Through our specialised experience, our goal is to help you navigate AML/CFT rules more easily. We don’t just check if you are doing things right; we will give practical tips to help save time and ensure you are on track with the rules. 

With that in mind, our auditors have compiled a list of the top four areas of AML/CFT non-compliance identified in 2023, along with practical tips to help you steer clear of these issues. Take a moment to review the list and consider making the suggested adjustments if they relate to your business.

Top four areas of AML/CFT non-compliance in 2023

1. Breaching IVCOP 2013. Some reporting entities are unaware if they have adopted the Amended Identity Verification Code of Practice 2013 (IVCOP) despite their documents saying they do. Furthermore they are unaware of and not following the prescribed parts of ICVOP.

Strategi tip: 

• Read and be familiar with IVCOP: https://www.fma.govt.nz/assets...
• Make sure your compliance programme describes IVCOP and the processes your business follows to adhere to the recommended best practice. This includes mentioning the prescribed parts of ICVOP e.g., attestation and verification of valid secondary IDs. 
• Include ICVOP in your training programme so relevant staff are aware of what IVCOP is and what processes they need to follow to adhere to it. This should apply to all new staff and be included in annual AML/CFT refresher training.

2. AML/CFT training. While most reporting entities conduct AML/CFT training, some are inconsistent with record keeping i.e., making note of the training. 

Strategi tip:

• The Supervisors expect to see detailed information about training so set up a spreadsheet, calendar or whatever works best for your business for recording purposes. Include this as a mandatory step in the process in your compliance assurance programme and make sure it includes what the training covered, when it took place and who attended.

3. Country risk. Many reporting entities do not have sufficient risk methodology in place. For example, when they say, “Australia is low risk” or “China is now low risk” they do not explain why they believe those countries are low risk.

Strategi tip:

• Use the website www.knowyourcountry.com as a resource to help with the justification of your risk assessment and make note of this website in your compliance programme. We suggest creating a ‘Country Risk Assessment’ table and include a column for each country to describe/justify your risk assessment.
• Note: the Supervisors also expect to see your assessment of New Zealand too so don’t leave that out.

4. Guidance materials. Most reporting entities do a great job of reading new guidance materials but they are not making note of the fact they have read each new document as it is published. It is important to do this as it shows the Supervisor that you are keeping up to date with all published guidance material.

Strategi tip:

• Include a section in your compliance programme that refers to guidance materials and update it each time a new document is published. Include the name of the document, when it was published, what is applicable to your business and what you are doing to adhere to the guidance. Even if it is not applicable to your business it is still recommended that you make note of the document to show you have read it.

Let our team know if you have any questions about any of the points raised in this article and get in touch to book your 2024 audit.