The three AML/CFT supervisors have released Audit Guideline for risk assessment and AML/CFT programme.
The guidance aims to help reporting entities understand the AML/CFT audit requirements in terms of the Anti-Money Laundering and Countering of Financing of Terrorism Act 2009, and to undertake an effective and credible audit of their risk assessment and AML/CFT programme.
The three supervising bodies are the Reserve Bank of New Zealand, Financial Markets Authority, and Department of Internal Affairs (for legal services providers).
The guideline notes that the Act does not specify how audits of risk assessments and AML/CFT programmes are to be conducted. It says it provides an overview of matters to consider when arranging such an audit.
The guideline is structured in three parts. The first outline obligations under the Act, the second what needs to be known before planning for an audit commences, and the third looks at the audit process, including choosing an auditor.
All reporting entities are required to have an audit of their risk assessment and AML/CFT programme conducted by an appropriately qualified and independent individual every two years, and to keep adequate records of the audit.
The AML Supervisor’s guidance is relevant to all lawyers who are Reporting Entities (REs).
However, in addition, lawyers will need to consider issues related to legal professional privilege, client confidentiality and permitted disclosures when undergoing an audit. An AML/CFT audit under s59(2) is required to focus on the RE’s Risk Assessment and its AML/CFT compliance programme and may only touch on a firm’s activities captured under the regulatory framework.
Given the limited scope of an AML/CFT audit, lawyers should carefully consider what information it is appropriate to provide to an independent auditor in light of obligations of privilege and confidentiality, and whether there is any suspicious activity report information (which may not be disclosed to auditors, because of section 46(2)). The Law Society intends providing further guidance to the legal community on this topic, in collaboration with the Department of Internal Affairs.
Under the auditing provisions, there appears to be no barrier to lawyers entering reciprocal arrangements to act as auditors. This is subject to the proviso that any lawyer-auditor must be suitably qualified and able to demonstrate their independence as required under the Act. The joint Supervisor’s Audit Guideline and FMA’s Getting the best outcome from your AML/CFT Audit discuss the independence and qualification requirements.