Customer Due Diligence: Trusts Guideline

1

AML/CFT Anti-money laundering and countering financing of terrorism Customer Due Diligence: Trusts Guideline This guideline should be read together with the Beneficial Ownership and Enhanced Customer Due Diligence guidelines. May 2024

2 Introduction

1. This guideline is intended to support reporting entities1 to conduct customer due diligence (CDD) under the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 (the Act) on their customers who are trusts.
2. A trust is a legal arrangement where a person (the settlor) gives money or property to another person (the trustee), to be held in trust for the benefit of either the trust’s beneficiaries, or a purpose recognised by law. A trust deed, and any deeds of appointment or amendment to it, hold all these relationships together and serve as the operating manual for the trustee(s). A trust is a vehicle for holding assets.
3. Trusts may create the perception of distance between assets and their beneficial owners. This is attractive to criminals, enabling them to conceal beneficial ownership of assets and/or be an effective means of dispersing assets while retaining control.
4. Knowing who the customer is, verifying information provided and establishing their risk profile assists in protecting reporting entities from misuse. Developing a clear understanding of the underlying persons that own or control a trust is a key part of this.
5. This guideline is based on the requirements of the Act and has been produced by the AML/CFT supervisors under section 132(2) of the Act. This guideline does not constitute legal advice.
6. Examples provided in this guideline are suggestions to help you meet your obligations under the Act. They are not exhaustive and are illustrative in nature.
7. Section 57(2) of the Act requires you to have regard to this guideline, it is important that you have read and taken this guideline into account when developing your AML/CFT programme. After reading this guideline, if you still do not understand any of your obligations you should contact your AML/CFT supervisor or seek legal advice. Customer due diligence
8. CDD is a cornerstone of your AML/CFT programme. CDD is the process through which you develop an understanding of your customers, and the money laundering and terrorism financing (ML/TF) risks they pose to your business.
9. You must conduct CDD when you establish a business relationship with a new customer requesting services that are captured by the Act, or when a customer seeks to conduct an occasional activity or an occasional transaction. You must also conduct CDD on an existing customer in certain circumstances. 1 Within the meaning of section 5(1) of the Act.

3 10.The Act requires you to carry out CDD on: 2 a. your customer; 3 b. any “beneficial owner” of a customer; c. any person acting on behalf of a customer. 4 11.You are also required to conduct enhanced CDD on a trust as a customer. 5 In addition to the standard CDD requirements set out in the Act and regulations, you must also obtain and verify information on the source of funds and/or the wealth of the trust.6 12.Note: Trusts do not usually have a legal personality. However, the Act and associated regulations prescribe requirements in various circumstances in which the customer is a trust, and in other circumstances prescribe the trust as the customer.7 Therefore, when providing services captured by the Act to a trust, the trust (and not the trustees) is your customer for the purpose of the Act. Customers Standard CDD 13.You need to obtain the following identity information about a trust: • full name of the trust: • address of the trust: 14.You must take reasonable steps to verify this information using documents, data or information issued by a reliable and (where possible) independent source. 8 15.You also need to obtain, but do not have to verify, the following information about a trust: • the name and date of birth of the individuals who are the trust’s beneficiaries; or • if the trust is a discretionary trust or a charitable trust or has more than ten beneficiaries, you must obtain a description of: (i) each class or type of beneficiary, (ii) in the case of a charitable trust - the objects of the trust. 9 16.You also need to obtain information on the nature and purpose of the proposed business relationship between you and the trust. 10 2 This guideline does not cover CDD requirements for wire transfers, politically exposed persons, new or developing technologies or correspondent banking relationships. 3 Regulation 5E of the AML/CFT (Definitions) Regulations 2011 clarifies that when providing a facility to a trust, it is the trust that is the customer and not the trustees (effective 31 July 2023). 4 Section 11 of the Act. 5 Section 22(1)(a)(i) and 22(1)(b)(i) of the Act. 6 Sections 23 and 24 of the Act. Effective 1 June 2024 additional enhanced CDD measures may also be required. Refer Enhanced Customer Due Diligence Guideline and Regulation 12AB of the AML/CFT (Requirements and Compliance) Regulations 2011. 7 Refer s22(1) of the Act, Regulation 11A of the AML/CFT (Requirements and Compliance) Regulations 2011. Also Regulations 5E and 5G of the AML/CFT (Definitions) Regulations 2011. 8 Section 16(1)(a) of the Act. There may not be an independent source available to verify the name and address of the trust. If not, a reliable source (such as a trust deed) should be used. 9 Section 23(2) of the Act. 10 Section 25 of the Act.

4 Any beneficial owner of a trust 17.If you want to do business with a customer that is a trust, you must identify and verify the identity of the trust’s beneficial owner(s). 18.A beneficial owner is the individual(s) (i.e. a natural person(s)) who ultimately owns or controls the trust. It is crucial to know who the beneficial owner(s) is so that you can make appropriate decisions about the level of ML/TF risk presented by the trust. Refer to the Beneficial Ownership Guideline for further information. 19.You must identify all beneficial owners. For each beneficial owner of a trust, you must obtain the individual’s full name, date of birth, address, and their relationship to the trust (for example trustee, beneficiary with a vested interest of more than 25 percent in the trust property). You must then take reasonable steps, according to the level of ML/TF risk, to verify this information, so that you are satisfied who the beneficial owner is. You must also take reasonable steps to determine if the beneficial owner of the trust is a politically exposed person.11 20.To identify the beneficial owner(s), you should establish and understand the trust’s ownership and control structure. First and foremost, the trust deed should be analysed. This includes identifying any trustee (or other individual) who has effective control over the trust. Depending on the terms of the trust, this might include a settlor, a protector, an appointor or special trustee, or one or more of the beneficiaries of the trust. Note that some beneficiaries may be a beneficial owner of a trust, but not all beneficiaries will be a beneficial owner of the trust. 21.“Control” means a power (whether exercisable alone or jointly with another person or with the consent of another person) under the trust deed or other trust instrument or by law to: i. dispose of or invest (other than as an investment manager) trust property; ii. direct, make or approve trust distributions; iii. vary or terminate the trust; iv. add or remove a person as a beneficiary or to or from a class of beneficiaries; and/or v. appoint or remove trustees. 22.Note that an individual’s ownership and/or control may be indirect, for example through several layers of ownership. Where any trust party with effective ownership and/or control is a legal person or arrangement, the beneficial owner(s) of that legal person or arrangement should be identified. 23.Where there are sophisticated or complex trust structures with no reasonable explanation, you should consider the possibility that the structure is used to hide the 11 Section 26 of the Act.

5 beneficial owner(s), whether enhanced CDD should be conducted and whether a suspicious activity report should be submitted. Settlors 24.Settlors are natural or legal persons who transfer ownership of their assets to trustees by means of a trust deed or similar arrangement. A person is also a settlor if they have provided (or undertaken to provide) property or funds for the trust. This requires an element of bounty (i.e., the settlor must intend to provide some form of benefit rather than being an independent third party transferring something to the trust for full consideration). A settlor is generally understood as the person (or persons) establishing a trust. A settlor may be a beneficial owner of the trust (depending on the terms of the trust) if they have effective control, but a settlor may not always be a beneficial owner of the trust. 25.A settlor may or may not be named in the trust deed. You should also be aware it is possible that the settlor named as such in a trust deed or other instrument is not the real ‘economic settlor’ i.e., the named settlor is effectively only acting as a ‘nominee’ for the real economic settlor who is the real owner of the assets contributed to the trust. In these instances, additional consideration may be needed as to how to identify the economic settlor (according to the level of risk). Any economic settlor will also be relevant for your obligations to obtain and verify information regarding the source of wealth and/or funds of the customer (refer paragraphs [38] to [46] below). Additional standard CDD requirements for trusts 26.Effective 1 June 2024, Regulation 11A of the AML/CFT (Requirements and Compliance) Regulations 2011 introduces additional requirements when conducting CDD for a trust. 27.This regulation formalises the information you are required to obtain and verify as part of standard CDD.12 This is intended to assist you to understand the trust’s legal structure(s), to accurately identify its beneficial owner(s) (refer paragraph [17] to [23] above) and in turn, assist to determine the level of risk associated with the trust. 28.Under Regulation 11A, you must obtain, and according to the level of risk verify, information relating to: • the trust’s legal form and proof of existence; • the trust’s ownership and control structure; • any powers that bind and regulate the trust; and • the settlor(s) and any protector(s) of the trust. 13 29.The AML/CFT supervisors consider that these requirements can be read in combination with each other. For example, information on the powers that bind and regulate the trust can assist you to understand the trust’s ownership and control structure. The powers that bind and regulate can also assist you to identify the 12 Section 14(1) of the Act. 13 Regulation 11A of the AML/CFT (Requirements and Compliance) Regulations 2011 (effective 1 June 2024).

6 beneficial owners and the basis on which they are a beneficial owner, whether through ownership and/or effective control (refer to paragraph [32] below). In practice, we consider that complying with the regulation can (and should) be aligned with your existing procedures, policies and controls (PPCs) in place to identify and verify the identity of the beneficial owner(s) of a customer that is a trust. These requirements will also assist you to obtain and verify information relating to the source of funds or wealth (or both) of the trust (refer paragraphs [38] to [46] below). 30.It may be necessary to include some additional questions as part of your onboarding process to comply with Regulation 11A. However, for types of trust you are familiar with and onboard regularly, this does not need to be extensive (unless the level of risk requires it). 31.Obtaining required information – The first step is to ask for the information from the trust. This could include asking direct questions (verbally or in writing) or by using yes/no tick box questions (for example on an application form). You should record the trust’s responses in writing, including retaining any written correspondence you receive. You must obtain information on the following: • the trust’s legal form and proof of existence: • the trust’s ownership and control structure: • the powers that bind and regulate the trust, this could be the trust deed and any deeds of appointment or amendment: • the names of the settlor(s) and any protector(s) of the trust. For a natural person, this should include obtaining their names and dates of birth.14 32.For a trust’s ownership and control structure, it is important to understand that the concepts of ownership and control are closely related to beneficial ownership. To ensure you understand the ownership and control structure, you must obtain information on the following: • the name(s) of any beneficiary with a vested interest of more than 25 percent of the trust property: • the name(s) of any trustee that has effective control over the trust: • (if applicable) the name(s) of any person (other than a trustee) who has effective control over the trust (refer to paragraph [20] and [21] above). • the name, date of birth and address of any underlying natural person that meets the definition of beneficial owner, and their relationship to the trust. You should also obtain information on the basis on which they do so (i.e. due to vested interest, control as a trustee and/or control other than as a trustee). 33.Verification requirements - You must take reasonable steps to verify the information you have obtained (as set out in paragraph [31] and [32] above) according to the level of risk involved. 14 Note: the supervisors do not consider it necessary to obtain the date of birth of a settlor or protector that is not a beneficial owner.

7 34.Your PPCs for verifying the information should be based on the level of risk. For a trust determined to be lower risk, the extent of verification steps you undertake can be less extensive. However, if you identify potential higher risks associated with the trust, the level of verification you undertake must be robust.15 35.In relation to the trust’s legal form and proof of existence, ownership and control structure and any powers that bind and regulate it, you are only required to verify this using information, documents or data issued by a reliable source. It does not need to be independent. 16 You can therefore use information, documents or data issued by the trust. This may include: • A copy of the trust deed and any deeds of appointment or amendment. • written confirmation or advice from the trustee or a professional acting for the trust (for example a lawyer or accountant) setting out the verification information that you require. 36.In relation to the settlor(s) and any protector(s) of the trust, the verification must be on the basis of data, documents or information from a reliable and independent source: 17 • For a settlor or protector that is a legal person, you may be able to utilise publicly available information, such as on a Corporate Register. The supervisors acknowledge that for a settlor (or protector) that is a legal arrangement, it may not be possible for verification to be on the basis of documents, data or information issued by an independent source. In such circumstances, you could utilise a copy of relevant formation documents provided by a reliable source such as the trust. • If the settlor or protector is a natural person, this could include a copy of an identity document (such as a passport) containing the person’s name and date of birth. • If you are satisfied the settlor and/or a protector are not a beneficial owner (i.e. cannot exercise ultimate or effective control over the trust) and they do not have a material impact on the overall level of risk of the trust, your verification steps for these persons could be significantly reduced. For example, for a natural person you may not need to verify their name and date of birth. 18 37.Note: Regulation 11A requires that “reasonable steps” be taken to verify the information according to the level of risk involved. In circumstances where it is not reasonable (or even possible) to verify some identity information relating to the trust and this is for a valid reason, you are not required to do so. Instead, you should record on the file your reasons for not being able to verify the required information. 15 There should be controls in your AML/CFT programme to ensure this occurs. This could include escalating decisions to a higher management level for sign off. 16 Regulation 11A(3)(a) of the AML/CFT (Requirements and Compliance) Regulations 2011 17 Regulation 11A(3)(b) of the AML/CFT (Requirements and Compliance) Regulations 2011 18 The supervisors consider that this includes a situation where a settlor and/or a protector is deceased.

8 Enhanced CDD for a trust 38.When your customer is a trust, you must conduct enhanced CDD in specific circumstances: • if you are establishing a business relationship with a trust.19 • if a trust seeks to conduct an occasional transaction or activity.20 • if a trust seeks to conduct a complex, unusually large or unusual pattern of transactions that have no apparent or visible economic or lawful purpose. 21 • you assess the trust (based on your risk assessment, the situation and your standard CDD) to present a higher ML/TF risk. 22 • if the trust is an existing customer or is conducting an occasional transaction or activity and a suspicious activity report (SAR) is required to be reported under the Act. This must be done as soon as practicable after you become aware you must report a SAR. 23 In this circumstance, the supervisors' view is that conducting enhanced CDD prior to submitting the SAR would strengthen the quality and usefulness of the SAR. 24 39.When enhanced CDD applies, you must obtain and verify the same identity information as required by standard CDD. You must also obtain and verify, according to the level of risk, information about the source of funds or source of wealth (or both) of the trust. Effective 1 June 2024 additional enhanced CDD measures may also be required within a business relationship. 25 Your AML/CFT programme must also differentiate when you will obtain and verify information relating to the source of wealth or funds of the trust, or both the source of wealth and funds.26 A risk-based approach 40.The requirement for enhanced CDD on trusts recognises the potential for trusts to be used to disguise the criminal origin of funds or the true ownership and effective control of the trust, particularly where ownership and control arrangements are sophisticated or complex. 41.While enhanced CDD is therefore mandatory for a customer that is a trust, not all trusts have the same level of ML/TF risk. For example, trusts that are geographically or financially linked to higher risk countries, or include politically exposed persons, are likely to be high ML/TF risk. 42.You are always required to obtain information regarding the trust’s source of wealth or funds (or both). 27 The steps you have taken to obtain and verify information 19 Section 22(1)(a)(i) of the Act. 20 Section 22(1)(b)(i) of the Act. 21 Section 22(1)(c) of the Act. 22 Section 22(1)(d) of the Act. 23 Section 22A of the Act. 24 The supervisors acknowledge it may not always be practicable to complete enhanced CDD prior to submitting the SAR. 25 Regulation 12AB of the AML/CFT (Requirements and Compliance) Regulations 2011 (effective 1 June 2024). 26 Regulation 15H of the AML/CFT (Requirements and Compliance) Regulations 2011 (effective 1 June 2024) 27 Section 23 of the Act.

9 regarding the settlor(s) of the trust (refer paragraphs [26] to [37] above) can be your starting point for this. Further information you could obtain includes: • the origin of the settlor’s wealth (for example inherited family wealth, accumulated business earnings, or funds from the sale of property); and/or • the source of any income that the trust is receiving or will be receiving. For example, it may be income from an underlying company or simply a monthly deposit from a family bank account. 43.You must, according to the level of risk, take reasonable steps to verify this information. The verification must be done using data, documents or information from a reliable and independent source. 44.Importantly, the extent of the verification of the trust’s source of wealth and/or funds that you undertake can vary depending on the level of risk. In some circumstances where the risk is high, the extent of your verification steps must be robust. In other circumstances, if the trust poses a low ML/TF risk, your verification steps can be reduced. For example, you may determine a trust with a complex structure and varied commercial activities is of greater ML/TF risk and requires increased verification steps when compared to a simple family trust whose only asset is a family home. 45.Your AML/CFT programme should set out your PPCs for determining and undertaking the required level of verification of a trust’s source of wealth and/or funds, according to the level of risk. Your assessment of risk should be based on your risk assessment and informed by the standard CDD you have undertaken, including the information you have obtained on the nature and purpose of the business relationship and the requirements of Regulation 11A (refer paragraphs [26] to [37] above). 46.Refer to the Enhanced Customer Due Diligence Guideline for further information. Any person acting on behalf of a trust 47.You must also identify and verify the identity of any person acting on behalf of a trust, and their authority to act. A person is acting on behalf of a trust if they are authorised to carry out transactions or other activities with you on the trust’s behalf. This includes a person such as a trustee, an accountant or another person able to give instructions about the trust’s assets or transact on the trust’s account. 48.You must obtain the person’s full name, date of birth and address (if an individual), full name, entity identifier or registration number, address or registered office (if not an individual), and the person’s relationship to the trust. In some circumstances, this person may also be a beneficial owner of the trust. In other circumstances, this may be an additional person that you must conduct CDD on. When entities are appointed, for example as corporate trustee or agent, you also need to identify the individual(s)

10 representing the entity. Identification and verification of all such individuals must be to the extent required by the Act.28 49.When a trust is a customer with whom you have an existing business relationship, you must identify the identity of any new person acting on behalf of the trust. This applies when you have previously conducted CDD on the trust. You must obtain the full name and date of birth of the new person acting on behalf of the trust, and their relationship to the trust. 29 50.You must take reasonable steps, according to the level of ML/TF risk, to verify the information you have obtained, so that you are satisfied who the person is and that they have authority to act. 51.Refer to the Acting on behalf of a customer factsheet and Beneficial ownership guideline for further information. AML/CFT programme 52.Your procedures, policies, and controls for CDD must be documented in your AML/CFT programme. This should include how your business will determine the applicable level of CDD required, and what you will do if you are unable to conduct CDD. 28 Section 16(1) of the Act. 29 Section 18(3) of the Act. Note also Part 19 of the AML/CFT Class Exemptions Notice 2018. This provides an exemption from the requirement to conduct CDD (under s18(3) of the Act) on a person acting on behalf of a customer by electronic means, subject to certain conditions and a written agreement between the reporting entity and the customer.

11 Version History April 2013 Original version July 2019 Removal of the word “or” in paragraph (b) under “Introduction” to reflect wording of section 11 of the Act. Updating legislative references to reflect amendments to the Anti￾Money Laundering and Countering Financing of Terrorism (Requirements and Compliance) Regulations 2011. May 2024 Updated following new regulation effective 1 June 2024 with additional standard CDD requirements for legal arrangements. Disclaimer: This guideline has been produced by the AML/CFT supervisors under section 132(2)(c) of the Act. It is intended to assist reporting entities to understand their customer due diligence obligations under the Act for their customers who are trusts. This guideline does not constitute legal advice. Where AML/CFT guidance material is referenced, it can be accessed at the following websites: Department of Internal Affairs http://bit.ly/2gQ3Iev Reserve Bank of New Zealand http://bit.ly/2n6RYdp Financial Markets Authority https://bit.ly/3fjcKlD