The Department of Internal Affairs (DIA) is the supervisor of lawyers under the Anti-Money Laundering and Countering Funding of Terrorism Act 2009.
As part of its supervisory role, the DIA may review a lawyer’s risk assessment and programme. Desk-based reviews can be carried out under sections 131 and 132 of the AML/CFT Act and are aimed to be completed within one month. Desk top reviews are not an assessment of the implementation or effectiveness of a practice’s AML/CFT programme - that would be carried out in an on-site inspection.
Section 58 of the Act requires a reporting entity to undertake a risk assessment of the risk of money laundering and the financing of terrorism that it may reasonably expect to face in the course of running its business.
Section 56 requires a reporting entity to establish, implement and maintain an AML/CFT programme to detect money laundering and financing of terrorism and to manage and mitigate the risk of money laundering or the financing of terrorism. Your AML/CFT programme must meet all the requirements specified in section 57 of the Act.
The programme review will assess compliance with:
DIA has said that attention will be paid to the following:
When a practice is contacted by the DIA after having been selected for a desk-based review, the DIA will provide the practice with a documentation checklist that details the documents and records (under section 132(2)(a)) that it requires to sight. The documentation includes:
The DIA has indicated that it wishes to work in collaboration with law practices, which includes helping practices understand and meet their obligations. As part of the review, the DIA will be reviewing the above documentation to check policies and processes are in place for:
In relation to risk assessments and compliance programmes, a focus will be on whether the law firm has tailored these to the individual circumstances of the practice. This includes evidence of an analysis of the particular AML risks which are typically associated with the different services the firm is offering and a detailed break-down of a firm’s client base to identify risk in that regard (for example, identifying clients with cash intensive businesses or high risk industries or occupations, overly complex corporate structures, trusts and other legal arrangements which favour a degree of anonymity, or potentially politically exposed people (PEPs)).
It will assist the DIA if the risk assessment and programme documentation includes version control information reflecting the ‘living’ nature of the documents.
At the completion of the review the DIA will provide the practice with a report detailing its findings. The practice will be provided with the opportunity to correct any factual errors in the report. If non-compliance is found, the DIA may decide to work with the practice to remedy the non-compliance, or take enforcement action as set out in Part 3 of the Act.
All practices should already have the policies, procedures and risk assessment in place. If you wish to review your documentation in line with the requirements and any changes in the practice, guidance on what needs to be considered/included is available on the DIA website.
The New Zealand Law Society has published a Practice Briefing Preparing for becoming a reporting entity under the AML/CFT Act.
While the DIA has signalled it will be taking an educative approach in the first instance it is worth bearing in mind that it can be an offence under section 102 to wilfully obstruct an AML/CFT supervisor in the exercise of any power and an offence under section 103 to provide false or misleading information to an AML/CFT supervisor, knowing that information to be false or misleading in any material respect. The maximum penalty for committing these offences is 3 months imprisonment or a fine of up to $10,000 for an individual or a fine of up to $50,000 for a body corporate.
In a High Court decision relating to phase 1 of the legislation, Department of Internal Affairs v Qian DuoDuo Ltd [2018] NZHC 1887, Qian DuoDuo was ordered to pay $356,000 to the DIA for:
The judgment highlighted deficiencies in relying solely on external advice from a consultant that may not know or understand the business model that applies to your practice.