Reserve Bank of New Zealand AML/CFT Update December 2018

1 RESERVE BANK OF NEW ZEALAND / AML UPDATE, DECEMBER 2018 AML/CFT Update December 2018 RBNZ AML/CFT Supervision Welcome to the Reserve Bank of New Zealand’s AML/CFT update. This edition focuses on the following: • Introducing Chris Dawson • AML/CFT Compliance Officer changes • Record keeping and trust deeds • On-going customer due diligence • Key themes and issues from 2018 on-site visits If there are topics you would like covered in our updates, or you have a question about any AML/CFT related issue, please do not hesitate to email the RBNZ AML/CFT Supervision team at amlcft@rbnz.govt.nz Introducing Chris Dawson Chris Dawson has recently joined RBNZ’s AML/CFT Supervision team as a Senior Analyst. He was previously a Senior AML/CFT Analyst at Kiwibank Limited and has worked in the AML/CFT and Sanctions area for four years. Chris will be responsible for conducting on-site visits with reporting entities and assessing their level of compliance and their money laundering and terrorist financing risk. Welcome to the team Chris! AML/CFT Compliance Officer RBNZ’s AML/CFT Supervision team runs a relationship-based model, and we consider your AML/CFT Compliance Officer to be a primary point of contact for your reporting entity. Whenever there is a new AML/CFT Compliance Officer, it is important that we are notified in writing of the new person and their contact details.

2 RESERVE BANK OF NEW ZEALAND /AML UPDATE, DECEMBER 2018 Record-keeping obligations and trust deeds RBNZ has received queries regarding the retention of trust deeds for record keeping purposes under the AML/CFT Act 2009 (‘AML/CFT Act’). Some reporting entities have advised the retention of full copies of trust deeds poses potential risks regarding fiduciary obligations towards beneficiaries of the trusts. As a matter of good practice, where a reporting entity establishes a business relationship with a customer that is a trust, RBNZ recommends a reporting entity should obtain and retain the relevant sections of the trust deed. This should include the pages that contain the settlor, trustees, beneficiaries and the purpose of the trust. RBNZ confirms that retaining full copies of trust deeds is not a requirement to comply with the AML/CFT Act. On-going Customer Due Diligence Section 31 of the AML/CFT Act sets out the requirements for account monitoring (more commonly known as transaction monitoring ‘TM’) and on-going CDD (‘OCDD’) and defines the approach to TM and OCDD. The requirements extend to both new and existing customers, including customers who were in a business relationship with a reporting entity before the AML/CFT Act came into effect. OCDD involves regular reviews of customer information held on file. In the absence of a clear definition of ‘regular review’ there has been some confusion of what adequate and effective OCDD procedures, policies and controls should look like. In particular, reporting entities have been struggling to understand what ‘reviews’ should entail and what would be an appropriate frequency of these reviews. The reporting entities must adopt a risk-based approach towards OCDD. This means that priority should be given to at least the following areas: • Reviewing and updating (if required) CDD information for higher risk customers. • Reviewing existing customers who have a material change/trigger and become higher risk. • Existing customers where no identity verification is available. • Existing customers where there are suspicions of money laundering or terrorist financing.

3 RESERVE BANK OF NEW ZEALAND / AML UPDATE, DECEMBER 2018 Best Practice for OCDD • Obtain good quality copies/images of identification documents where only a description was previously obtained. • Review and update CDD verification (including identification documents that are expired) where there is a face-to-face interaction with any customer. • Have a plan to review all existing customers using a risk-based approach and obtain up to date identification documents. Key themes and issues from 2018 on-site visits Common themes and issues identified during on-site reviews through 2018 included the following: • RBNZ has made a shift towards assessing the AML/CFT ‘risks that matter most’. Key areas covered during 2018 included Risk Assessment methodologies, Terrorism Financing, Prescribed Transactions Reporting (‘PTR’), System Assurance, cash deposits via ‘Smart ATMs’ and other fast deposit type facilities, Electronic Verification, and De-risking/de-banking. • Risk Assessment methodologies for some reporting entities remains a concern. A number of reporting entities do not clearly distinguish between inherent and residual risk, which may result in an inaccurate assessment of risk. Other common issues include risk assessments not being updated frequently enough and not having regard to the most up-to-date guidelines published by supervisors. This is concerning because an AML/CFT Risk Assessment provides the foundation to a reporting entity’s AML/ CFT Programme. RBNZ strongly encourages reporting entities to review their risk assessment to ensure the abovementioned issues are not present and to avoid potential consequences, ranging from supervisory action to a pecuniary penalty. • Key person risk was observed in a number of reporting entities this year. This risk was further compounded where activities performed by key people were not documented. A number of AML/

4 RESERVE BANK OF NEW ZEALAND /AML UPDATE, DECEMBER 2018 Contact us: Email: amlcft@rbnz.govt.nz Damian Henry, Adviser, (04) 471 3960 Olga Lagutina, Senior Analyst, (04) 471 3828 Chris Dawson, Senior Analyst, (04) 471 3867 CFT Compliance Officers had very broad roles and were also responsible for wider risk and compliance areas. In some cases this resulted in limited oversight of the reporting entity’s AML/CFT programme. We would encourage reporting entities to consider this risk and implement appropriate mitigants and controls. • The quality and standard of Section 59 audits remains varied within both RBNZ’s reporting entities as well as the FMA’s and DIA’s reporting entities. Section 59 audits are a useful source of information for AML/CFT supervisors in preparation for an on￾site visit as they identify potential or actual deficiencies that can be further discussed during the visit. In 2019 the three AML/CFT supervisors plan to conduct an outreach discussion with auditors and consultants to address the inconsistent standard of audit reports. • Towards the second half of 2018 there was a greater focus on compliance with PTR obligations. PTR will continue to be a focus during on-sites throughout 2019. Thank you for all your hard work and commitment to AML/CFT over the year. Best wishes for the holidays and we look forward to seeing you all in 2019. AML/CFT Supervision team.