Published on the 27/09/2018 | Written by Heather Wright
New AML requirements will place new demands on Kiwi businesses…
New anti-money laundering legislation for companies including lawyers, accountants and real estate agents, is forcing regulation on the respective industries, but it shouldn’t add a burden of additional IT costs.
Darren Howells, principal adviser for the AML Group regulatory services at the Department of Internal Affairs, says companies shouldn’t over-invest in technology in order to comply with the regulations, with many able to instead rely on technology already in use in their office, or even paper files.
“If you’re small and low risk, I’d be happy to see you have done a decent Google search.”
From Monday, accountants join lawyers and conveyancers (both of which came under the Act in July) in being regulated under the Anti-money Laundering and Countering the Financing of Terrorism (AML/CFT) legislation. Real estate agents will join the fray in January 2019, with businesses trading in high value goods such as jewellery, motor vehicles, boats, art and antiquities, along with sports and racing betting added in August 2019.
Banking, casinos and a range of financial service providers have had to comply with the Act since 2013, as New Zealand seeks to crackdown on the $1.35 billion in proceeds of fraud and illegal drugs that are laundered through New Zealand each year.
Key to the Act are the requirements that companies know who their customers are and report certain activities to the police, says Howells, who helped the Ministry of Justice write the new phase of the legislation and has helped the DIA write the guidance for the new legislation.
While Howells admits that the changes are big for Kiwi businesses in affected sectors – “They’ve essentially gone from being unregulated to regulated and that’s a big culture shift” – he says decent records and a little bit of application of critical thought will go a long way.
“One of the biggest things I said in phase one was don’t over-invest, and it’s the same thing I’m saying with phase two.
“My own experience is if you do your customer due diligence properly and then report the suspicious activity to the police properly, that’s pretty much 90 percent of the work done. I’m a big fan of focusing on those two basics: Know your customer and be able to report to the police properly.”
While there is a proliferation of technologies and services claiming to help with AML, Howells is wary, cautioning businesses to do careful due diligence before signing on the dotted line. He says he’s aware of products ‘that just aren’t meeting the mark’.
He notes technology hasn’t kept up with the changes in some ways, with many offerings not meeting all the required aspects of the Act.
“There’s lots of stuff out there that is very very close and I think we’ll see a tech solution in the next year or two. But we’ve still got to get that biometric element.”
Regtech, designed to help companies cope with regulation, is a growing area of technology. When the legislation was implemented for banks, many spent millions on their AML systems, rightfully so, says Howells – who has previously worked at NZ Police, the Police Intelligence, the Financial Intelligence Unit, KPMG and leading the AML team for the Reserve Bank.
However, he says he’s also seen small companies being innovative, using the technology they already have.
“You might just need a decent Excel spreadsheet and someone who knows what they’re doing. So in terms of technology, I’ve seen some absolute howlers for lots of money but I’ve also seen some really good, clean, effective products produced for next to nothing.”
He cites the example of Politically Exposed Person (PEP) checks, where companies are required to check if customers are politically exposed.
“If you’re small and you and your customers are low risk, I’d be happy to see you have done a decent Google search.
“If your customer is the local farmer down the road, he’s hardly likely to be a Mexican cartel drugs baron, but the Act says you have to check. So you know what: Do a Google check on the guy, and record the search terms you used, the data it accessed and the results.”
Medium and larger companies may however need to look at PEP checking services, ‘but again that will be very much dependent on their risk and size and complexity of their business’.
Howells recommends companies take time to get acquainted with the Go AML portal – a United Nations platform where all reporting of suspicious activity and ‘prescribed transaction reporting’ – which covers cash transactions over $10,000 or international wire transfers of more than $1,000 – must be done. FIU provides free training.
The changes place an increased requirement on companies for record keeping, with records needing to be kept for five years, and companies required to be able to produce evidence of their customers’ identity verification documents along with records showing how events were escalated.
And don’t try using the excuse, as Ping An Finance – the first company prosecuted under the legislation – did of having your physical records destroyed by the cleaner and your computer records destroyed by a computer virus. It didn’t work. The Auckland forex broker was slapped with a $5.3 million fine last year for breaching the Act.