Customer Due Diligence for Companies 2022 Factsheet

1 Guidance: Customer Due Diligence – Companies This guidance should be read together with the Beneficial Ownership and Enhanced Customer Due Diligence guidelines. Background

1. This guidance assists reporting entities1 to conduct customer due diligence (CDD) under the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 (the Act) on their customers who are companies.
2. In New Zealand, both New Zealand based companies, and overseas companies that carry on business in New Zealand are required to be registered on the New Zealand Companies Register. Companies can have complex ownership structures, as well as multiple beneficial owners (the individual(s) who ultimately owns or controls a company) and persons acting on behalf of the company.
3. CDD is a cornerstone of your AML/CFT programme. CDD is the process through which you develop an understanding of your customers, and the money laundering and terrorism financing (ML/TF) risks they pose to your business.
4. Knowing who the customer is, verifying information provided and establishing their risk profile assists in protecting reporting entities from misuse. Developing a clear understanding of the underlying persons that own or control a company is a key part of this.
5. You must conduct CDD when you establish a business relationship with a new customer requesting services that are captured by the Act, or when a customer seeks to conduct an occasional activity or an occasional transaction. You must also conduct CDD on an existing customer in certain circumstances.
6. The Act requires you to carry out CDD on: 2 a. your customer 1 Within the meaning of section 5(1) of the Act. 2 This guidance does not cover customer due diligence (CDD) requirements for wire transfers, politically exposed persons, new or developing technologies or correspondent banking relationships.

2 b. any “beneficial owner” of a customer c. any person acting on behalf of a customer 7. The CDD process you follow (simplified, standard, or enhanced) is determined by the level of risk posed by your customer. Customers Simplified CDD 8. You can conduct simplified CDD on specific types of companies that are considered low risk for ML/TF. 9. This includes:3 • publicly listed companies and their subsidiaries • publicly listed overseas companies and their subsidiaries from low-risk jurisdictions • publicly listed issuers • state owned enterprises • crown entities 10.When simplified CDD applies, you need to record the full legal name of the company and a brief explanation of how it qualifies for simplified CDD. You also need to collect information about the nature and purpose of your proposed business relationship with the company. Standard CDD 11.When standard CDD applies, you need to collect the following identity information about a company: • full legal name • principal business address or registered office address • identity or registration number 12.You must verify this information using documents, data or information issued by a reliable and independent source. You must take reasonable steps to verify the information. 13.You also need to collect information on the nature and purpose of the proposed business relationship between you and the company, and sufficient information to determine whether the company should be subject to enhanced CDD. 3 See section 18(2) of the Act for the full list of who can qualify for simplified CDD.

3 Requirements relating to nominee directors or nominee shareholders 14.As part of the onboarding of a new customer that is a company, you must also obtain information on the existence and name of any nominee directors or nominee shareholders.4 15.You should do this by asking for this information from the company.5 The company’s response should be recorded in writing. This could include: • recording the existence of a nominee director or nominee shareholder in a yes/no tick box as part of your onboarding process • recording the company’s response in your system, as determined from your discussions with the company • an email from the company setting out the company’s response 16.A nominee director or nominee shareholder is a person who must follow, or is accustomed to follow, the instructions or directions of another person who is not a director or shareholder of the company when carrying out their role (sometimes called a ‘shadow director’ or ‘silent partner’). 6 This relationship can be informal (such as acting on the verbal instructions of a family member or a business associate), or formal (such as setting up a nominee director agreement with a professional intermediary such as a lawyer, accountant, or trust and company service provider).7 17.Nominee director or nominee shareholder arrangements are sometimes used to protect or disguise a company’s beneficial owner(s). For example, a nominee director could make all their decisions on the instructions of an underlying third party, who in practice is the natural person with effective ownership or control of the company. In this circumstance, the underlying third party would be considered a beneficial owner of the company. 18.While there are legitimate reasons for the use of nominee directors or nominee shareholders, companies which have these arrangements also present a higher ML/TF risk. Nominee director or nominee shareholder arrangements can be misused to facilitate money laundering and other types of criminal offending. For example, criminals or terrorists can use nominees to obscure their involvement in a transaction or activity. 19.You must take reasonable steps to verify the existence and name of any nominee director or nominee shareholder, according to the level of risk involved, so that you are satisfied you know who the nominee director or nominee shareholder is. 4 Regulation 11 – AML/CFT (Requirements and Compliance) Regulations 2011 5 You do not need to ask these questions if the company qualifies for simplified CDD. 6 A nominee director is not a recognised term used under the Companies Act 1993, however it is used in other countries. Therefore, it may be relevant if you establish a business relationship with a customer that is an overseas company. 7 There are some exceptions to this definition, including any company which qualifies for simplified CDD.

4 20.You are not required to use information, documents or data issued by an independent source to verify this information. 21.You may use information, documents or data issued by the company or another reliable source to verify the existence and name of any nominee director or nominee shareholder. This may include: • written confirmation from another director confirming the name of the nominee director • written confirmation of any nominee relationship(s) (formal or informal) • a written agreement in place between any nominees and the person whose instructions or directions the nominee follows or is accustomed to follow 22.Enhanced CDD is required for companies with nominee directors or shareholders. This is discussed in the “Enhanced CDD” section below. Any beneficial owner of a company 23.If you want to do business with a customer that is a company, you must identify and verify the identity of the company’s beneficial owner(s).8 24.Understanding and examining any nominee director or nominee shareholder arrangements in place is a key part of being able to identify and understand a company’s beneficial ownership arrangements. 25.It is crucial to know who the beneficial owner(s) are so that you can make appropriate decisions about the level of ML/TF risk presented by the company. 26.A beneficial owner is the individual(s) (natural person(s)) who ultimately owns or controls the company. 27.To identify the beneficial owner(s), you should establish and understand the company’s ownership structure at each layer. Where there are complex ownership structures with no reasonable explanation, you should consider the possibility that the structure is used to hide the beneficial owner(s). 28.The person whose instructions or directions a nominee director or nominee shareholder follows, or is accustomed to follow, is likely to be considered a beneficial owner under the Act, if they are an individual who in practice has effective control or ownership of a company. 29.For each beneficial owner of a company, you must obtain the individual’s full name, date of birth, address, and their relationship to the company (for example shareholder or CEO). You must then take reasonable steps, according to the level 8 This applies unless the company qualifies for simplified CDD.

5 of ML/TF risk, to verify this information, so that you are satisfied who the beneficial owner is. 30.You must also take reasonable steps to determine if the beneficial owner of a company is a politically exposed person.9 31.Refer to the Beneficial Ownership Guideline and the Enhanced Customer Due Diligence Guideline for further information on beneficial ownership. Any person acting on behalf of a company 32.You must identify and verify the identity of any person acting on behalf of a company, and their authority to act. A person is acting on behalf of a company if they are authorised to carry out transactions or other activities on the company’s behalf. This includes persons who have authority to act on behalf the company, for example, an accountant or persons able to transact on the business account. 33.You must obtain the person’s full name, date of birth (if an individual), address or registered office, entity identifier or registration number and registered office (if not an individual), and the person’s relationship to the company. 34.When a company is your existing customer, you must identify the identity of any new person acting on behalf of the company. This applies when you have previously conducted CDD on the company. You must obtain the full name and date of birth of the new person acting on behalf of the company, and their relationship to the company.10 35.You must take reasonable steps, according to the level of ML/TF risk, to verify the information you have obtained, so that you are satisfied who the person is and that they have authority to act. 36.Refer to the Acting on behalf of a customer factsheet and Beneficial ownership guideline for further information. Enhanced CDD 37.When your customer is a company, you must conduct enhanced CDD in specific circumstances: • if you are establishing a business relationship with a company, or the company seeks to conduct an occasional transaction or activity, and the company: o is a vehicle for holding personal assets o is a non-resident customer from a country that has insufficient AML/CFT systems or measures in place 9 Section 26 of the Act 10 Section 18(3) of the Act

6 o has a nominee shareholder or shares in bearer form • if you are establishing a business relationship with a company that has one or more nominee directors • the company seeks to conduct a complex, unusually large or unusual pattern of transactions that have no apparent or visible economic or lawful purpose • you assess the company (based on your risk assessment, the situation and your standard CDD) to present a higher ML/TF risk • if the company is an existing customer or is conducting an occasional transaction or activity, as soon as practicable after you become aware you must report a suspicious activity report to the New Zealand Police Financial Intelligence Unit (FIU) 38.When enhanced CDD applies, you must obtain and verify the same identity information as required by standard CDD. You must also obtain and verify, according to the level of risk, information about the source of funds or source of wealth of the company. 39.Refer to the Enhanced Customer Due Diligence Guideline for further information. AML/CFT programme 40.Your policies, procedures, and controls for CDD must be documented in your AML/CFT programme. This should include how your business will determine when enhanced CDD is required for a customer, when other types of CDD are permitted, and what you will do if you are unable to conduct CDD.

7 Updated 25 October 2022. Version History April 2013 Original version July 2019 Reviewed with no changes made. 25 October 2022 Full revised version. The additions to the guidance reflect regulation changes that expand the types of companies that qualify for simplified CDD and require CDD for nominee directors. Minor changes have been made to the guidance to reflect the enhanced CDD guideline. The remaining changes are not substantial and have been made for reasons of clarity. Disclaimer: This guidance has been produced by the AML/CFT supervisors under section 132(2)(c) of the Act. It is intended to assist reporting entities to understand their customer due diligence obligations under the Act for their customers who are companies. This guidance does not constitute legal advice. Where AML/CFT guidance material is referenced, it can be accessed at the following websites: Department of Internal Affairs http://bit.ly/2gQ3Iev Reserve Bank of New Zealand http://bit.ly/2n6RYdp Financial Markets Authority https://bit.ly/3fjcKlD