Accountancy Sector Regulatory Findings
3 June 2020
This year the Department of Internal Affairs (the Department) AML Group released a Regulatory Findings Report (PDF, 1MB) for the twelve months ended 30 June 2019. We have subsequently had requests from businesses for feedback on the specific areas their sectors are getting right and what needs to be improved.
This article summarises the Department’s findings for the accountancy sector from its desk-based reviews and on-site inspections undertaken from January 2019 to January 2020.
Top 5 “compliant” areas
Review of AML/CFT programme
A business must review its AML/CFT programme to ensure it is current, identify any deficiencies in its effectiveness and then make changes as necessary. Many accountants have adequate procedures and policies for reviewing the AML/CFT programme.
We check to see if you have a process for review, who is responsible for undertaking reviews and how often this occurs. We see best practice as having effective version control. This allows you to keep track of your review procedures and see what and when changes have been made.
Compliance Officer
Another area that businesses are getting right is the compliance officer role. Under the Anti-Money Laundering and Countering Financing of Terrorism Act (the Act), a reporting entity must appoint someone to be the compliance officer. This is an important role as the compliance officer has responsibility for administering and maintaining the AML/CFT programme.
We check that you have appointed someone to this role and look at whether they are an employee who reports to a senior manager. If you are a sole practitioner, we expect you to be the compliance officer in most situations.
Regard to applicable guidance material
We found that most accountants have considered guidance material produced by the AML/CFT supervisor and the Financial Intelligence Unit (FIU). This includes the New Zealand National Risk Assessment (PDF, 488KB) and the Accounting Sector Risk Assessment (PDF, 1MB). These documents assist you to understand the types of money laundering or terrorism financing risks your business may face.
When undertaking a compliance review, we check to see if you have considered these documents in your risk assessment and in developing the policies and procedures for your AML/CFT programme.
Suspicious activity reporting
Reporting suspicious activity is a cornerstone of the AML/CFT regime. We check your AML/CFT programme carefully to ensure that it has effective policies, procedures and controls to meet this requirement.
We check whether your AML/CFT programme covers the required reporting timeframes, who is responsible for submitting the reports and how you ensure there is no “tipping off”. We also check whether you are registered for goAML, the FIU’s online portal for submitting suspicious activity reports.
Keeping risk assessment current
Most accountants have policies, procedures and controls for keeping their risk assessments current.
Keeping your risk assessment current involves regular review to identify deficiencies and then making changes as necessary. It also means staying informed on new or emerging money laundering and terrorism financing typologies and adjusting your risk assessment when this is relevant to your business.
Top 5 “non-compliant” areas
Wire transfer provisions
The Act contains requirements relating to information that must accompany a transfer of funds by electronic means. This ensures that a business passes on, or receives, information relating to the Originator and Beneficiary of every transfer of funds. Wire transfers present a high risk of money laundering which is why these requirements exist.
There are different parties to wire transfers; the Originator, the Ordering Institution, any Intermediary Institution, the Beneficiary Institution and the Beneficiary. Businesses should ensure they understand the relevant obligations when they are an Ordering or Beneficiary Institutions of a wire transfer. If a wire transfer is international, there is a further requirement to submit a Prescribed Transaction Report (PTR) to the FIU.
Some accountants have not demonstrated an understanding of what is required if they are an Ordering or Beneficiary Institution of a wire transfer.
If you don’t have a trust account, or do not make wire transfers on behalf of your customer, this should be stated in your AML/CFT programme.
For more help on wire transfers, please see our Wire Transfers Guideline (PDF, 153KB).
Examining and keeping written findings, and adopting additional measures, for dealing with countries with insufficient AML/CFT systems
An AML/CFT programme must contain procedures, policies and controls for monitoring, examining, and keeping written findings relating to business relationships and transactions involving countries that do not have or have insufficient AML/CFT systems in place. Additional measures should also be implemented for dealing with or restricting dealings with such countries.
We found some accountants are unsure how to determine which countries have insufficient AML/CFT systems or how to apply these requirements. In practice, the Financial Action Task Force (FATF) list of high-risk and other monitored jurisdictions should assist your AML/CFT programme relating to countries with insufficient AML/CFT systems.
It is important to also note the money laundering and terrorism financing risks associated with a country is wider than whether it has insufficient AML/CFT systems in place. For example, it includes whether it has high levels of organised crime, bribery or corruption, or is known as a tax haven, or whether it borders a conflict zone or is associated with the production or transnational shipment of illicit drugs. For more information on country risk, please refer to the Countries Assessment Guideline.
Annual Report
You must submit an annual report to your AML/CFT supervisor. This report must be in the prescribed form and submitted at the time appointed by the supervisor. The annual report is usually due between 1 July and 31 August to cover the preceding twelve months until 30 June.
We review whether your AML/CFT programme includes your annual report requirements and whether you filed your last annual report on time. During an on-site inspection we may also check the content of your annual report to see that the data is accurate and reflects what we find during an on-site inspection.
Monitoring compliance AML/CFT programme
You are required to monitor your compliance with your AML/CFT programme. The procedures and controls you use to do this should be recorded in your AML/CFT programme, including your use of internal review and your independent audit requirements.
You should actively monitor your business’ AML/CFT compliance. In some businesses, the compliance officer undertakes regular spot checks on certain areas like customer due diligence to ensure policies and procedures are complied with. Other businesses have implemented a sign-off process by which each customer file is peer reviewed before business relationships are established or transactions undertaken. Whatever processes are adopted should be outlined in your AML/CFT programme.
We found that while a business’ AML/CFT programme may state that compliance with all requirements is monitored, there is no evidence this is occurring when we on-site a business. For example, there is no record or regular spot checks or a peer review sign off process being completed.
Examining and keeping written findings for large, complex and unusual patterns of transactions
An AML/CFT programme must set out how you will examine and keep written findings relating to complex or unusually large transactions and unusual patterns of transactions that have no apparent or visible lawful purpose. This requirement also applies to any other activity that by its nature, may be related to money laundering or terrorism financing. What these areas of heightened risk look like for you, including what is “complex”, “unusually large” or an “unusual pattern”, will depend on your business.
Therefore, your first step to complying with this obligation is to identify your money laundering and terrorism financing risks in your risk assessment. Your findings then need to be worked into your account monitoring procedures in your AML/CFT programme, with triggers for you to investigate further or to “examine”. Part of this examination may be to conduct enhanced customer due diligence, requiring you to obtain and verify information regarding your customer’s source of funds or wealth.
The outcome of your examination should be recorded as your “written findings”. After looking into the activity or transactions, you may conclude that the activity was not suspicious. You should record this reasoning as part of your record keeping. Keeping a register of findings for large, complex or unusual patterns of transactions is something we recommend for meeting this obligation.
The process of identifying risks, through to examining, conducting additional customer due diligence if required and keeping written findings, is an area in which some businesses are not fully compliant. This may be because businesses are seeing the various requirements of the Act as separate, whereas in fact many of the obligations overlap and reinforce each other. It is important to consider how your processes for each obligation can work together, be manageable and to protect your business from misuse for money laundering or terrorism financing.
We are finding that businesses are aware of this obligation, but they do not have a procedure or control to spot the complex or unusual transaction, investigate it or record their findings. We are also seeing highly complicated processes and procedures written into the AML/CFT programme and when we visit, there is no evidence to show the business is following its own procedures.