With over 15 years of experience in Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT) compliance, we offer New Zealand AML/CFT audit solutions to a wide range of reporting entities. Our services help businesses comply with the requirements of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009, including the audit obligations outlined in Section 59 of the Act and relevant regulations enacted under it.
New Zealand AML Auditor Requirements and NZ AML/CFT Supervisor’s Guidance
If you search for New Zealand AML auditors online, everyone claims to be an expert, uses puffery language that AI chatbots write for them, and so on and so forth.
We are not just another AML/CFT audit provider firm that claims to have extensive knowledge of New Zealand AML compliance.
We are the ones who know what we are doing, having years of experience in all aspects of AML/CFT compliance, including:
- Creating and successfully enhancing anti-money laundering and counter-terrorist financing frameworks for different businesses tailored to their specific product, resources, risk appetites and sector-specific money laundering and terrorism financing (ML/TF) risks
- Conducting AML/CFT risk assessments through a wide range of reporting entities
- Handling the first, second, and third lines of AML/CFT compliance and management.
- Conducting internal AML/CFT audits that go beyond statutory requirements
- Successfully assisting businesses in going through statutory AML/CFT reviews, including those conducted by the top four. We know a thing or two about good and bad AML auditors
- Designing and testing AML/CFT controls, ensuring they are both practical and effective in addressing ML/TF risks
- Acting as external AML/CFT auditors for different reporting entities
- Giving legal advice to New Zealand AML/CFT reporting entities. Representing AML/CFT reporting entities when things go wrong, including coordinating their risk and compliance teams, legal teams, external lawyers, and operations teams
- Helping different reporting entities with effectively liaison with local AML/CFT supervisors:
- Departments of Internal Affairs
- Financial Marketing Authority
- Reserve Bank of New Zealand
- Successfully leading businesses through desktop and onsite DIA AML/CFT reviews an FMA AML/CFT review
- Helping New Zealand reporting entities with their AML/CFT remediation
We have the necessary expertise to complete AML/CFT independent reviews as per the requirements of Audit Guideline for Risk Assessment and AML/CFT programme
We know first-hand what businesses want from their New Zealand AML/CFT auditors.
New Zealand AML Audit Solutions’ Scope
We offer our New Zealand AML audit solution to different types of AML/CFT reporting entities and designated service providers, including but not limited to:
- Investment bankers
- Investment firms
- Fund managers
- Brokers, including forex brokers
- Fintech companies
- Non-bank deposit takers
- Non-bank lenders
- Online casinos and gambling platforms
- Currency exchange providers
- E-money issuers
- Money remitters
- Payment gateway providers
- Derivatives issuers and platforms
- Neo-banks
- P2P lending platforms
- Crowdfunding services and platforms
- Financial advisers
- Investment advisers
- Wealth managers
- Custodial or depository service providers
- Consumer credit providers
- Credit unions
- Corporate finance providers
- Finance companies
- Designated non-financial businesses and professions (DNFBPs), including trust and company formation providers (TCSPs)
New Zealand AML Audit’s Focus
We cover compulsory AML/CFT audit requirements as outlined in the AML/CFT Act, along with the DIA, FMA, and Reserve Bank’s expectations, published in the joint Audit Guideline for Risk Assessment and AML/CFT Programme. Our focus areas include, but are not limited to:
- AML/CFT Risk Assessment Audit, including a review of:
- Whether it identifies the risks faced by your business
- Whether there are checks in place to ensure it is up to date
- Whether it enables you to determine the level of risk involved in relation to various AML/CFT obligations. We cover the five key ML/TF risk areas: products, size and complexity, delivery channels, the countries you engage with, and the institutions you deal with
- Whether it is based on the AML/CFT Risk Assessment guidance materials produced by New Zealand AML/CFT supervisors
- AML/CFT Programme Audit, including a review of:
- Whether your AML/CFT programme is functioning in practice as intended
- Whether it complies with the requirements outlined in Section 58 of the AML/CFT Act
- Whether you comply with your obligations under the AML/CFT Act, including, but not limited to:
- Initial customer due diligence requirements, including simple, standard, and enhanced due diligence
- Screening
- Beneficial ownership identification
- Record-keeping
- Customer risk rating
- Ongoing customer due diligence
- Transaction monitoring, covering the detection and handling of large, unusual, and suspicious transactions and patterns
- Reporting timeliness and accuracy
- Governance and oversight
- Staff vetting and training
- Obligations covering the detection, escalation, and reporting of suspicious activities (SARs) and suspicious transactions (STRs), along with other statutory reporting obligations, including prescribed transaction reports (PTRs), etc.
- AML/CFT Framework Application review, including the following areas:
- Whether the policies, procedures, and controls based on your AML/CFT Risk Assessment have been adequately designed and operate effectively
- Conducting limited assurance testing of AML/CFT controls, including but not limited to CDD, ODD, and transaction monitoring, recordkeeping, etc.
- Verifying the operational effectiveness of reporting systems
- Assessing the extent to which employees understand and comply with your AML/CFT programme
- The implementation of your AML/CFT programme or equivalent arrangements by branches, subsidiaries, and outsourced providers
- Reviewing how any previously identified deficiencies or non-compliance areas have been addressed
- Assessing the adequacy of your AML/CFT employee training programme
New Zealand AML/CFT Audit Methodology
We can select and apply appropriate audit and control testing methodologies, taking into account:
- Your business size
- Your products
- The complexity of the business
- Your ML/TF risk levels
Alternatively, we can conduct an AML/CFT review using your audit methodology.
New Zealand AML Reviews Frequency
- Compulsory Audit Periods: An AML/CFT audit in New Zealand must occur every three years. The local AML/CFT audit requirements were recently updated from two to three years.
- Directed AML/CFT Audit: An AML/CFT supervisor can direct a reporting entity to undergo an AML/CFT audit at any time.
- NZ AML/CFT Compliance and Audit Triggers: A reporting entity may engage an AML/CFT auditor before the compulsory audit deadline. Common triggers include:
- Substantial changes in the markets of operations and customer types
- Introduction of new products
- Changes in delivery methods for your services
- Structural changes to the business
- Changes to the ML/TF risk level of the business
- Changes in fund deposit or withdrawal methods
- Changes in outsourcing arrangements for ML/TF prevention functions
- Substantial changes to the AML/CFT Programme
- Changes to the number or volume of transactions
- AML/CFT remediation issues faced or completed by the business
New Zealand AML Audit Requirements and Independent Review Report
We issue detailed AML/CFT audit reports aligned with FMA, DIA and RBNZ’s expectations. These reports outline:
- Audit Basis: The relevant AML/CFT requirements and standards applied during the audit to assess your AML/CFT Risk Assessment and AML/CFT programme
- Scope and Approach: What was examined during the audit, and how your AML/CFT Programme was assessed against the required compliance standards.
- Audit Findings:
- Clear documentation of areas of compliance and non-compliance, covering all primary aspects of your AML/CFT programme.
- Identification of areas of compliance and non-compliance
- Audit Outcomes: An evaluation of whether:
- Your AML/CFT Risk Assessment and AML/CFT Programme meet compliance requirements
- We observed your AML/CFT Programme to be adequate and effective over the specified period
- Changes are required due to deficiencies in your AML/CFT Risk Assessment or AML/CFT Programme.
- Actionable Recommendations (Optional): Steps needed to address non-compliance and suggested improvements
New Zealand AML/CFT Audit Programme & Milestones
The New Zealand AML Audit process generally involves:
- Initial Meeting & Scope Definition:
- Defining the scope and objectives of the audit with the reporting entity
- Understanding the entity’s business, risk profile, and existing AML/CFT Programme
- Documentation Review: Reviewing key AML/CFT documents
- Sampling & Testing: Performing sampling and testing of compliance with the AML/CFT Act and the AML/CFT programme. Examples include:
- Testing CDD procedures (customer identification and verification).
- Reviewing transaction monitoring alerts and SAR investigations.
- Assessing the effectiveness of the risk assessment process.
- Interviews & Inquiries:
- Interviewing key personnel (compliance officers, management, front-line staff)
- Inquiring about the implementation and effectiveness of AML/CFT controls
- Application of Audit Methodology:
- Applying appropriate audit methodologies, such as risk-based auditing, to assess the effectiveness of the AML/CFT Programme
- Report Preparation & Presentation:
- Preparing a comprehensive audit report
- Presenting findings, conclusions, and recommendations to management
AML/CFT Audit and Information Sampling
New Zealand AML audit requirements focus on evaluating how effectively a reporting entity complies with its obligations under the AML/CFT Act 2009, local regulations, and its AML/CFT Programme. Independent audits typically involve reviewing samples of:
- Individual customers, including resident and non-resident clients, various types of corporate clients (e.g., companies, limited partnerships, and entities with complex beneficial ownership structures), as well as trusts and investment vehicles
- Customers presenting different ML/TF risks, including those categorised as medium- or high-risk
- Large, complex, or unusual transactions to determine how effectively the entity meets its transaction monitoring obligations
- Ad hoc and periodic reports on customer transactions and activities, such as suspicious activity reports (SARs), suspicious transaction reports (STRs) and prescribed transaction reports (PTRs), to assess compliance with the New Zealand AML/CFT reporting obligations.
- AML/CFT training and staff vetting records
- Specialised client and transactional registers (e.g., high-risk clients, politically exposed persons (PEP) registers, etc.)
- Materials aimed at enhancing ML/TF risk awareness and operational compliance
- Records maintained for clients and/or transactions to verify compliance with record-keeping obligations under the Act
New Zealand AML/CFT Audit Solution Tailored to Your Needs
When it comes to delivery, we:
- Focus on clear, concise, and objective assessments. No ego, no attitude, no puffery, and no jargon
- Have real knowledge of AML/CFT compliance and how each aspect works
- Use a client-centric approach. We understand the difference between your risk appetite, internal procedures, and AML/CFT requirements
- Cause minimal interruptions to your business (combining onsite and remote engagements)
- Provide comprehensive audit reporting
When it comes to flexibility, we:
- Offer realistic pricing options
- Tailor our approach to your specific needs and risk profile, offering limited assurance, reasonable assurance, and holistic options. We offer AML audit solutions to:
- Small businesses and startups
- Mid-sized businesses
- Business groups, including those with centralised compliance functions across subsidiaries, those operating across different compliance regimes, and offering a range of products
- High-risk corporates that come under regulatory scrutiny and pressure from important stakeholders, such as banking partners, insurance providers, and money remittance channels
New Zealand AML Audit Preparation
We offer a comprehensive Internal AML Review Solution with the following features:
- Deeper Audit Focus, including:
- Evaluating the effectiveness of your AML/CFT compliance against your business goals, future objectives, wider risk appetite, and more
- Deep diving into the effectiveness of AML/CFT controls
- Covering specific review areas such as AML technology, process optimisation, and more.
- Flexible Scope: Designed with a flexible audit scope, which can be customised to your needs, as opposed to the AML/CFT audit under the New Zealand AML/CFT law
- External Audit Preparation: Focused on internal improvement and identifying issues before external scrutiny, helping you prepare for an external New Zealand AML audit, an enhanced review by a banking partner
- Regulatory review Preparation: Focused on preparing you for a review by the DIA, FMA or RBNZ
- Non-binding findings: The audit report is confidential, giving you the opportunity to address any identified issues discreetly
- More information: Visit our Internal AML Review Solution page for more information
Other related AML/CFT Solutions
In addition to our New Zealand AML compliance audit option, we offer a comprehensive set of AML/CFT compliance solutions helping you navigate the complexities of New Zealand AML requirements in a commercially oriented and goal-focused manner, providing effective support for all aspects of the anti-money laundering compliance. Our focus areas include but are not limited to:
- AML/CFT Advisory: We provide advisory solutions on a wide range of AML/CFT matters and issues. Visit our AML/CFT Advisory page for more.
- AML/CFT Compliance Management: We can fully manage your anti-money laundering and terrorist financing compliance. Visit our AML/CFT Compliance Management page for more.
- AML/CFT Risk Assessments: We conduct, review, and help businesses implement AML/CFT Risk Assessments that form the foundation of effective AML/CFT Programmes. Visit our AML/CFT Risk Assessment page for more.
- AML/CFT Programmes: We draft, review, and help businesses implement AML/CFT Compliance Programmes based on the ML/TF risk assessment outcomes. Visit our AML/CFT Programme page for more.
- AML/CFT Reg-tech Solutions: We help with AML/CFT technology integration tailored to your circumstances.
- AML/CFT Training: We offer specialised AML/CFT training solutions for different reporting entities. Visit our AML/CFT Training page for more.
- AML/CFT Procedures: We assist in developing and enhancing AML/CFT procedures tailored to your business needs, focusing on effective AML risk management across business processes.
- AML Manuals and Guidelines: We create and refine practical resources such as AML operating manuals and guidelines that provide step-by-step instructions to ensure efficient AML/CFT compliance based on your business size and complexity.
- ML/TF Controls Mapping: We help map, assess, and enhance internal ML/TF controls to ensure compliance, address financial crime risks, and respond to findings from AML/CFT audits and supervisors.
- AML Red Flag Protocols: We develop guidelines for identifying and responding to red flags, enabling timely action against fraud, money laundering, and terrorist financing activities under various operational circumstances.
