AML / CFT is here and it’s going to take up a lot of your time!
With the clock ticking, we’ve enlisted the expertise of barrister and solicitor, and member of the ADLS’s AML/CFT subcommittee, Fiona Hall to take you through the things you should be doing.
The Anti-Money Laundering and Countering Financing of Terrorism Act, passed back in 2009, has now been extended to capture lawyers and accountants. This means you will be expected to know and monitor your clients and report suspicious activities and prescribed transactions.
Lawyers: You need to be compliant by 1 July 2018
Accountants: You need to be compliant by 1 October 2018
If you’re a lawyer or an accountant, the wait and see approach is long gone. The legislation has passed and the regulations and guidance are now coming thick and fast. The regime has a number of mandatory requirements and even for the most efficient of practices, it will mean some new processes and approaches, and require time to bed down.
Ideally, law and accountancy firms should be underway with their preparations. If not, the Christmas break may prove the time to do some reading about the regime and what is expected.
What do you need to be doing?
The Act requires all law and accountancy firms covered by the Act – and that will be the majority of firms – to have a comprehensive compliance programme. For those still grappling with where to begin, these are the first steps I recommend:
1. Appoint an AML Compliance Officer
The compliance officer must be an employee and they must report to senior management. It is not a role that should be taken lightly – so chose an appropriately experienced or senior person, or someone with the right skill set.
2. Start assessing your risk
Your risk assessment is unique to your firm. While there are templates you can purchase, I strongly urge you against a cookie-cutter approach. No one firm is the same – not just in terms of clients and practice areas, but in staff composition and the way work is approached. If you don’t dedicate the time and resources you need to do a thorough risk assessment, you risk falling short at audit (these are compulsory every two years).
There are plenty of resources out there to help you with your risk assessment, but the important thing is that you are engaged and integral to the process, as only those in a practice can ever properly know, identify and assess that business’ unique risks. So by all means use whatever templates, resource guides, third party experts you feel confident with, but know that you are responsible for the proper and thorough assessment of your business, so you can’t treat it as a tick box exercise or one that can be outsourced devoid of your engagement.
At a simple level, the Act requires you to consider the following in assessing your risk:
You can find additional information about drafting your risk assessment, together with a raft of other AML guidance, on any of the supervisors’ websites. The DIA supervises lawyers and accountants and their website is www.dia.govt.nz.
3. Assess your on-boarding and due diligence processes
Customer due diligence (CDD) is a cornerstone of the AML regime. Your programme must outline how your practice will conduct CDD, including how it will determine when enhanced due diligence is necessary (EDD).
CDD is required whenever you have a new client engagement, when there is a change in the business relationship with an existing client and when you act in relation to an occasional activity (this is a defined term in the legislation and involves activities that are outside a business relationship e.g. money coming into your account for your client from a non-client).
You must collect and verify the identity information of a range of individuals (including those acting on behalf of your client and those with effective control or who own more than 25% of your client). EDD requires you also understand and verify your client’s source of funds and wealth.
Understanding what is required and how you can fulfil your obligations will assist you to develop procedures best suited to your practice. You will want to know that this process is working before 1st July, so the sooner you start looking at options the better.
4. Register for ‘goAML Web’
This is the prescribed method reporting entities must use to submit reports to the Financial Intelligence Unit (FIU). The FIU offer hands on training but you need to be registered to go on the waiting list for the sessions, and it will take time to familiarise yourself with the reporting requirements so again, it would pay to act sooner rather than later.
Don’t let AML/CFT snowball out of control…
There are lots of resources available to reporting entities. The supervisors have extensive guidance and more is being released. In particular the DIA is expected to release the sector risk assessment before Christmas which will be invaluable when finalising your own risk assessment. They are also conducting road shows in the early new year. Industry bodies such as the ADLS and NZLS are also doing their best to provide support and guidance with seminars and guidance material – their websites have links to their AML material.
Expert advice is also at hand. Advisors such as myself can help you work through the requirements and assist you to meet your obligations. To talk to me about the services available to you, please email me at firstname.lastname@example.org or visit my website.
For more details, see Fiona’s presentation at a recent Trust SIG meeting