If you’re an accountant in public practice, it’s likely you’re going to be affected by phase two of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT). This Act is designed to help detect and deter money laundering and the financing of terrorism. The requirements kick in on 1 October 2018.
Accountants will need to implement internal controls, policies and procedures to identify and assess risk, know their client, and report suspicious activities.
Your first point of call should be Guideline: Accountants published by the Department of Internal Affairs (DIA). It’s designed to help you determine whether your business must comply with the Act and, if so, what you must do. DIA is the supervisory body charged with monitoring and enforcing AML/CFT compliance for all phase two reporting entities.
DIA is running a free roadshow to explain duties and obligations. Register here to take part.
You can also find AML/CFT news, information and FAQs on the DIA website.
Chartered Accountants ANZ (CA ANZ) has produced a good three page summary of the Act, along with a series of FAQs. They’ve also recently launched a series of educational AML webinars available to members ($220) and non-members ($264). The series has already started, but you’ll receive recordings of the webinars you missed.
What are your responsibilities under the Act?
I’ve summarised a quick overview of accountants’ responsibilities below:
The AML/CFT Act applies to all accounting practices that:
- Act as a formation agent of legal persons or legal arrangements
- Act, or arrange for another person to act, as a nominee director or nominee shareholder or trustee
- Provide a registered office or correspondence address (unless it’s ancillary)
- Manage client funds, accounts, securities
- Engage in, or give instructions to another person on behalf of a client in relation to, buying, transferring, or selling OR creating, operating or managing a business, legal person or legal arrangement
If you provide any of the services above, you will have to:
- Appoint an AML/CFT compliance officer
- Produce a written risk assessment
- Establish a written AML/CFT programme based on the risk assessment (and re-assess regularly)
- Perform customer due diligence (CDD). This is customer identification and verification using documents, data or information issued by a reliable and independent source. This applies to new customers, and any existing customers where there is a material change in the business relationship. It also applies when a cash transaction of NZ$10,000 occurs outside of a business relationship.
- Obtain an independent audit of your risk assessment and AML/CFT programme every two years by an independent person.
- Keep records for at least five years
You’ll also have to submit a few reports (via goAML – an online portal):
- Suspicious activity report
- Prescribed transaction report (cash transaction $10,000 or international wire transfer $1,000)
- An annual report – filed with DIA
This puts an extra burden on accountants, who will have to up-skill to be fully aware of their obligations and work with staff across the practice to implement systems and processes. You may also want to talk to a consultant, or system provider, or both. As the legislation is comprehensive, there’s not a simple ‘one size fits all’ complete solution, but there is help out there.
These service providers may be able to help
I’ve recently met with a few service providers who offer expertise, can help with upskilling, performing CDD when on-boarding clients, consult on development of risk assessments and AML/CFT programmes, and help with workflow and ongoing monitoring. Below is a handful of the many service providers and apps available. It’s by no means a comprehensive list, but I hope it’s a helpful start.
This business was founded in 2012 to provide AML assistance to companies to meet their AML legislative obligations. AML Solutions offers consulting on AML compliance risk assessments and compliance programmes. They also provide statutory AML audits, and have assisted more than 700 New Zealand reporting entities. Having worked closely with the supervisors and assisting clients from every AML sector, they are well placed to advise and train your staff and compliance officers.
AML Solutions developed the AMLHub as a result of on-going client AML struggles. This is a cloud-based portal designed to assist all compliance officers meet their own and their company’s obligations. For more information see the AML Solutions website, email email@example.com or phone 09 520 1144.
2Shakes pulls client details from NZBN, builds electronically signed engagement agreements, and captures authority to act (including IRD, ACC, Companies Office). You can then create new clients and contacts in Practice Manager/WorkflowMax through a single click integration. 2Shakes has integrated AML customer due diligence into its existing signup flow. You can see the complete company structure, identify beneficial owners/effective controllers, carry out ID verification of them – either in person, or through integrated third party electronic ID verification.
2Shakes helps you record CDD level, risk, trust information as well as a nature and purpose statement. Legislated factors for enhanced due diligence are built in. These trigger automated requests to provide source of wealth/proof of funds, which the client can upload. 2Shakes compiles your annual onboarding reporting statistics, and provides per-client CDD audit reporting. For more information see the 2Shakes website or email firstname.lastname@example.org.
Connectworks brings accountants and their clients together in a shared workspace. This allows AML/CFT information to be easily collected, verified, stored, and reported on. As a cloud-based, multi-party platform, information is entered once by the client. It’s then pushed out to the multiple different entities the client is a party to.
The tools allow accountants to perform their compliance requirements on time, with event-driven workflows, automated reminders, and full oversight for your firm. For more information, see the Connectworks website, email email@example.com or phone 0800 456 580.
Dimension GRC’s focus is to inform businesses, rather than simply to achieve compliance. It’s a compliance and business strategy system which provides both you and your customers with simple tools to gather meaningful insights. It also helps to implement effective compliance systems to manage and resolve risk and fraud.
Dimension GRC’s use of market leading analytics means customers can be sure they are managing their regulatory compliance requirements to the best of their ability . For more information, check out the Dimension GRC website, phone 021 589 559 or email firstname.lastname@example.org.
Infolog is a comprehensive data provider. It has been providing ID, location verification, wealth and funds verification to government agencies and the corporate sector for close to 20 years. Infolog believes AML measures can be performed rapidly, cost-effectively and integrated painlessly into your business, provided you can get the data you need.
Infolog offers a search portal, custom onboarding reports and ongoing change monitoring. This enables your AML auditor to quickly verify you are on top of the legislation’s monitoring requirements. For more information, check out the Infolog website, email email@example.com or ph 09 414 4001.
Verifi Identity Services
Verifi Identity Services offers Cloudcheck. This product allows users to verify the identity of their client, true ownership of the identity document and run a ‘Politically Exposed Persons’ (PEP) and sanctions check in less than four seconds. Cloudcheck can also be used in a variety of ways with little or no IT work required.
The Cloudcheck Go module allows the client to self-verify rather than the accountant collecting and entering data. If you already have a robust onboarding process for clients, this could be helpful. The pricing plans are flexible and competitive, including a client pays model. For more information check out the Verifi website or phone 0800 2 VERIFI (0800 283 743).
It’s a lot to wrap your head around, but the first step is to spend a bit of time understanding the requirements, and reviewing your current onboarding and monitoring procedures. From there, contact an expert who can help develop your AML risk programme and ongoing compliance.
In closing, remember that some service providers do not take care of everything. It’s up to you to ensure you have covered all parts of the legislation, including ongoing monitoring. The solution providers above are just a few of the many available experts. So I advise you to, if you haven’t already, take part in some training, investigate options and ask around.