Customer Due Diligence – Co-operatives Guideline

AML/CFT Anti-money laundering and countering financing of terrorism Customer Due Diligence: Co-operatives Guideline This guideline should be read together with the Beneficial Ownership and Enhanced Customer Due Diligence guidelines. September 2025

2 Background

1. This guideline is intended to support reporting entities1 to conduct customer due diligence (CDD) under the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 (the Act) on their customers who are co-operatives.
2. A co-operative is a form of business organisation that is owned and controlled by its shareholders or members and run for their mutual benefit. A co-operative company is a common type of co-operative. A co-operative company means a company, the principal activity of which is, and is stated in its constitution as being, a co-operative activity and in which not less than 60% of the voting rights are held by transacting shareholders.2
3. This guideline may also be useful when considering customers who are mutual organisations or friendly societies.3 Refer to the Clubs and Societies CDD guideline for further information.
4. Knowing who a customer is, verifying information provided and establishing their risk profile assists in protecting reporting entities from misuse. Developing a clear understanding of the underlying persons that own or control a co-operative is a key part of this.
5. This guideline is based on the requirements of the Act and has been produced by the AML/CFT supervisors under section 132(2) of the Act. This guideline does not constitute legal advice.
6. Section 57(2) of the Act requires you to have regard to this guideline, it is important that you have read and taken this guideline into account when developing your AML/CFT programme. After reading this guideline, if you still do not understand your obligations under the AML/CFT Act, you should contact your AML/CFT supervisor or seek legal advice. Customer due diligence
7. CDD is a cornerstone of your AML/CFT programme. CDD is the process through which you develop an understanding of your customers, and the money laundering and terrorism financing risks they pose to your business. CDD is often referred to as “Know Your Customer” or “KYC”. 1 As defined in section 5(1) of the Act. 2 As defined in section 2(1)(a) of the Co-operative Companies Act 1996. 3 Within the meaning of section 11 of the Friendly Societies and Credit Unions Act 1982.

3 8. You must conduct CDD when you establish a business relationship4 with a new customer requesting services that are captured by the Act, or when a customer seeks to conduct an occasional activity or an occasional transaction. You must also conduct CDD on an existing customer5 in certain circumstances. 9. Section 11 of the Act requires you to conduct CDD on:6 a) your customer b) any “beneficial owner” of a customer c) any person acting on behalf of a customer. 10.The CDD process you follow for co-operatives (simplified, standard, or enhanced) is determined by the level of risk posed by your customer. 11.When assessing the money laundering and terrorism financing risk that the co￾operative customer poses to your business you may consider the size, structure, reputation within industry and whether it is local, national and/or international. Under a risk-based approach each customer is assessed on a case-by-case basis. Customers Simplified CDD 12.You can conduct simplified CDD on specific types of co-operative companies that are considered low risk for money laundering and terrorism financing. 7 13.This includes:8 • publicly listed co-operative companies and their subsidiaries • publicly listed overseas co-operative companies and their subsidiaries from low-risk jurisdictions • publicly listed issuers. 14.When simplified CDD applies, you need to record the full legal name of the co￾operative company. You should record a brief explanation of how it qualifies for simplified CDD. You also need to collect information about the nature and purpose of your proposed business relationship with the co-operative company. Standard CDD 15.When standard CDD applies, you need to collect the following identity information about a co-operative: • full legal name 4 As defined in section5(1) of the Act. 5 As defined in section 5(1) of the Act. 6 This guideline does not cover CDD requirements for wire transfers, politically exposed persons, new or developing technologies or correspondent banking relationships. 7 Effective 1 June 2024, Regulation 12AA of the AML/CFT (Requirements and Compliance) Regulations 2011 states that enhanced CDD must be conducted if there are grounds to report a suspicious activity in circumstances otherwise eligible for simplified CDD. 8 See section 18(2) of the Act for the full list of who can qualify for simplified CDD.

4 • the co-operative’s address or registered office • identity or registration number • any information prescribed by regulations. 9 16.You must verify this information using documents, data or information issued by a reliable and independent source. You must take reasonable steps to verify the information.10 17.You also need to obtain information on the nature and purpose of the proposed business relationship between you and the co-operative, and sufficient information to determine whether the co-operative should be subject to enhanced CDD.11 Any beneficial owner of a co-operative 18.If you want to do business with a customer that is a co-operative, you must identify and verify the identity of its beneficial owner(s). 19.A beneficial owner is the individual(s) (i.e. a natural person(s)) who ultimately owns or controls the co-operative. It is crucial to know who the beneficial owner(s) is so that you can make appropriate decisions about the level of money laundering and terrorism financing risk presented by the co-operative. Refer to the Beneficial Ownership Guideline for further information. 20.You must identify all beneficial owners. For each beneficial owner of a co-operative, you must obtain the individual’s full name, date of birth, address, and their relationship to the co-operative (for example members, shareholders, senior management). You must then take reasonable steps, according to the level of money laundering and terrorism financing risk, to verify this information, so that you are satisfied that you know who the beneficial owner is. You must also take reasonable steps to determine if the beneficial owner of the co-operative is a politically exposed person.12 21.To identify the beneficial owner(s), you should establish and understand the co￾operative’s ownership and control structure. This includes identifying and examining any nominee director or shareholder arrangements that are in place (see paragraphs [23] to [26] below). The individual’s ownership or control may be indirect, for example through several layers of ownership. Where a shareholder (or director in other jurisdictions) or any other party holding a similar role is a legal person or arrangement, the beneficial owner(s) of that legal person or arrangement should be identified. 9 Refer to section 15 of the Act. 10 Refer to section 16(1)(a) of the Act. 11 Refer to section 17 of the Act. Refer also to the Enhanced Customer Due Diligence Guideline for more information. 12 Refer to section 26 of the Act.

5 22.Where there are complex ownership structures with no reasonable explanation, you should consider the possibility that the structure is used to hide the beneficial owner(s), whether enhanced CDD should be conducted and whether a suspicious activity report should be submitted. Nominee directors or nominee shareholders 23.The involvement (or otherwise) of a nominee director or nominee shareholder in a cooperative is an important consideration when assessing the level of money laundering and terrorism financing risk. 24.A nominee director or nominee shareholder is a person who must follow, or is accustomed to follow, the instructions or directions of another person who is not a director or shareholder of the co-operative when carrying out their role.13 This relationship can be informal (such as acting on the verbal instructions of a family member or a business associate), or formal (such as setting up a nominee director agreement with a professional intermediary such as a lawyer, accountant, or trust and company service provider). 25.Nominee director or nominee shareholder arrangements are sometimes used to protect or disguise a co-operative’s beneficial owner(s). For example, a nominee director could make all their decisions on the instruction of an underlying third party, who in practice is the natural person with effective ownership or control of the co￾operative. In this circumstance, the underlying third party would be considered a beneficial owner of the co-operative. 26.While there are legitimate reasons for the use of nominee directors or nominee shareholders, co-operatives which have these arrangements also present a higher money laundering and terrorism financing risk. Nominee director or nominee shareholder arrangements can be misused to facilitate money laundering and other types of criminal offending. For example, criminals or terrorists can use nominees to obscure their involvement in a transaction or activity. Additional standard CDD requirements for co-operatives 27.Regulation 11 of the AML/CFT (Requirements and Compliance) Regulations 2011 introduces additional requirements when conducting standard CDD for a co￾operative. 28.This regulation formalises the information you are required to obtain and verify as part of standard CDD.14 This is intended to assist you to understand the co￾operative’s structure, to accurately identify its beneficial owner(s) (refer to paragraph [18] to [22] above) and in turn, assist to determine the level of money laundering and terrorism financing risk associated with the co-operative. 29.Under Regulation 11, you must obtain, and according to the level of risk, verify information relating to: 13 Regulation 3 of the AML/CFT (Requirements and Compliance) Regulations 2011. 14 Refer to section 14(1) of the Act.

6 • the co-operative’s legal form and proof of existence; • the co-operative’s ownership and control structure; • any powers that bind and regulate the co-operative; and • the existence and name of any nominee directors or nominee shareholders.15 30.The AML/CFT supervisors consider that these requirements can be read in combination with each other. For example, information on the powers that bind and regulate the co-operative can assist you to understand the co-operative’s ownership and control structure. The powers that bind and regulate can also assist you to identify the beneficial owners and the basis on which they are a beneficial owner, whether through ownership and/or effective control (refer to paragraph [35] below). 31.The supervisors also consider that this regulation will assist you to meet the requirement in the Act to obtain sufficient information to determine whether the co￾operative should be subject to enhanced CDD (refer to paragraph [17] above). 32.In practice, complying with the regulation can (and should) be aligned with your procedures, policies and controls (PPCs) in place to identify and verify the identity of the beneficial owner(s). 33.It may be necessary to include some additional questions as part of your onboarding process to comply with Regulation 11. However, for co-operative types you are familiar with and onboard regularly, this does not need to be extensive (unless the level of risk requires it). 34.Obtaining required information – The first step is to ask for the information from the co-operative. This could include asking direct questions (verbally or in writing) or by using yes/no tick box questions (for example on an application form). You should record the co-operative’s responses in writing, including retaining any written correspondence you receive. You must obtain information on the following: • the co-operative’s legal form and proof of existence: • the co-operative’s ownership and control structure, this could include statutory declarations for directors, deeds of appointment, an organisation chart or membership records: • the powers that bind and regulate the co-operative, this could be the provision of the constitution, a membership agreement (or equivalent): • the existence and name of any nominee director(s) or nominee shareholder(s): and • the names, dates of birth and addresses of the beneficial owner(s) and their relationship to the co-operative (refer to paragraph [20] above. 35.You should also obtain information on the basis on which each person meets the definition of beneficial owner (i.e. their position/membership/shareholding) and whether they meet the definition through ownership and/or effective control. Information relevant to this may include: • the number and names of any members, shareholders and/or their subscriptions, shareholdings and/or voting rights: 15 Regulation 11 AML/CFT (Requirements and Compliance) Regulations 2011.

7 • the number and names of any directors and/or senior management, their powers of management, powers to bind the co-operative and/or voting rights: • (if applicable) whether there is a constitution or membership agreement: • (if applicable) whether there is a formal nominee agreement and the reasons for the nominee arrangement. 36.Verification requirements – You must take reasonable steps to verify the information you have obtained (as set out in paragraph [34] and [35] above) according to the level of risk involved. 37.Your PPCs for verifying the information should be based on the level of risk. For a co-operative determined to be lower risk, the verification you undertake can be less extensive. However, if a co-operative is higher risk, the extent of the verification you undertake must be robust.16 38.In relation to the co-operative’s legal form and proof of existence, ownership and control structure and any powers that bind and regulate the co-operative, the verification must be on the basis of data, documents or information from a reliable and independent source.17 In many circumstances, you may be able to utilise publicly available information, such as on a Companies or other Register. 39.In relation to the existence and name of any nominee director or nominee shareholder, you are only required to verify this using information, documents or data issued by a reliable source. It does not need to be independent.18 You can therefore use information, documents or data issued by the co-operative. This may include: • written confirmation from another director confirming the name of the nominee director • written confirmation of any nominee relationship(s) (formal or informal) • a copy of a written agreement in place between any nominees and the person whose instructions or directions the nominee follows or is accustomed to follow. When is enhanced CDD required? 40.When your customer is a co-operative, you must conduct enhanced CDD in specific circumstances: • If you are establishing a business relationship with a co-operative, or the co￾operative seeks to conduct an occasional transaction or activity, and the co￾operative: o appears to be a vehicle for holding personal assets19 o appears to be a non-resident customer from a country that has insufficient AML/CFT systems or measures in place20 o has a nominee shareholder21 16 There should be controls in your AML/CFT programme to ensure this occurs. This could include escalating decisions to a higher management level for sign off. 17 Regulation 11(3)(a) of the AML/CFT (Requirements and Compliance) Regulations 2011. 18 Regulation 11(3)(b) of the AML/CFT (Requirements and Compliance) Regulations 2011. 19 Refer to section 22(1)(a)(i) and 22(1)(b)(i) of the Act. 20 Refer to section 22(1)(a)(ii) and 22(1)(b)(ii) of the Act. 21 Refer to section 22(1)(a)(iii) and 22(1)(b)(iii) of the Act.

8 • if you are establishing a business relationship with a co-operative that has one or more nominee directors22 • the co-operative seeks to conduct a complex, unusually large or unusual pattern of transactions that have no apparent or visible economic or lawful purpose23 • you assess the co-operative (based on your risk assessment, the situation and your standard CDD) to present a higher level of money laundering and terrorism financing risk24 • if the co-operative is an existing customer or is conducting an occasional transaction or activity and a suspicious activity report (SAR) must be submitted, as soon as practicable after you become aware you must report a SAR25 to the New Zealand Police Financial Intelligence Unit (FIU). The supervisors’ view is that conducting enhanced CDD prior to submitting the SAR would strengthen the quality and usefulness of the SAR.26 41.When enhanced CDD applies, you must obtain and verify the same identity information as required by standard CDD. You must also obtain and verify, according to the level of risk, information about the source of funds or source of wealth (or both) of the co-operative. 42.If this is not sufficient to manage and mitigate the risks of money laundering and the financing of terrorism, additional enhanced CDD measures are required.27 43.Refer to the Enhanced Customer Due Diligence Guideline for further information. Any person acting on behalf of a co-operative 44.You must also identify and verify the identity of any person acting on behalf of a co￾operative and their authority to act. A person is acting on behalf of a co-operative if they are authorised to carry out transactions or other activities with you on the co￾operative’s behalf. This includes persons who have authority to act on behalf of the co-operative and may include persons such as an accountant or person able to transact on the co-operative’s account. 45.You must obtain the person’s full name, date of birth (if an individual), address, entity identifier or registration number and registered office (if not an individual), and the person’s relationship to the co-operative. 46.When entities are appointed, you also need to identify the individual(s) representing the entity. Identification and verification of all such individuals must be to the extent required by the Act. 47.When a co-operative is a customer with whom you have an existing business relationship, you must identify the identity of any new person acting on behalf of the business. This applies when you have previously conducted CDD on the co￾22 Regulation 12 of the AML/CFT (Requirements and Compliance) Regulations 2011. 23 Refer to section 22(1)(c) of the Act. 24 Refer to section 22(1)(d) of the Act. 25 Refer to section 22A of the Act. 26 The supervisors acknowledge it may not always be practicable to complete enhanced CDD prior to submitting the SAR. 27 Regulation 12AB of the AML/CFT (Requirements and Compliance) Regulations 2011.

9 operative. You must obtain the full name and date of birth of the new person acting on behalf of the co-operative, and their relationship to the co-operative.28 48.You must take reasonable steps, according to the level of money laundering and terrorism financing risk, to verify the information you have obtained, so that you are satisfied both with who the person is and that they have authority to act. 49.Refer to the Acting on behalf of a customer factsheet and Beneficial ownership guideline for further information. AML/CFT programme 50.Your policies, procedures, and controls for CDD must be documented in your AML/CFT programme. This should include how your business will determine the applicable level of CDD required, and what you will do if you are unable to conduct CDD. Disclaimer: This guideline has been produced by the AML/CFT supervisors under section 132(2)(c) of the Act. It is intended to assist reporting entities to understand their customer due diligence obligations under the Act for their customers who are co￾operatives. This guideline does not constitute legal advice. Where AML/CFT guidance material is referenced, it can be accessed at the following websites: Department of Internal Affairs http://bit.ly/2gQ3Iev Reserve Bank of New Zealand http://bit.ly/2n6RYdp Financial Markets Authority https://bit.ly/3fjcKlD 28 Refer to section 18(3) of the Act. Note also Part 19 of the AML/CFT (Class Exemptions) Notice 2018. This provides an exemption from the requirement to conduct CDD (under section 18(3) of the Act) on a person acting on behalf of a customer by electronic means, subject to certain conditions and a written agreement between the reporting entity and the customer.

10 Version history April 2013 Original version July 2019 Removal of the word “or” in paragraph (b) under “Introduction” to align with Section 11 of the Act. September 2025 Updated: • to include additional standard CDD requirements for legal persons • to include a section on enhanced customer due diligence • to reflect amendments to the beneficial ownership guideline.