On-site Inspection Guideline June 2020

Ref #7379842 v1.15 On-site Inspection Guideline June 2020

2 Background and Purpose ———

1. The purpose of this guide is to help reporting entities understand the process of an Anti￾Money Laundering and Countering Financing of Terrorism (‘AML/CFT’) on-site inspection conducted by the Reserve Bank of New Zealand (‘RBNZ’). 1 It provides details on the planning stage, pre-inspection requests, the actual on-site and the structure and timeframes of the on-site report to be issued to a reporting entity.
2. An on-site inspection is used to monitor a reporting entity’s level compliance with its AML/CFT obligations and assess the level of money laundering and terrorism financing (‘ML/TF’) risk. This also includes assessing the AML/CFT compliance culture within a reporting entity. It involves RBNZ AML/CFT supervisors reviewing documents and records, testing controls and meeting with the reporting entity’s employees, including senior management.
3. On-site inspections are generally carried out by two or three AML/CFT Supervisors from within RBNZ’s Banking & AML/CFT Supervision team. On-site inspections are usually between two to five days in length, depending on the size and complexity of the reporting entity. Planning and Pre-Inspection Requests ———
4. AML/CFT Supervisors will provide a reporting entity with as much notice as possible of the intention to conduct an on-site inspection. A minimum of 12 weeks’ notice will normally be provided to a reporting entity.
5. AML/CFT Supervisors will liaise with the reporting entity’s AML/CFT Compliance Officer (‘AMLCO’) to ensure the timing of the on-site inspection is appropriate and does not conflict with any other reviews and key AML/CFT personnel and senior management are available. If a reporting entity has an AML/CFT audit or a major review of its AML/CFT Programme scheduled, RBNZ’s preference is to conduct the on-site inspection after the audit or review has been completed.
6. Following consultation with the reporting entity, a notification letter will be issued to the reporting entity confirming the dates of the on-site inspection. The notification letter will also contain details of pre-inspection information required by RBNZ. This information must be submitted to RBNZ via our secure upload facility. Below are some examples of pre￾inspection information that could be requested:

1 Pursuant to s.132(2)(b) of the AML/CFT Act 2009

3  Structure of the reporting entity  AML/CFT Programme and supporting material  Risk Assessment  Details of any AML/CFT issues, incidents or breaches  Audit Reports  Details of any forums or committees relating to AML/CFT matters  Details on monitoring and testing of AML/CFT procedures, policies, systems and controls  Customer Due Diligence information on new and existing customers for a defined period  Enhanced Customer Due Diligence information on higher risk customers e.g. Politically Exposed Persons  Details on transaction monitoring and investigations conducted on unusual or suspicious activity for a defined period. 7. The pre-inspection information is used to determine some of the discussion topics that will be covered during the on-site inspection. Due to the dynamic nature of AML/CFT, other discussion topics may include specific ML/TF risk areas or topics that are currently relevant to the reporting entity’s respective industry. 8. A reporting entity will be provided with an opportunity for an open session during the on￾site. The purpose of the open session is to allow the reporting entity to ask the AML/CFT Supervisors questions on any aspects of AML/CFT. The open session is not mandatory and is at the discretion of the reporting entity. Please inform the AML/CFT Supervisors when you submit the abovementioned information via our secure upload facility if you are interested in an open session. 9. Approximately three weeks prior to the on-site inspection, RBNZ will send a letter confirming the discussion topics for the on-site inspection and schedule of meetings. The letter may also contain a list of specific samples and further information that the AML/CFT Supervisors will review during the on-site. This additional information will need to be available to the AML/CFT Supervisors during the on-site inspection.

4 The On-site Inspection ——— 10. RBNZ operates a relationship and outcomes focussed model in relation to AML/CFT supervision. This includes open and transparent discussions with a reporting entity during an on-site inspection. During the on-site inspection the AML/CFT Supervisors will seek further clarification on a reporting entity’s procedures, policies and controls to ensure that these are well understood and the pre-inspection material has not been misinterpreted by RBNZ. 11. RBNZ may require any employee, officer or agent of the reporting entity to answer questions relating to the reporting entity’s records and documents and for that person to provide any other information that RBNZ may reasonably require for the purposes of the inspection. When such requests are made, RBNZ will require you to answer the questions and provide the information pursuant to section 133(2) of the Act. 12. However, pursuant to section 133(3) of the Act, a person is not required to answer a question asked by an AML/CFT supervisor if the answer would or could incriminate the person. Please ensure all staff who will be present during the on-site inspection are aware of these rights prior to the commencement of the on-site. 13. The on-site inspection will commence with an opening meeting to introduce the AML/CFT Supervisors and staff from the reporting entity and confirm the schedule of meetings. RBNZ expects the reporting entity’s AMLCO and relevant senior management to attend the opening and closing meeting. 14. During the on-site inspection RBNZ expects the reporting entity’s AMLCO to attend all meetings, but should be supported by relevant staff and senior management where it is considered appropriate. 15. For a number of the areas to be discussed during the on-site inspection RBNZ’s general approach will be to assess whether the reporting entity has both adequate and effective AML/CFT procedures, policies and controls. RBNZ interprets the words “adequate and effective” as follows:  the adequacy of a risk assessment and AML/CFT programme is an assessment of whether or not the reporting entity’s procedures, policies, and controls comply with the requirements of the AML/CFT Act and regulations; and  the effectiveness of a risk assessment and AML/CFT programme is an assessment of how those procedures, policies, and controls are operating in practice. 16. The on-site inspection will conclude with a closing meeting with the reporting entity’s AMLCO and relevant senior management expected to attend. The AML/CFT Supervisors will verbally provide initial observations from the various topics discussed during the on￾site inspection and key findings from any sample testing conducted.

5 17. A reporting entity is encouraged to ask any final questions or provide closing comments during the closing meeting. 18. In alignment with the RBNZ’s relationship model, the key matters discussed during the closing meeting should also be reflective of the key matters contained within the on-site report. On-site Report ——— 19. Generally, RBNZ will provide a reporting entity with its on-site report within six to eight weeks of the on-site inspection being completed. 20. The structure of the on-site report will be based on the discussion topics covered during the on-site inspection. All findings will be included under the below sub-categories:  Material Breaches – RBNZ has reasonable grounds to suspect the reporting entity has failed to meet the requirements under the AML/CFT Act. RBNZ considers the breach to be a material issue and/or a systemic issue that requires immediate steps to be taken to achieve on-going compliance. This will be referred to RBNZ’s Enforcement team for review.  Minor Breaches – RBNZ has reasonable grounds to suspect that the reporting entity has failed to meet the requirements of the AML/CFT Act. The implications of the breach are considered less than material from an outcome perspective. Remedial action will be required to achieve on-going compliance. This may be referred to RBNZ’s Enforcement team for review.  Deficiencies – RBNZ has reasonable grounds to suspect aspects of the reporting entity’s compliance with requirements of the AML/CFT Act are inadequate and/or ineffective, however the finding may not represent a clear breach of the AML/CFT Act. Remedial action is required to achieve on-going compliance with the requirements of the AML/CFT Act. This may be referred to RBNZ’s Enforcement team for review.  Recommendations – RBNZ considers it good practice for the reporting entity to consider and implement the appropriate changes in order to maximise the effectiveness of the reporting entity’s AML/CFT programme. 21. Where a reporting entity is required to complete certain actions, each action will have a specific due date and a clear description of the RBNZ’s expectations. In some cases, RBNZ may request a regular progress update on the required action. It is likely that RBNZ will also seek further assurance that the required actions have been completed during future on-sites that may be conducted e.g. additional sample testing. 22. If you have any questions about on-site inspections please do not hesitate to contact the RBNZ AML/CFT team via email on amlcft@rbnz.govt.nz.