Customer Due Diligence for Sole Traders and Partnerships Guideline

AML/CFT Anti-money laundering and countering financing of terrorism Customer Due Diligence: Sole traders and partnerships Guideline This guideline should be read together with the Beneficial Ownership and Enhanced Customer Due Diligence guidelines. September 2025

2 Background

1. This guideline is intended to support reporting entities1 to conduct customer due diligence (CDD) under the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 (the Act) on their customers who are sole traders or partnerships.
2. A sole trader is a person trading on their own and is not incorporated.
3. Partnerships2 can be two or more persons who have an agreement to run a business. Many partnerships are established with a formal partnership agreement.3
4. These two business types can vary in size and complexity – from sole traders, to simple and transparent partnership structures through to very complex arrangements, depending on the needs of the partners, the size, nature of business and the terms of the agreement.
5. Knowing who a customer is, verifying information provided and establishing their risk profile assists in protecting reporting entities from misuse. Developing a clear understanding of the underlying persons that own or control an entity is a key part of this.
6. This guideline is based on the requirements of the Act and has been produced by the AML/CFT supervisors under section 132(2) of the Act. This guideline does not constitute legal advice.
7. Section 57(2) of the Act requires you to have regard to this guideline, it is important that you have read and taken this guideline into account when developing your AML/CFT programme. After reading this guideline, if you still do not understand any of your obligations you should contact your AML/CFT supervisor or seek legal advice. Customer due diligence
8. CDD is a cornerstone of your AML/CFT programme. CDD is the process through which you develop an understanding of your customers, and the money laundering and terrorism financing risks they pose to your business. CDD is often referred to as “Know Your Customer” or “KYC”.
9. You must conduct CDD when you establish a business relationship4 with a new customer requesting services that are captured by the Act, or when a customer seeks to conduct an occasional activity or an occasional transaction. You must also conduct CDD on an existing customer5 in certain circumstances. 1 As defined in section 5(1) of the Act. 2 As defined in section 8 and 9 of the Partnership Law Act 2019. When determining whether a partnership exists, reference should be made to sections 11 to 15. 3 Note this guidance is not intended to cover limited partnerships. For limited partnerships refer to the Customer Due Diligence: Limited Partnerships Guideline. 4 As defined in section 5(1) of the Act 5 As defined in section 5(1) of the Act.

3 10.Section 11 of the Act requires you to conduct CDD on:6 a) your customer b) any “beneficial owner” of a customer c) any person acting on behalf of a customer. 11.The CDD process you follow for sole traders or partnerships (standard or enhanced) is determined by the level of risk posed by your customer.7 Customers Standard CDD 12.When standard CDD applies, you need to collect the following identity information about a sole trader or partnership: • full legal name or trading name of the sole trader or partnership • the sole trader or partnership’s address • identity, registration number or New Zealand Business Number (if available) • any information prescribed by regulations. 8 13.You must verify this information using documents, data or information issued by a reliable and independent source. You must take reasonable steps to verify the information. 9 14.You also need to obtain information on the nature and purpose of the proposed business relationship between you and the sole trader or partnership, and sufficient information to determine whether the sole trader or partnership should be subject to enhanced CDD. 10 6 This guideline does not cover CDD requirements for wire transfers, politically exposed persons, new or developing technologies or correspondent banking relationships. 7 A reporting entity cannot conduct simplified CDD on its customers who are sole traders or partnerships. 8 Refer to section 15 of the Act. 9 Refer to section 16(1)(a) of the Act. 10 Refer to section 17 of the Act. Refer also to the Enhanced Customer Due Diligence Guideline for more information.

4 Any beneficial owner of a sole trader or partnership 15.If you want to do business with a customer that is a sole trader or partnership you must identify and verify the identity of its beneficial owner(s). 16.Most sole traders and partnerships have simple and transparent structures, and the beneficial owner(s) are likely to be easily identifiable. You should consider the possibility that a third party may be making decisions for the business, particularly in the case of sole traders. 17.A beneficial owner is the individual(s) (i.e. a natural person(s)) who ultimately owns or controls a sole trader or partnership.11 It is crucial to know who the beneficial owner(s) are so that you can make appropriate decisions about the level of money laundering and terrorism financing risk presented by the sole trader or partnership. Refer to the Beneficial Ownership Guideline for further information. 18.You must identify all beneficial owners. For each beneficial owner of a sole trader or partnership, you must obtain the individual’s full name, date of birth, address, and their relationship to the business. You must then take reasonable steps, according to the level of money laundering and terrorism financing risk, to verify this information, so that you are satisfied that you know who the beneficial owner is. 12 You must also take reasonable steps to determine if the beneficial owner of a sole trader or partnership is a politically exposed person.13 19.To identify a sole trader or partnership’s beneficial owner(s), you should establish and understand the business’s ownership structure at each layer (if applicable). The individual’s ownership or control may be indirect, for example through several layers of ownership. A sole trader and the beneficial owner are likely to be the same person. For a partnership, the partners are likely to be the beneficial owner(s). If any partners are entities, the beneficial owner(s) of each partner should be identified. 20.Where there are complex ownership structures with no reasonable explanation, you should consider the possibility that the structure is used to hide the beneficial owner(s), whether enhanced CDD should be conducted, and whether a suspicious activity report should be submitted. Additional standard CDD requirements for partnerships 21.Regulation 11A of the AML/CFT (Requirements and Compliance) Regulations 2011 formalises the information you are required to obtain and verify as part of standard CDD. This is intended to assist you to understand the partnership’s structure, to accurately identify its beneficial owner(s) (refer to paragraph [15] to [20] above) and in turn, assist to determine the level of risk associated with the partnership. 22.Under Regulation 11A, you must obtain, and according to the level of risk verify, information relating to: • the partnership’s legal form and proof of existence; and 11 As defined in section 5(1) of the Act. 12 Refer to section 16(1)(b) of the Act. 13 Refer to section 26 of the Act.

5 • the partnership’s ownership and control structure; and • any powers that bind and regulate the partnership. 23.The AML/CFT supervisors consider that these requirements can be read in combination with each other. For example, information on the powers that bind and regulate the partnership can assist you to understand the partnership’s ownership and control structure. The powers that bind and regulate can also assist you to identify the beneficial owners and the basis on which they are a beneficial owner, whether through ownership and/or effective control (refer to paragraph [28] below). 24.The supervisors also consider that this regulation will assist you to meet the requirement in the Act to obtain sufficient information to determine whether the partnership should be subject to enhanced CDD (refer to paragraph [14] above). 25.In practice, complying with the regulation can (and should) be aligned with your existing procedures, policies and controls (PPCs) in place to identify and verify the identity of the beneficial owner(s) of a customer that is a partnership. 26.It may be necessary to include some additional questions as part of your onboarding process to comply with Regulation 11A. However, this does not need to be extensive for partnership types you are familiar with and onboard regularly (unless the level of risk requires it). 27.Obtaining required information – The first step is to ask for the information from the partnership. This could include asking direct questions (verbally or in writing) or by using yes/no tick box questions (for example on an application form). You should record the partnership’s responses in writing, including retaining any written correspondence you receive. You must obtain information on the following: • the partnership’s legal form and proof of existence; • the partnership’s ownership and control structure; • the powers that bind and regulate the partnership, this could be the partnership agreement; • the names, dates of birth and addresses of the beneficial owner(s) and their relationship to the partnership (refer to paragraph [18] above). 28.You should also obtain information on the basis on which each person meets the definition of beneficial owner (i.e. their position) and whether they meet the definition through ownership and/or effective control. Information relevant to this may include: • the number and names of any partners and/or voting rights, their capital contributions, partnership interests, distribution/profit and loss sharing, share of liability, powers of management and/or powers to bind the partnership: • (if applicable) whether there is a partnership agreement and the date on which the partnership agreement was entered into. 29.Verification requirements – You must take reasonable steps to verify the information you have obtained (as set out in paragraph [27] and [28] above) according to the level of risk involved.

6 30.Your PPCs for verifying the information you obtained should be based on the level of risk. For a partnership determined to be lower risk, the verification you undertake can be less extensive. However, if a partnership is higher risk, the extent of the verification you undertake must be robust. 14 31.In relation to the partnership’s legal form and proof of existence, ownership and control structure and any powers that bind and regulate the partnership, you are only required to verify this using information, documents or data issued by a reliable source. It does not need to be independent.15 You can therefore use information or documents issued by the partnership. This may include a partnership agreement. 32.Some partnerships will have no formal partnership agreement. Absent an agreement, the following examples may assist to verify the information set out in paragraph [27]: • emails or other communications referencing the partnership and how it operates; • minutes of meetings or business plans; • representations made by the parties concerning the partnership; and • joint tax records, bank accounts, business contracts or leases. When is enhanced CDD required? 33.When your customer is a sole trader or partnership, you must conduct enhanced CDD in specific circumstances: • if you are establishing a business relationship with a sole trader or partnership, or the sole trader or partnership seeks to conduct an occasional transaction or activity, and the sole trader or partnership appears to be: o a vehicle for holding personal assets16 o a non-resident customer from a country that has insufficient AML/CFT systems or measures in place17 • if the sole trader or partnership seeks to conduct a complex, unusually large or unusual pattern of transactions that have no apparent or visible economic or lawful purpose18 • you assess the sole trader or partnership (based on your risk assessment, the situation and your standard CDD) to present a higher money laundering and terrorism financing risk19 • if the sole trader or partnership is an existing customer or is conducting an occasional transaction or activity and a suspicious activity report (SAR) must be reported, as soon as practicable after you become aware you must report a SAR to the New Zealand Police Financial Intelligence Unit (FIU).20 In this 14 There should be controls in your AML/CFT programme to ensure this occurs. This could include escalating decisions to a higher management level for sign off. 15 Regulation 11A(3)(a) of the AML/CFT (Requirements and Compliance) Regulations 2011. 16 Refer to section 22(1)(a)(i) and 22(1)(b)(i) of the Act. 17 Refer to section 22(1)(a)(ii) and 22(1)(b)(ii) of the Act. 18 Refer to section 22(1)(c) of the Act. 19 Refer to section 22(1)(d) of the Act. 20 Refer to section 22A of the Act.

7 circumstance, the supervisors’ view is that conducting enhanced CDD prior to submitting the SAR would strengthen the quality and usefulness of the SAR.21 34.When enhanced CDD applies, you must obtain and verify the same identity information as required by standard CDD. You must also obtain and verify, according to the level of risk, information about the source of funds or source of wealth (or both) of the sole trader or partnership. 35.If this is not sufficient to manage and mitigate the risks of money laundering and the financing of terrorism, additional enhanced CDD measures are required.22 36.Refer to the Enhanced Customer Due Diligence Guideline for further information. Any person acting on behalf of a sole trader or partnership 37.You must also identify and verify the identity of any person acting on behalf of a sole trader or partnership and their authority to act. A person is acting on behalf of a business if they are authorised to carry out transactions or other activities with you on the sole trader or partnership’s behalf. This includes persons who have authority to act on behalf of the business, and may include, for example: • an accountant or persons able to transact on the business account • a person with the authority to sign, amend account holder details, transfer, and spend in the customer’s name (for example a signatory or second cardholder on a spouse’s account) • a person granted authority because they are the legal guardian of a minor or the holder of an operational power of attorney or similar • an individual who is authorised to represent any legal entity appointed as a professional third party to act for the customer. 38.You must obtain the person’s full name, date of birth (if an individual), address, entity identifier or registration number and registered office (if not an individual), and the person’s relationship to the sole trader or partnership. 39.When entities are appointed, you also need to identify the individual(s) representing the entity. Identification and verification of all such individuals must be to the extent required by the Act. 40.When a sole trader or partnership is a customer with whom you have an existing business relationship, you must identify the identity of any new person acting on behalf of the business. This applies when you have previously conducted CDD on the business. You must obtain the full name and date of birth of the new person acting on behalf of the business, and their relationship to the business.23 21 The supervisors acknowledge it may not always be practicable to complete enhanced CDD prior to submitting the SAR. 22 Regulation 12AB AML/CFT (Requirements and Compliance) Regulations 2011. 23 Refer to section 18(3) of the Act. Note also Part 19 of the AML/CFT (Class Exemptions) Notice 2018. This provides an exemption from the requirement to conduct CDD (under section 18(3) of the Act) on a person acting on behalf of a customer by electronic means, subject to certain conditions and a written agreement between the reporting entity and the customer.

8 41.You must take reasonable steps, according to the level of money laundering and terrorism financing risk, to verify the information you have obtained, so that you are satisfied both with who the person is and that they have authority to act. 42.Refer to the Acting on behalf of a customer factsheet and Beneficial ownership guideline for further information. AML/CFT programme 43.Your policies, procedures, and controls for CDD must be documented in your AML/CFT programme. This should include how your business will determine the applicable level of CDD required, and what you will do if you are unable to conduct CDD. Version History April 2013 Original version July 2019 Removal of the word “or” in paragraph (b) under “Introduction” to align with section 11 of the Act. October 2022 Full revised version. The additions to the guidance reflect regulation changes that require CDD for nominee general partners. Minor changes have been made to the guidance to reflect the enhanced CDD guideline. The remaining changes are not substantial and have been made for reasons of clarity. September 2025 Updated: • to remove any references to limited partnerships • to include additional standard CDD requirements for legal arrangements • to reflect amendments to the beneficial ownership guideline. Disclaimer: This guideline has been produced by the AML/CFT supervisors under section 132(2)(c) of the Act. It is intended to assist reporting entities to understand their customer due diligence obligations under the Act for their customers who are sole traders or partnerships. This guideline does not constitute legal advice. Where AML/CFT guidance material is referenced, it can be accessed at the following websites: Department of Internal Affairs http://bit.ly/2gQ3Iev Reserve Bank of New Zealand http://bit.ly/2n6RYdp Financial Markets Authority https://bit.ly/3fjcKlD