Designated Business Group Formation Guideline

AML / CFT Anti-money laundering and countering financing of terrorism Designated Business Group – Formation Guideline

2 Guideline to reporting entities on eligibility, formation, notification and withdrawal from a designated business group

1. This guideline is designed to help reporting entities forming a Designated Business Group (DBG) understand the process for doing so. Entities may form a DBG if they are eligible to do so under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (the AML/CFT Act) and associated regulations. This guideline highlights the eligibility criteria and election process, and explains the process for notifying an AML/CFT supervisor of the formation of a DBG, any addition or withdrawal of a member, or any change in details. Guidance on information sharing in a DBG is provided in a separate guideline.
2. This guideline is provided for information only and cannot be relied on as evidence of complying with the requirements of the AML/CFT Act. It does not constitute legal advice from any of the AML/CFT supervisors and cannot be relied on as such. What you will find in this guideline
3. This guideline is in three parts. They relate to:  Eligibility of members of a DBG  Election and notification  Withdrawal from a DBG – including dissolution of the DBG
4. Forms for notifying the AML/CFT supervisors of elections to form or join a DBG or any changes to a DBG can be found at the end of this guideline. Eligibility for forming a DBG
5. A DBG is a group of two or more eligible persons that have elected in writing to form a group to enable some obligations under the AML/CFT Act to be met on a shared basis. Section 5 of the AML/CFT Act and the Anti-Money Laundering and Countering Financing of Terrorism (Definitions) Regulations 2011 (definitions regulations) define a DBG and give details of the types of entities eligible to form a DBG. Eligible entities may elect to form a DBG and rely on one member of the DBG for policies, procedures and controls relating to certain parts of an AML/CFT programme.
6. Guidance on developing an AML/CFT programme is available from the AML/CFT supervisors. Guidance on the obligations that may be shared by members of a DBG is provided in a separate guideline.
7. There are essentially two types of DBGs. The first type has members that are related to each other as a ‘related company’ under the Companies Act 19931 . The other type of DBG has members who each fall into one of the following categories2 :

1 Refer to subsection (d)(i) in the definition of DBG in section 5 of the AML/CFT Act 2 As described in (d)(ii-v) of the definition of DBG in section 5 of the AML/CFT Act

3  providers of a service to a joint venture undertaking to which each member of the group is a party;  government departments, state enterprises or crown entities;  providers of products or services in common with a government department, state enterprise or crown entity; or  money transfer agents or sub-agents3 . 8. Members of a DBG do not have to be reporting entities. As mentioned above, entity types within the definition of a DBG include government departments that are not covered by the scope of the AML/CFT Act. Any third party, such as an overseas parent company, may elect to join a DBG where they meet the eligibility criteria and undertake activities or obligations on behalf of other members of a DBG. 9. No member of a DBG is able to be a member of more than one DBG in New Zealand4 . However, members of a DBG in New Zealand that operate overseas may also be a member of an overseas arrangement similar in nature to a DBG as defined in the AML/CFT Act. 10. Regulation 8 of the definitions regulations prescribes membership of DBGs for overseas companies. A company may be incorporated outside New Zealand but must be related to each other member of the DBG. If the company is not resident in New Zealand, it must be resident in a country with sufficient AML/CFT systems and be supervised or regulated for compliance with AML/CFT. Information to assist an assessment of what constitutes a country with sufficient AML/CFT systems is in a guideline – the Countries Assessment Guideline - issued by the AML/CFT supervisors. 11. An AML/CFT supervisor may request further information from the reporting entity or proposed DBG member to determine whether they are eligible for membership in a DBG. The AML/CFT supervisor must do this within 30 days of receiving notification of any election to form or join a DBG in the form in this guideline. Additional conditions of membership 12. A further condition on membership relates to the contact person of a DBG. That person must notify the AML/CFT supervisor of any changes to the DBG, including withdrawal of any members of the DBG or termination of the DBG5 . Any notification must be in writing and received within 30 days of the change. A form is included with this guideline for notifying the AML/CFT supervisors.

3 Regulation 7 of the AML/CFT (Definitions) Regulations 2011 4 Criterion (c) of the definition of a Designated Business Group in section 5 of the AML/CFT Act. 5 Criterion (e) of the definition of a Designated Business Group in section 5 of the AML/CFT Act and regulation 9 of the definitions regulations.

4 Additional members 13. New members may elect to join an existing DBG at any time so long as sufficient information is provided so that it can be determined whether the proposed new member meets the eligibility criteria and the AML/CFT supervisor is given notice, by the contact person of the DBG, 30 days before the election to join the DBG takes effect. Election and notification Agree to conditions of membership for election to be valid 14. Each entity is required to make its own election to be a member of a DBG. Elections must be in writing and include agreement to a number of conditions of membership, such as adhering to privacy requirements. 15. Section 36 of the AML/CFT Act sets out how to deal with personal information within a DBG. Importantly, all members of a DBG must agree in writing to comply with certain privacy principles in the Privacy Act 1993. These are Principles 5-11 in section 6 of the Privacy Act and cover storage, access and accuracy of personal information held and limits on its use and disclosure. 16. New Zealand based members will already be required to comply with the Privacy Act. However, they must still confirm that they will comply with the privacy principles. Overseas based members must also provide assurance in writing that they will comply with the privacy protections in the Privacy Act or the equivalent standards in their jurisdiction. Form of election 17. The form in this guideline is designed to assist entities with the election process and to ensure entities meet the requirements of the AML/CFT Act and regulations. Form of notification to an AML/CFT supervisor 18. Reporting entities can notify the relevant AML/CFT supervisors by submitting the form in this guideline. AML/CFT Regulation states that certain information must be included in an election form. The contact person for the DBG must ensure that the following information is provided:  the name of each entity electing to join the designated business group;  the name and contact details of a contact person for the designated business group;  the name and contact details of each entity’s intended AML/CFT compliance officer;  sufficient information to determine that each entity is eligible; and  the date that the election will take effect (if more than 30 days from submission of an application containing the information in paragraphs (a) to (d)). 19. The contact person for the DBG must also agree to conditions on membership of a DBG, such as complying with the personal information privacy provisions and notifying the AML/CFT supervisor of any change in information previously provided to any AML/CFT supervisor about the DBG.

5 20. The contact person of the DBG should send completed forms to the AML/CFT supervisor for that member. This will not necessarily be the AML/CFT supervisor for all members of the proposed DBG. Timing 21. Elections do not come into force until after 30 days of receipt of notification to the AML/CFT supervisors, unless further information is requested by the AML/CFT supervisor. Members of a DBG may choose a date in the future for the DBG to take effect, but that date must be after the period for AML/CFT supervisors to consider the DBG election notification. If no date is specified, the date will be on completion of the standard 30 day period of review by the AML/CFT supervisor, or any subsequent period as necessary. 22. AML/CFT supervisors have 30 days in which to request additional information necessary to satisfy themselves that all members of the DBG are eligible to join the DBG and each member has elected to do so. 23. The 30 day period starts the day after receipt of the notification of election. AML/CFT supervisors will notify the DBG contact person in writing of receipt of the notification. 24. If the AML/CFT supervisor requires additional information then the election does not come into force. A new 30 day period will begin once further information is received by the AML/CFT supervisor. 25. Further information that may be requested by an AML/CFT supervisor will be information necessary to establish eligibility for membership. It may include establishing:  the relationship to other entities (if entities are required to be related); or  that the entities are in a joint venture; or  that each entity has agreed to the privacy principles; or  that an overseas entity is based in a country with sufficient AML systems and measures and how that was determined; or  that the overseas entity is supervised or regulated. 26. The DBG will come into effect after the expiry of a 30 day period where an AML/CFT supervisor has not indicated the proposed DBG, or a proposed member of a DBG, is not eligible to form or be a member of a DBG, and no further information has been requested by the AML/CFT supervisor. 27. Electing to join an established DBG will follow the same requirements and timings. An election to join an established DBG will not be effective until the period following notification to an AML/CFT supervisor has expired.

6 Withdrawal or dissolving a DBG 28. When a member of a DBG withdraws from the DBG, the contact person for the DBG is required to notify the relevant AML/CFT supervisor of the withdrawal of that entity6 . 29. Similarly, the contact person must notify the AML/CFT supervisor if the DBG is to be terminated. 30. The form in this guideline should be used for notification of changes to the DBG to the AML/CFT supervisor. The withdrawal of a member or dissolution of a DBG will be effective following receipt of notification by the AML/CFT supervisor. 31. When a member withdraws from a DBG, or the DBG is dissolved, each reporting entity must ensure that all aspects of a risk assessment and AML/CFT programme that were previously shared with another member of the DBG are now suitably provided for by the reporting entity. This includes ensuring that the policies, procedures and controls applying to each aspect of the AML/CFT programme are adequate and effective for the reporting entity. 32. If the same systems were used across the DBG, a reporting entity must make sure provision is made for duplicate or new systems, where appropriate, before withdrawal from the DBG is effective. For example, if record keeping obligations are undertaken by one member of the DBG, it may still be appropriate for the reporting entity withdrawing from the DBG to use the same processes as the DBG. 33. The reporting entity is responsible for ensuring that they will continue to comply with any privacy requirements.

6 Regulation 9 of the AML/CFT (Definitions) Regulations 2011.

7 Form for notification to AML/CFT supervisor of formation of a Designated Business Group

1. Name of Designated Business Group: Name of Designated Business Group:
2. Contact person for the Designated Business Group Name of contact: Role in entity: Name of entity: Office address: Contact phone number: Email:
3. Members electing to join the Designated Business Group (continue on a separate page if necessary) Name of Members Name of Compliance Officer  Have all members elected in writing to join the designated business group?  Have all members agreed in writing to adhere to the Privacy Principles as set out in Principle 5 – 11 of section 6 of the Privacy Act 1993?
4. Each member of the Designated Business Group is:  related to each other member of the group within the meaning of section 2(3) of the Companies Act 1993 and is - i. a reporting entity resident in New Zealand; or ii. a person that is resident in another country with sufficient anti-money laundering and countering the financing of terrorism systems and is supervised or regulated for anti-money laundering and countering the financing of terrorism purposes; or  providing a service under a joint venture agreement, to which each member of the group is a party; or  a government department named in Schedule 1 of the State Sector Act 1988, a State enterprise under the State-Owned Enterprises Act 1986, or a Crown entity under section 7 of the Crown Entities Act 2004; or  related to one or more of the entities in subparagraph (iii) through the provision of common products or services; or

8  an entity or class of entities prescribed by regulations to be a member of a designated entity;  the entities are each money transfer agents or sub-agents; and each entity is related to every other entity in the designated business group or proposed designated business group in either of the following ways: i. one of those entities is a money transfer agent and the other entities are the sub-agents of that agent: ii. those entities are each sub-agents of the same money transfer agent, or  is either a company within the meaning of section 2(1) of the Companies Act 1993 or an overseas company within the meaning of that section; and is related, within the meaning of the Securities Markets Act 1988, to everybody corporate in the designated business group or proposed designated business group; and is either - i. a reporting entity resident in New Zealand; or ii. a person that is resident in a country with sufficient anti-money laundering and countering financing of terrorism systems and that is supervised or regulated for anti-money laundering and countering the financing of terrorism purposes. Evidence: [description of how related / organization chart / agreement etc] 5. I confirm that I am the contact person of this designated business group and I will notify the AML/CFT supervisor, in writing within 30 days, of any of the following: a) a withdrawal of a member from the designated business group; b) the termination of the designated business group; c) any other change in the details previously notified to any AML/CFT supervisor in respect of the designated business group. 6. The election is to be effective from [date – if more than 30 days from sending] Date: Signature: Name: Role:

9 Form for notification to AML/CFT supervisor of changes to a Designated Business Group

1. Contact person for the Designated Business Group Name of contact: Role in entity: Name of entity: Office address: Contact phone number: Email:
2. The Designated Business Group Name of Designated Business Group:
3. Changes to the Designated Business Group  a withdrawal of a member from the designated business group  the termination of the designated business group  the election of a new member to the designated business group  any other change in the details previously notified to any AML/CFT supervisor in respect of the designated business group  change in contact person for the DBG  other [area for detail of the change / which member added/deleted]
4. The change to the designated business group is to be effective from

[date – 30 days from sending] Date: Signature: Name: Role: