FMA Issues Warnings

The FMA issued its AML/CFT 2018 Annual Monitoring Report (published April 2019) that covers the period 1 July 2016 to 30 June 2018. We recommend that all reporting entities read this as the same issues will be found across all segments covered by the AML/CFT regime. FMA Issues Warnings

Findings

The Act came into full effect on 30 June 2013. We therefore expect REs to be fully aware of their obligations, and to have implemented adequate and effective policies, procedures and controls to ensure compliance with the Act and regulations. Although REs have made good progress in meeting their AML/CFT obligations, there are still a number of areas that require attention.

During our interactions with REs the following issues were highlighted, and should be addressed by management and boards:

  • AML/CFT programmes that have not been reviewed and updated to align with the business’s current practices, have not been updated for two years, do not include politically exposed person (PEP) check processes, refer to other jurisdictions’ legislation, do not specify how customer activities and or transactions are monitored, do not provide staff with specific criteria to consider when reviewing potential suspicious transactions, etc. AML/CFT risk assessments that are not updated when changes in risks occur (including country risk changes, new products being added, substantial new client databases being added), are too complex for the size and nature of business, refer to outdated legislation, do not consider the likelihood of business being used for

  • ML/TF, etc. Customer due diligence (CDD) including enhanced CDD (ECDD) and ongoing CDD and account monitoring remains problematic for REs. More and more REs are using electronic identity verification to verify customers, but we noted a number of deficiencies with their AML/CFT programmes in this regard. REs are also not conducting ECDD when required and account monitoring systems are still not fit for purpose.

Enforcement actions

During the review period, 18 formal warnings (including one public warning) were issued under section 80 of the Act, for significant breaches of the Act. Warnings are made public to deter other REs from engaging in similar activity. The determination of whether to make a warning public is largely driven by the number and severity of the RE’s breaches.

Reasons for the warnings included the following:

  • Not meeting key obligations in risk assessments and/or the AML/CFT programme.

  • Failing to take reasonable steps to determine whether a customer or any beneficial owner is a politically exposed person.

  • Only performing account monitoring on accounts in excess of US$100,000.

  • Failing to report suspicious transactions to the FIU.

  • Failing to have independent audits of risk assessment and AML/CFT programmes performed every two years.

  • Failing to submit an annual AML/CFT report to the FMA by the 31 August deadline.

  • Failing to provide the FMA with copies of independent audit reports when requested.

Where REs engage in conduct that constitutes a civil liability act, or do not take appropriate corrective action, civil or criminal enforcement action may be taken under the Act. This may result in (but not be limited to) the imposition of:

  • civil penalties of up to $200,000 in the case of an individual, or $2 million, in the case of a body corporate; and

  • criminal penalties of imprisonment for up to two years or a fine of up to $300,000 in the case of an individual, or

  • $5 million in the case of a body corporate.

Future focus

REs have had more than five years to familiarise themselves with their obligations in terms of the Act, and we expect to see more mature policies, procedures and controls in place.

Our future monitoring activities with REs will therefore include more desk-based and on-site monitoring visits, and an increased focus on reviewing independent audit reports. This will result in more in-depth reviews of areas such as client on-boarding and account monitoring processes. To assist us in performing these operational reviews we will interact more with the frontline staff who perform these tasks, to assess their understanding of their obligations.

We expect REs to consider the findings and observations

in this report and, where required, update their AML/CFT policies, procedures and controls to ensure compliance with their obligations. We will continue to investigate suspected non-compliance and take appropriate enforcement action consistent with the FMA’s enforcement policy. This will include giving more consideration to publishing the outcomes of formal warnings we issue.

 

 

 

NationalDean Crowle