Memorandum of Understanding on AML/CFT Supervisory Information Sharing Between DIA and RBNZ

MEMORANDUM OF UNDERSTANDING Concerning AML/CFT supervisory transitional information-sharing between Department of Internal Affairs and Reserve Bank of New Zealand

Memorandum of understanding dated [Insert date of last signature] Parties • Department of Internal Affairs (DIA) • Reserve Bank of New Zealand (RBNZ) 1 Introduction 1.1 This Memorandum of Understanding (MOU) establishes a framework for information sharing between the DIA and the RBNZ in support of the transition to a single supervisor for the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) system in New Zealand, with the DIA becoming the consolidated supervisor. 1.2 This MOU sets out the principles, responsibilities, and procedures for the secure and appropriate sharing of information relevant to the AML/CFT supervisory functions and the broader regulatory responsibilities of both agencies during this transition period. 1.3 This MOU is a statement of intent and does not create legally binding obligations or amend existing statutory powers, duties, or functions of either Party. However, the Parties commit to upholding the spirit and intent of this MOU. 2 Purpose 2.1 The primary purpose of this MOU is to facilitate the efficient, effective, and secure transfer of necessary information from RBNZ to DIA, enabling DIA to assume its expanded responsibilities as the AML/CFT single supervisor for all reporting entities, including those previously supervised by RBNZ. 2.2 Specifically, this MOU aims to:

1. Enable DIA to effectively take over AML/CFT supervisory functions held by RBNZ.
2. Ensure continuity and minimise disruption to AML/CFT compliance and supervision during the transition.
3. Support DIA in building a comprehensive understanding of the AML/CFT risk landscape and compliance status of entities migrating from RBNZ supervision.
4. Facilitate the transfer of historical AML/CFT compliance records, enforcement actions, intelligence, and other relevant supervisory data.
5. Maintain a high standard of regulatory oversight and ensure New Zealand continues to meet its international AML/CFT obligations.
6. Protect the privacy and security of all shared information in accordance with New Zealand law and best practice. 3 Parties' objectives 3.1 Both Parties agree to the following objectives in relation to this MOU: a) To cooperate fully and in good faith to achieve a seamless transition of AML/CFT supervisory responsibilities. b) To ensure that all information sharing activities are conducted lawfully, ethically, and with due regard to privacy, confidentiality, and data security.

c) To establish clear communication channels and operational procedures for information requests, provision, and usage. d) To work collaboratively to resolve any issues or challenges that may arise during the information sharing process. e) To collaboratively produce a migration plan which aligns to the workstream plan. The migration plan will document responsibilities during the transfer. 4 Scope of information sharing 4.1 The information to be shared under this MOU includes, but is not limited to, data and documentation in various formats related to: a) AML/CFT Reporting Entities: Details and records of RBNZ supervised entities, contact information, and business activities relevant to AML/CFT obligations. b) Risk Assessments: Entity-specific and sector risk assessments conducted by RBNZ regarding money laundering and terrorist financing. c) Compliance Programs: Information on reporting entities' AML/CFT programmes. d) Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) records (where relevant and permissible). e) Suspicious Activity Reports (SARs) and Prescribed Transaction Reports (PTRs): Aggregated data, trends, and, where necessary for specific supervisory purposes, individual SAR/PTR context/follow-up from RBNZ's records. (Note: The FIU remains the primary recipient of SARs/PTRs). f) Compliance Monitoring & Audits: Results of RBNZ's compliance monitoring activities, audit reports, and any identified compliance deficiencies or remediation plans. g) Enforcement Actions: Details and records of any enforcement actions, warnings, penalties, or other interventions taken by RBNZ against reporting entities for AML/CFT non-compliance. h) Exemptions and Waivers: Records of any exemptions, waivers, or specific directives issued by RBNZ under the AML/CFT Act. i) Supervisory Intelligence: Any other intelligence or information deemed necessary by either Party for the effective transfer and ongoing exercise of AML/CFT supervisory functions. j) IT Systems and Data Formats: Information pertaining to RBNZ's current IT systems, data structures, and formats relevant to the AML/CFT data, to facilitate data migration and integration planning. k) Technical Support Requirements: Any technical support information necessary to facilitate the transition and post-project activities. For clarity, the provision of technical support does not imply any obligation on DIA to fund or reimburse associated costs incurred. l) Any other information which is relevant to the transition. 5 Legal authority for information sharing 5.1 The Parties acknowledge that all information sharing under this MOU must comply with the laws of New Zealand, including but not limited to:

a) The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act). b) The Privacy Act 2020. c) The Official Information Act 1982. d) The Public Records Act 2005. e) Any specific legislative provisions governing the functions and information holdings of DIA and RBNZ. 5.2 The Parties will ensure that a clear legal basis exists for each instance of information sharing, including considerations of purpose, necessity, and proportionality, and that any conditions or restrictions on disclosure are adhered to. 6 Use of shared information 6.1 Information shared by RBNZ with DIA under this MOU will only be used by the DIA for the purposes outlined in Section 2 of this MOU, specifically for fulfilling its role as the consolidated AML/CFT supervisor. 6.2 The receiving Party (DIA) will not use shared information for any purpose other than that for which it was provided, unless explicitly agreed in writing by the providing Party (RBNZ) and in accordance with relevant legislation. 7 Confidentiality and security 7.1 The Parties agree to treat all shared information, particularly sensitive personal or commercially confidential data, with the utmost confidentiality. 7.2 Both Parties will implement and maintain robust technical and organisational security measures to protect shared information from unauthorised access, use, disclosure, alteration, or destruction. This will be outlined in the migration plan. 7.3 In the event of a suspected or actual privacy breach or security incident involving shared information, the affected Party will immediately notify the other Party and cooperate fully in any investigation and remediation efforts. 8 Data quality and accuracy 8.1 The RBNZ will endeavour to provide information that is accurate, complete, and up to date at the time of transfer. 8.2 The DIA acknowledges that the RBNZ's records reflect its supervisory activities up to the point of transfer and may not include real-time updates post-transfer. DIA will be responsible for ongoing data maintenance and validation once information has been migrated to its systems. To provide assurance that the information has been accurately migrated, during the migration a formal validation process will be implemented by the DIA, in consultation with RBNZ. 8.3 In the event that transferred information is found to be incomplete, inaccurate or corrupted, both Parties will work collaboratively to identify and resolve the issue in a timely and effective manner with reasonable assistance to ensure the integrity of the transferred data.

9 Review and termination 9.1 This MOU will come into effect on the date of the last signature and will remain in effect until all relevant AML/CFT information is transitioned, including any residual transitional activities required post-project. This includes the provision of post-project technical support to ensure the transfer of any outstanding information, unless otherwise terminated. 9.2 Prior to mutual agreement for termination of this MOU, a formal checklist or equivalent mechanism must be completed to track and confirm the handover of all relevant transitional information. A record of this completed handover must be documented and agreed upon by both parties. 9.3 This MOU may be reviewed quarterly until transfer is complete to assess progress and amended at any time by mutual written agreement of both Parties while this MOU is in effect. 9.4 Either Party may terminate this MOU by providing written notice to the other Party. In the event of termination, the Parties will cooperate to ensure an orderly wind-down of information sharing activities and the secure disposal or return of shared information where appropriate. 10Relationship management and contacts 10.1 Each Party will nominate a primary point of contact responsible for managing the relationship under this MOU and overseeing the information sharing process. 10.2 For the Department of Internal Affairs (DIA): Monique Perdana, IT & Data workstream lead, monique.perdana@dia.govt.nz. For the Reserve Bank of New Zealand (RBNZ): Damian Henry, Manager AML/CFT Supervision, damian.henry@rbnz.govt.nz. These contacts will meet regularly (as agreed) to discuss progress, address any issues, and ensure the effective implementation of this MOU. 11Dispute resolution 11.1 Any disputes or disagreements arising from the interpretation or implementation of this MOU will be resolved amicably through discussion between the nominated contacts. 11.2 If a resolution cannot be reached at that level, the matter will be escalated to senior management representatives of both Parties for resolution. 12. SIGNATURES This Memorandum of Understanding is signed on behalf of the Parties by their duly authorised representatives:

FOR THE DEPARTMENT OF INTERNAL AFFAIRS (DIA) John Sneyd, General Manager Regulatory Services Date: FOR THE RESERVE BANK OF NEW ZEALAND (RBNZ) Scott McKinnon, Director Specialist Supervision Date: 15 September 2025 16 September 2025