improve customer experience with less back and forth.
• Minimise costs.
• Reinforce regulatory compliance.
• Reduce the time involved from days or weeks to hours.
• Allow vendors to focus on their core activities.