Ahead of the Anti-Money Laundering Online Conference taking place on 29 November, Gary Hughes examines the Statutory Review of New Zealand’s AML/CFT regime.
An important opportunity for rethinking the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 is upon us, following the international Mutual Evaluation of New Zealand process earlier this year.
This Statutory Review 2021-22 is led by the Ministry of Justice (“MoJ”) and is a requirement that was baked into the Act in 2017 when amendments went through Parliament to turn lawyers, real estate agents, accountants and high-value asset dealers into newly-regulated reporting entities.
The MoJ last month released a significant Consultation Paper that outlines many areas of concern or potential confusion perceived to be present in our AML regime, as well as gaps identified since the law took effect in 2013.
What is the purpose of the Statutory Review?
It will be assessing the AML/CFT Act, regulations made under it, and associated working parts of the overall AML regime (including Code of Practice and Exemptions process). The objective is to consider what needs improvement or reform, and which parts are still fit for purpose. Ultimately, assessment will be made of the degree to which proposed changes to the legislation and its subsidiary parts will better meet the overall goals to curb money laundering and terrorist financing activities.
Many issues raised in the Paper trace to the Financial Action Task Force (“FATF”) Mutual Evaluation report, which was finalised earlier in 2021. In part, the international dimension is driving this review. Amongst other things, that Evaluation called out New Zealand’s lack of a properly functioning set of rules (or regulator) for international sanctions or weapons proliferation financing – so that is one large area of law certain to change. Other areas where New Zealand rated only “partly compliant” with FATF recommendations indicate where the MoJ may feel most compelled to take action:
- PEPs and high risk countries
- Wire transfers
- Money and value transfer firms
- Group-wide and branch/subsidiary controls
- DNFBPS (phase 2 entities)
- Transparency of beneficial owners
When implementing the FATF global recommendations, each nation is permitted flexibility to adjust the rules in order to best align with local law and circumstances. Perhaps this review is a prime opportunity to remind policy-makers that small steps can be taken then to ‘right-size’ the rules for local conditions, and to weigh up whether strict adherence to ever-changing FATF specific requirements may clash with Kiwi business needs?
Guide to navigating the Ministry of Justice Statutory Review
The MoJ Consultation Paper is dense and detailed. It is split into six main chapters, canvassing over 100 sub-topics for consultation. Many more topics are bound to be added by submitting persons.
Of the six chapters, reporting entities may like to focus on:
- Scope – i.e. who is covered, and for what specific obligations
- Supervision – enforcement powers, penalties, structures
- Preventive measures – the nitty-gritty of due diligence, monitoring and other compliance obligations.
In the sections below, I identify several key things for specific sectors or areas of interest, weaving across the various chapters. These are of necessity selective and not exhaustive, just a summary of the potential changes that could become part of AML law.
Note to reader: this is a news article, not legal advice; specific advice for your situation should always be sought
|AFFECTED PERSONS/AREA||KEY PROPOSED CHANGES, OR QUESTIONS POSED|
|Three big picture issues with our AML legal framework||1. Should NZ stick with a discretionary risk-based approach, or prescribe more legal detail into key compliance obligations?|
2. Should entities be required to do more to prevent criminal harm, as opposed to just reporting on it to the police?
3. Is it sensible and efficient to have so many regulators involved?
|A few new regulatory exemptions (phew)||1. New exemptions could be implemented for businesses or transactions which are demonstrably low risk. Many products could qualify for this.|
2. New exemption for low value loan providers, particularly where the lending is for social or charitable purposes.
3. Exempt persons acting as a trustee or nominee where there is overlap.
|Three sectors potentially up for tougher licensing/ registration systems||1. Do we need to implement an AML-specific registration regime to meet international requirements ensuring all reporting entities are on it?|
2. Should there be a licensing regime, which means passing suitability or ‘fit and proper person’ tests, not mere listing on a register?
3. Money remitters, virtual asset service providers, and trust and company service providers are singled out for high risk licensing.
|Two big calls for real estate agents and property transactions||1. Requiring real estate agents to conduct Customer Due Diligence (“CDD”) on the purchaser as well as vendor in a property transaction.|
2. Potential new controls over use of trust accounts and holding funds in trust, such as requiring CDD before refunding money to a third party.
|Quite a few things likely to increase compliance cost||1. A potential levy on reporting entities, to pay for the AML Regime – ‘would you like to cough up for the privilege of being regulated?’|
2. Extension of coverage into charities and non-profit organisations, or greater volume of high-value dealer transactions (eg. cars, boats, art).
3. Increasing the scope of Politically Exposed Persons (“PEP”) from just overseas persons, to include NZ domestic PEPs, and “associates” also.
4. Catching all international wire transfers, regardless of dollar amount.
|Four risk areas for directors, senior management, and compliance officers (and their insurers)||1. Widening the AML/CFT Act penalties which currently only apply to businesses themselves, not their directors or senior management.|
2. It could become mandatory that AML/CFT compliance officers be a person at the senior management level of the business.
3. Confirm and clarify that compliance officers must be natural persons.
4. Should compliance officers be held responsible for failings, or protected from sanctions if acting in good faith?
|Three challenges for banks and financial institutions||1. Should coverage turn upon being a ‘registered bank’ (like a ‘casino’) rather than individually defined current captured financial activities?|
2. How to improve the current wire transfer/prescribed transactions reporting interpretation mess?
3. What is the banking sector able to offer that would ameliorate the consequences of de-risking and financial exclusion?
|Four proposals for a tougher enforcement and penalty regime||1. Tougher penalty regime introduced for top end breaches/fines.|
2. Supervisors being able to conduct on-site inspections at your house.
3. As well as fines and penalties, supervisors would like additional enforcement intervention tools – direct administrative fines for non-compliance, and powers for suspension or removal of a license.
4. DIA to have the power to apply to liquidate a business to recover penalties or costs orders obtained in AML/CFT court proceedings.
|Three things aiming to bring order to the realm of consultants, auditors, and other third-party agents or outsourcing providers||1. Introducing specific standards for audits and auditors, clarifying role.|
2. Similarly, there are calls to licence or regulate the consultants market.
3. Reliance on third party agents or outsourced suppliers of compliance services is also lacking in any clear standardisation.
|A series of important changes to customer due diligence obligations||1. As a core compliance challenge, CDD may benefit from more clear definition of who is the customer in most common scenarios.|
2. Altering the requirement to verify customer address.
3. New regulations (or code of practice) may clarify beneficial ownership but also require entities to obtain/verify the form of a legal person or legal arrangement, along with proof of existence, ultimate ownership and control structure. Some trusts could drop to Standard CDD rules.
4. Ongoing CDD (and for pre-2013 existing customers) may be prescribed
|Two topics that may stir up the accountancy profession||1. Include acting as a company secretary (or partner) as captured activity.|
2. Coverage for various bookkeepers and agents who process invoices, as well as tax agents or those preparing annual accounts/tax statements.
|Five crunchy issues for FinTech, cryptocurrency and Virtual Asset Service Providers (“VASP”)||1. Ensuring coverage for all types of VASPs, including wallet providers.|
2. Setting specific thresholds for occasional transactions for VASPS.
3. Current regulation on stored value instruments may be tightened.
4. Extension to capture online marketplaces and internet auctioneers?
5. Full licensing proposed for higher risk digital financial activity (above).
|Five extra obligations for money remitter or value transfer (“MVTS”) agents/service providers||1. Forcing money transfer firms to take responsibility for their agents.|
2. Express requirement to list all of agents in its compliance programme.
3. Controls upon use of master agent/sub-agents structures.
4. Stricter definitions for reporting of PTRs and SARs, where informal or complex remitters may not be captured by existing definitions.
5. Full licensing proposed as a higher risk sector (onerous for small firms).
|Three things that will challenge privacy and data protection principles||1. Should the private sector (big banks or those invited into the FCPN) be allowed to share more data? Is the growing volume of customer personal information adequately protected for privacy purposes?|
2. Do we want the FIU telling entities (under s 143) to proactively share or monitor certain customer data on an ongoing basis?
3. Is it wise to give all government departments direct access to FIU databases?
|Three big questions for the insurance sector||1. Should general insurance (non-life) business be covered?|
2. Life insurance policies (or investment-related insurance products) that allow early surrender/withdrawal may need CDD on PEPs/beneficiaries
3. Will there be an expansion of professional negligence or D&O risk?
|Four topics for Lawyers to worry about||1. Change to the “in the ordinary course of business” coverage wording|
Criminal defence lawyers – should they be captured and not exempt?
2. Proposals to redefine “managing client funds”, “professional fees”, and “giving instructions” interpretative parts for scope of coverage.
3. Should law firms/DNFBPS file PTRs even when a bank already has?
What is off the discussion table (for now)?
Other important parts of New Zealand’s financial crime framework are outside the scope of this review. The criminal money-laundering parts of the Crimes Act 1961, financing/support of terrorism offences in the Terrorism Suppression Act 2002, and the expansive asset recovery regime under the Criminal Proceeds (Recovery) Act 2009 are not included. They each raise separate concerns, but the AML/CFT issues are enough already to deal with, spread across 130 pages of things proposed in this Consultation Paper.
As mentioned, there will be many topics causing uncertainty or irritation to private sector reporting entities that have not yet made it to the table. Additionally, the Supervisors’ Guidance notes are not up for debate, even though some are contentious, or try to elevate ‘best practice’ compliance above that set out in the Act.
Key themes emerging
The Terms of Reference document may seem a boring, mechanical part of this Statutory Review. But it has clues to the embedded governmental approach, such as this statement of aspiration: “that New Zealand becomes the hardest place in the world for money laundering, terrorism financing, proliferation” etc.
“As someone who was involved back in 2008-9 when the AML/CFT Act was first passed, I know that a careful balancing exercise went into the statutory purpose statement in s 3. It aims to achieve a compromise between various countervailing factors of cost, complexity, international pressure and local regulatory suffocation. Superficially, it is hard to argue with the “hardest place” goal. But, left unqualified, it could be a touchstone to add obligations regardless of commercial cost burden, or whether the goal is even attainable.”– Gary Hughes, Barrister, Akarana Chambers
It is pleasing to see compliance issues such as beneficial wwnership, PTRs, de-banking, and reliance on third parties, addressed in the Paper. Along with the wretched number of confusing exemptions, these all create variable levels of practical implementation for entities and discourage their staff. But if we are to improve the AML/CFT regime (rather than tinkering at the edges) the work ahead requires serious attention to:
- Reducing complexity, duplication, and difficulty finding, let alone understanding the law. This can damage a firm’s willingness to comply, undermine the collaborative purposes of the Act, and lead to more costs increasingly passed on to unhappy consumers.
- Striving for greater consistency of regulatory outcomes, including how to corral the various agencies involved, and whether all of them need be involved. The Act operates at the level of high-principles only. That means guidance notes have assumed undue importance, and often too much discretionary power falls to staff within the three supervisors to re-interpret the law.
- Integrating coming technology developments – data warehousing and sharing, facial recognition, artificial intelligence, deep faking of ID, and digital identity rights which place some level of data sovereignty back with the consumer. How to harness these trends the right way is critical.
- Balancing privacy and information-sharing problems. Those same technology factors make it important to monitor the increasing demands of law enforcement agencies for more and better data. Reporting entities are often trying to discharge their ‘unpaid financial detective’ job effectively, gathering and monitoring information as required by law. But risk of leak, hacking, public interest concerns and reputational risk from privacy calamities, all tends to land on the business, not its regulator.
- As the Pandora Papers again reminds us (like the Panama and the Paradise Papers exposés before it) New Zealand still needs better mechanisms to handle risks around beneficial ownership secrecy and misuse of opaque structures. Trusts and limited partnerships remain in the spotlight.
Next steps, and resources to help
There are an awful lot of proposals, questions for comment, and potentially controversial issues in the Paper. Different sectors and reporting entities will want to focus on the matters most critical to their own industry. But the big-picture topics of general application matter too, if we want an AML regime that is fit for purpose.
Time is also in short supply. The MoJ wants submissions in by 3 December 2021, as it is on a tight deadline, with end-date to report to the Minister by end of June 2022. Working to that time-line, key dates are:
- Public consultation closes – 3 December 2021
- Analysis and selective further targeted consultation – to March 2022
- Decisions/advice to Minister on possible quick-fix Regulations – March 2022
- Advice/decisions to Minister on big legislative reforms awaiting Parliamentary time – June 2022
Thomson Reuters are hosting an Anti-Money Laundering online conference, taking place on 29 November 2021. I am chairing the discussions/panels. This is a great opportunity to hear from regulators and affected organisations directly and perhaps use the information gathered to refine or amend your own submission:
- Statutory review – the purpose and current challenges/opportunities – including from Regulators’ perspective
- Financial entity (Phase 1) perspectives – what is working well, and what is not?
- The changing technological landscape: virtual assets, privacy issues and digital identity
- Professions (Phase 2) perspectives: What are the key issues needing review for Phase 2 entities?
- Nick Kokay – lead manager at the Ministry of Justice on the Statutory Review
- Rob Milnes – principal advisor at the Department of Internal Affairs
- Katherine Le Quesne – AML Compliance Officer at Kiwibank
- Jason Roberts – Director of the FinTech NZ Association
- James Brown – Immediate Past President, FinTech NZ; Director – Global Partnerships, APLYiD
- Ephraim Wilson – Policy Advisor at the Office of the Privacy Commission
- Peter Vial – NZ Country Head of CAANZ
More speakers to be confirmed
Expertly led by Gary Hughes of Akarana Chambers as Chairperson for the day