FREE Compliance Tools
AML Audit - New Zealand Business Entities
An AML Audit should be considered an investment to strengthen your firm’s brand value. We are a team of anti-money laundering compliance professionals with 10+ years of experience to ensure a quality AML audit. As a unique offering, we provide your business with FREE compliance tools designed to increase your AML/CFT compliance knowledge.
What is an AML Audit?
An AML/CFT audit is required under Section 59(2) of the Anti-Money Laundering and Countering Financing of Terrorism Act (AML/CFT Act). Regulations require the audit occur at least every 3 years (unless directed otherwise by the AML/CFT Supervisor).
AML/CFT Supervisors, being the Department of Internal Affairs, the Reserve Bank of NZ and the Financial Markets Authority, have collectively issued an AML/CFT Audit Guideline. The Guideline sets out how to plan for an AML audit and what reporting entities should expect to achieve from the outcomes of an AML/CFT audit.
Ultimately an AML/CFT auditor will review the methodology applied to the risk assessment and determine whether the written risk assessment reasonably informs on the areas of business with higher exposure to facilitating money laundering or terrorism financing. This may relate to the characteristics of products or services, customer or client types, the geographies dealt with, the method used to distribute products (ie, via internet or face-to-face) and finally, the nature, size and complexity of the business itself. The AML360 quality brand is delivered with affordability.
What will an AML/CFT Audit focus on?
An AML audit will examine the written AML/CFT business risk assessment and programme. The AML Auditor(s) will also test the procedures and controls that the AML programme relies on to achieve AML/CFT policy and regulatory objectives.
The AML Auditor will examine business records and systems that support your AML/CFT programme and risk assessment.
The AML Compliance Officer will be interviewed and most likely the AML Senior Manager. Other staff may also be interviewed. The interviews assist the AML/CFT Auditor to understand business operations and the knowledge level of staff that manage AML/CFT business operations.
At the conclusion of examining business records, systems and procedures, the auditor will set out the written observations and findings in a formal report. The findings and observations will confirm the auditor’s opinion on whether the business has met AMLCFT compliance objectives during the audited period.
Where the AML/CFT auditor has identified weaknesses, they should also provide recommendations on how to bridge those weaknesses.
All decisions made by the business with regards to the AML auditor’s recommendations, should be recorded in writing. This assists AML/CFT Supervisors and the follow-up audit, to understand the rationale of decisions made.
What happens if a business fails an AML/CFT Audit?
If the AML/CFT Auditor’s opinion is that the principles of the AML/CFT Act have not been met, the AML/CFT Auditor will provide reasonings to justify their opinion.
You should expect the AML Auditor’s Report to include recommendations to strengthen AML/CFT compliance.
Does an AML/CFT Auditors findings of Non-Compliance mean a regulatory breach?
No. The AML/CFT Auditor’s opinion is not confirmation that an AML/CFT breach has occurred. Only the Court’s can confirm a breach of AML/CFT regulatory obligations.
Does a business have to implement the AML/CFT Auditor's Recommendations?
No. The business must however consider the AML/CFT Auditor’s recommendations.
There is no obligation for a business or Anti-Money Laundering Compliance Officer to accept or implement any or all recommendations. However, in order to meet regulatory expectation of AML/CFT Supervisors, a written record must be maintained to evidence the decision-making process and outcomes.
What if AML Audit recommendations have a high cost to implement?
It is unlikely that AML/CFT audit recommendations would result in high cost to a business. Business can use methods of compliance that meet their budget restraints.
As the AML/CFT risk-based laws focus on regulatory outcomes, the means for a business to achieve the outcome is at their discretion.
So long as the regulatory objectives or AML/CFT regulatory outcomes are met, a business can use processes or procedures that meet the nature, scale and complexity of the business.
As each business is unique in nature, size and complexity, AML/CFT laws recognise the business is in a better position to make decisions about business operations.
As an example, any recommendations for AML/CFT Transaction Monitoring will not include an expectation for the business to implement AML/CFT Transaction Software.
It is for the business to decide how it will ensure regulatory objectives are met.
What is the cost of an AML/CFT Audit?
The cost of an AML/CFT Audit will depend on a number of factors including whether the firm wishes to proceed with a ‘limited’ or ‘reasonable’ assurance audit.
AML/CFT Supervisors have advised they will place greater confidence in AML/CFT Audits that are performed at the ‘reasonable’ assurance level. This is due to auditors committing greater resourcing and testing to inform ‘reasonable assurance’ audits.
As a guidance only, small business should expect a limited assurance audit to have a fee of around $1,500.