AML/CFT obligations

Browser issue

It looks like the browser you're using doesn’t work well with our website. For a better experience, please update to the latest version of Chrome , Edge , Firefox or Safari .

Anti-money laundering and countering terrorism financing (AML/CFT)

This page explains some of the obligations reporting entities (including banks, non-bank deposit takers and some life insurers) need to comply with under the Anti-Money and Countering Financing of Terrorism Act 2009 (AML/CFT Act).

Published:

Last updated:

Reporting entities' obligations

For banks, life insurers and non-bank deposit takers, their obligations include:

assessing their money laundering and terrorism financing risk

appointing an AML/CFT compliance officer

designing, implementing and maintaining an AML/CFT compliance programme that sets out the procedures, policies and internal controls for:

vetting and training relevant staff

carrying out due diligence on their customers

monitoring customer accounts and activities

reporting suspicious activities and transactions

keeping records

continuing to monitor and manage all AML/CFT matters, among other obligations

auditing and reviewing their risk assessment and compliance programme

submitting an annual report to their AML/CFT supervisor.

Our approach to supervision

We are committed to a risk-based relationship model and outcomes focused approach in preventing money laundering and terrorism financing.

This means we allocate our resources and efforts to the areas where we see the greatest threat to New Zealand's objectives under the AML/CFT legislation. These are to:

detect and deter money laundering and the financing of terrorism

maintain and enhance New Zealand’s international reputation by adopting, where appropriate in the New Zealand context, recommendations issued by the Financial Action Task Force

contribute to public confidence in the financial system.

Criminals are getting more flexible and innovative in their efforts to launder money and avoiding detection. So, it is important our anti-money laundering responses are flexible, proportionate and cost-effective. These are the main characteristics of a risk-based AML/CFT regime.

Step 1: complete a risk assessment

A risk assessment is the first step you must take before developing a programme to address money laundering and terrorism financing risks. It involves identifying and assessing the risks your business might reasonably expect to face.

In developing your risk assessment, the AML/CFT Act requires you to consider:

the nature, size and complexity of your business

your products and services

how you deliver products and services to your customers

the customers, countries and institutions you deal with

our guidance material

any other factors in regulations.

You should consider if any of your products involve new or developing technologies that may favour customers remaining anonymous. The AML/CFT Act also requires you to look at activities like wire transfers and correspondent banking relationships (as set out in Section 29(3) of the AML/CFT Act).

Our risk assessment guideline is designed to help you conduct a risk assessment, as required under Section 58 of the AML/CFT Act.

Our risk assessment guideline

PDF | 706KB

We have also published a countries assessment guideline to help you develop risk assessment processes for countries you deal with. For example, this may be necessary when you deal with a non-resident customer or an overseas institution.

Countries assessment guideline

PDF | 455KB

Step 2: develop an AML/CFT programme

Developing an AML/CFT programme is the next step after conducting a risk assessment. It involves developing the procedures, policies and controls to manage and mitigate money laundering and terrorism financing risks.

The following guideline is designed to help you develop your programme as required under Section 56 of the AML/CFT Act.

AML/CFT Programme Guideline – 2024

PDF | 647KB

Designated business groups

You may be eligible to form a designated business group (DBG), which allows you to adopt an AML/CFT programme and a risk assessment of another group member.

To find out if you are eligible and what you need to do, see the two guidelines below. The scope guideline outlines the obligations that may be shared by members of a designated business group. The formation guideline highlights the eligibility criteria and election process when forming or joining a designated business group.

Designated Business Group Scope Guideline - 2025

PDF | 216KB

Designated Business Group Formation and Change Guideline - 2025

PDF | 215KB

Designated Business Group Notification Form - 2025

PDF | 349KB

Step 3: Annual reporting

The AML/CFT Act requires banks, life insurers and non-bank deposit takers to submit an AML/CFT annual report using our supplied report template (see below).

The Anti-Money Laundering and Countering Financing of Terrorism (Requirements and Compliance) Amendment Regulations prescribe the form and content of the annual report.

Read the amended regulations

Annual AML/CFT 2025 report template

PDF | 2MB

To download this template, Right click and Save link as to your computer.

Note: This PDF template has been formatted for data extraction. This means the template may need to be opened in Adobe or a similar software - and not through an internet browser.

Forms instructions

Do not upload handwritten, scanned or signed forms. Include your unique code on the last page in place of a signature. Return your forms to us in typed PDF format. We have emailed instructions on how to submit completed forms to your AML Compliance Officer. If you have not received the instructions, email us as soon as possible at amlcft@rbnz.govt.nz

We have recently updated the annual report user guide to reflect the 2018 amendments to Schedule 2 of the Anti-Money Laundering and Countering Financing of Terrorism (Requirements and Compliance) Regulations 2011.

User guide for the annual AML/CFT report - updated June 2021

PDF | 715KB

Reporting suspicious activity

The role of the New Zealand Police Financial Intelligence Unit (FIU) is to receive and analyse suspicious activity reports (SARs) and publish the National Risk Assessment as well as other guidance material.

You must report all suspicious activities and transactions to the FIU via its internet platform ‘goAML’. You will need to first register for a username on the website.

Go to the goAML website

Once logged into goAML, you can access several relevant documents including:

user instructions on how to correctly submit an SAR report or an additional information file

the security features of goAML.

The FIU has published a suspicious activity reporting guideline to help you comply with suspicious activity reporting obligations from 1 July 2018.

Suspicious Activity Reporting Guidelines

You can access more guidance and e-learning training by choosing the ‘?’ icon on the blue task bar on the FIU web page. You can also find out how to register a new entity or a new user for an existing entity. The New Zealand Police website also has the goAML schema, which may be updated from time to time.

GoAML – Financial Intelligence Unit reporting tool

More information on the Financial Intelligence Unit (FIU)

Related content

Financial stability

Find out how and why we ensure financial stability in New Zealand through monitoring, identifying and managing risks and access our six-monthly Financial Stability Report.

How we oversee banks

This page outlines our powers under the Reserve Bank of New Zealand Act 1989 (the Act) to register and supervise banks. It also provides information on bank registration and use of the word bank.

Overview of non-bank deposit takers regime

This page explains the role of non-bank deposit takers in the finance system. It details their obligations under the Non-bank Deposit Takers Act 2013 (the NBDT Act), including the role of trustees and trust supervisors as well as the various founding documents.

How we regulate insurers

This page is about the legislation and regulations for the New Zealand insurance sector that we administer. It also provides the standards for licensed insurers that we regulate.

How we enforce regulations

This section provides information on how we use our enforcement function to ensure the entities we regulate comply with regulations. Find out how to report misconduct of a regulate entity, how to identify businesses we regulate and learn about restrictions on use of the words 'bank' and 'insurance'.