Lawyers need to undertake three tasks to prepare themselves for becoming “reporting entities” under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act).

The amendment bill changing AML/CFT so that its core obligations will apply to lawyers, is currently with Parliament’s Law and Order Committee.

As it currently stands, the bill provides that AML/CFT will apply to lawyers “not later than 1 July 2018”. The Law Society, however, has asked the Law and Order Committee to extend this time to “not earlier than 1 January 2019”.

Even with a 1 January 2019 deadline, a strong case can be made that lawyers should – if not now, then very soon – begin preparing for implementation.

The three tasks that lawyers can begin working on now are:

• Appoint an AML/CFT compliance officer;
• Produce a written risk assessment; and
• Establish a written AML/CFT programme.

Starting on these three tasks as soon as possible will mean that law firms spread the work over coming months.

This will reduce pressure on staff, who would prefer to be productive acting for their clients rather than working full-time on compliance activities.

It will also mean that firms are putting in place effective procedures to minimise risk, and to develop a sustainable, compliant programme.

Compliance officer

Appointing an AML/CFT compliance officer is the easiest of the preparation steps a law firm can take.

A reporting entity must designate an employee as an AML/CFT compliance officer to administer and maintain its AML/CFT programme (AML/CFT Act s 56(2)).

The compliance officer must report to the senior manager of the law firm.

In the case of a sole practice that does not have employees the practice which is a reporting entity must still appoint a person to act as its compliance officer which would in most cases be the sole practitioner.

An AML/CFT compliance officer can lead the next two steps in the process – developing a risk assessment, and establishing an AML/CFT programme. The officer can also be delegated to keep a watching brief on AML/CFT developments and the legislation including regulations as they unfold. Larger firms may also wish to appoint a deputy compliance officer to cover absences,

Risk assessment

Before conducting customer due diligence or establishing an AML/CFT programme, a reporting entity must first undertake an assessment of the risk of money laundering and the financing of terrorism that it may reasonably expect to face in the course of its business (AML/CFT Act s 56).

The well-worn cliché “one size does not fit all” is very apt in relation to this risk assessment.

A law firm’s risk assessment will be particular to that firm.

Practices with a significant number of offshore clients would, for example, have a quite different risk profile than practices whose clients are New Zealand residents.

The risk assessment must be in writing and must:

• Identify the risks faced by the law firm in the course of its business;
• Describe how the firm will ensure that the assessment remains current; and
• Enable the firm to determine the level of risk involved in relation to relevant obligations under AML/CFT and regulations.

In assessing the risk, law practices must have regard to the following:

• The nature, size, and complexity of its business;
• The services it offers;
• The methods by which it delivers its services;
• The types of customers AML/CFT uses the word “customer”] it deals with;
• The countries it deals with;
• The institutions it deals with (eg banks);
• Any applicable guidance material produced by AML/CFT supervisors or the Commissioner of Police relating to risk assessments; and
• Any other factors that may be provided for in regulations.

A Risk Assessment Guideline has been produced by the Department of Internal Affairs (DIA), the Reserve Bank of New Zealand and the Financial Markets Authority (see under Guidelines available below).

A sector risk assessment covering lawyers has not yet been published, and lawyers will need to keep a watch out for material produced by their AML/CFT supervisor. The AML/CFT amendment bill identifies the DIA as the supervisor for lawyers.

However, the Law Society, in its submissions on the bill, has recommended that the NZLS should be prescribed as the supervisor for the legal profession.

The Police’s Financial Intelligence Unit (FIU) has produced a National Risk Assessment Report and a Quarterly Typology Report.

AML/CFT programme

Law firms will need to establish, implement and maintain a written AML/CFT programme (AML/CFT Act s 56(1)).

The AML/CFT programme must include internal procedures, policies, and controls to:

• Detect money laundering and the financing of terrorism; and
• Manage and mitigate the risk of money laundering and financing of terrorism.

The programme must include adequate and effective procedures, policies and controls for:

• Vetting senior managers, the AML/CFT compliance officer, and any other employee that is engaged in AML/CFT related duties;
• Training on AML/CFT matters for senior managers, the AML/CFT compliance officer, and any other employee that is engaged in AML/CFT related duties;
• Complying with customer due diligence requirements (including ongoing customer due diligence and account monitoring);
• Reporting suspicious transactions;
• Record keeping;
• Setting out what the reporting entity needs to do, or continue to do, to manage and mitigate the risks of money laundering and the financing of terrorism;
• Examining, and keeping written findings relating to complex or unusually large transactions; and unusual patterns of transactions that have no apparent economic or visible lawful purpose; and any other activity that the law firm regards as being particularly likely by its nature to be related to money laundering or the financing of terrorism;
• Monitoring, examining, and keeping written findings relating to business relationships and transactions from or in countries that do not have or have insufficient anti-money laundering or countering financing of terrorism systems in place and have additional measures for dealing with or restricting dealings with such countries;
• Preventing the use, for money laundering or the financing of terrorism, of products (for example, the misuse of technology) and transactions (for example, non-face-to-face business relationships or transactions) that might favour anonymity;
• Determining when enhanced customer due diligence is required (see s 22 of AML/CFT) and when simplified customer due diligence might be permitted (see s 18 of AML/CFT – the circumstances when standard due diligence applies is outlined in s 14 of the AML/CFT Act);
• Providing when a person who is not the law firm may, and setting out the procedures for the person to, conduct the relevant customer due diligence on behalf of the firm and setting out procedures for this; and
• Monitoring and managing compliance with, and the internal communication of and training in, those procedures, policies, and controls.

Developing this programme will take some time and effort, and it will need to be up-and-running by the date lawyers become reporting entities under AML/CFT.

Indeed the ideal situation would be that by the time AML/CFT applies to them lawyers have begun implementing at least the following two elements of their AML/CFT programme:

• Vetting appropriate staff; and
• Training staff engaged in AML/CFT related duties.

Guidelines available

Guidelines to help organisations, including a Risk Assessment Guideline and an AML/CFT Programme Guideline have been produced by the three supervisors – DIA, Reserve Bank of New Zealand and the Financial Markets Authority.

Not only do these guidelines provide very useful information about preparing a risk assessment and an AML/CFT programme, they also point to sources of further information.

Other documents on this website may also be of use for lawyers. These include:

• A guideline on interpreting “ordinary course of business”;
• A territoriality guideline;
• A countries assessment guideline; and
• An audit guideline.

DIA has a page on its website entitled Information for Businesses.

It provides guides to help people think about how money launderers may use their business.

Of particular value to lawyers is the guide Trust and Company Service Providers.

More guides and resources are also available on the Information for Lawyers and Conveyancers page of the DIA website.

Useful resource

A very useful resource for lawyers when preparing a risk assessment and an AML/CFT compliance programme is A Lawyer’s Guide to Detecting and Preventing Money Laundering (PDF, 1.5 MB). This is a collaborative publication of the International Bar Association, the American Bar Association and the Council of Bars and Law Societies of Europe.

Among the information it contains is a list of some of the “red flags” lawyers can look out for that may suggest some criminal behaviour is involved with the funds about to be channeled through the practice.

The existence of a “red flag” may, of course, have a legitimate explanation, but international experience shows that they are something one should look out for. These “red flags” include:

• Once funds received into a trust account, the transaction is aborted;
• Client requests that deposited funds are sent to a third party or parties, rather than returned to the client;
• Client avoids personal contact without good reason;
• Unusual manner of execution – eg, the deposit of funds for the purchase price occurs unusually early in the transaction and before the purchase price is agreed between the parties;
• Amount being deposited is large compared to client’s modest income;
• Surplus funds were deposited;
• Back-to-back property transactions, which were out of sync with normal market dynamics – the purported value of each property rapidly increasing with each subsequent transaction;
• Client changes legal advisor a number of times in a short time period for no apparent reason;
• The purchase price is paid entirely in cash;
• Client has no proper identification papers;
• There is no information available about the client and his or her business;
• Purported legal documentation is too simplistic for the relevant transaction;
• Client’s connection with the jurisdiction is unclear;
• No mention of the issue by the client initially, followed by an over willingness to provide a lot of documentation; and
• Urgency in getting the deal done.

Another resource

Another useful resource is the Financial Action Task Force (FATF), an inter-governmental body established in 1989 by the ministers of its member jurisdictions (New Zealand is one). It aims to set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system.

FATF has produced two documents that are particularly designed for the legal profession. They are Money Laundering and Terrorist Financing Vulnerabilities of Legal Professionals and Risk Based Approach Guidance for Legal Professionals.

Section 3 of the latter, Guidance for legal professionals on implementing a risk-based approach, may be particularly useful.

This document also has a brief note about privilege as it applies to the legal profession.

A fourth action

Some lawyers have already taken another action – registering with goAML so they can file suspicious transaction reports (STRs).

This is a fourth action lawyers can take in preparation for the time when they become reporting entities under the AML/CFT Act.

Currently, lawyers must report any suspicious transaction when that lawyer or firm receives, in the course of their business, funds as a deposit or investment or to settle a real estate transaction. This is provided in ss 3 and 15 of the Financial Transactions Reporting Act 1996.

Certain technical requirements must be followed in filing an STR with the police. Lawyers in sole practice or law firms need to register as an “entity” and file reports electronically. Registering as an entity is simply a matter of filling out the form on the police’s FIU website.

This form is part of the FIU’s goAML platform. goAML is a reporting tool that allows rapid and secure exchange of information between the FIU, reporting entitles and law enforcement and intelligence authorities.

The confidentiality of the data collected is assured, the FIU says.

goAML Web is the prescribed method by which reporting entities submit STRs and, from 1 Nov 2017, Prescribed Transactions Reports to the FIU.

For more information on how to register and how to report a suspicious matter see, Reporting a suspicious matter.

Other activities

Once lawyers come fully under AML/CFT, there are a series of other activities they will need to do. These include:

• Conducting due diligence on customers (AML/CFT Act s 11 and ss 12-30);
• Reporting suspicious activities and keeping reports of suspicious activities (AML/CFT Act ss 40 and 41, likely to be amended by the AML/CFT Amendment Bill);
• Keeping records on transactions, identification and verification and other records (AML/CFT Act s 51, likely to be amended by the AML/CFT Amendment Bill);
• Reviewing and auditing its risk assessment and AML/CFT programme (AML/CFT Act s 59, likely to be amended by the AML/CFT Amendment Bill); and
• Providing an annual AML/CFT report to the AML/CFT supervisor (AML/CFT Act s 60).

The Law Society will provide more information about these activities closer to the time when lawyers come fully under AML/CFT.

When the obligations apply

The AML/CFT obligations will apply when a lawyer or a law firm, in the ordinary course of business, carries out one or more of the following activities:

• Acting as a formation agent of legal persons or arrangements;
• Acting as, or arranging for a person to act as, a nominee director or nominee shareholder or trustee in relation to legal persons or arrangements;
• Providing a registered office or a business address, a correspondence address, or an administrative address for a company, or a partnership, or for any other legal person or arrangement, unless the office or address is provided solely as an ancillary service to the provision of other services;
• Managing client funds (other than sums paid as fees for professional services), accounts, securities, or other assets;
• Providing real estate agency work (within the meaning of s 4(1) of the Real Estate Agents Act 2008) that involves the representation, as an agent, of a vendor or purchaser in connection with the sale or purchase, or the proposed sale or purchase, of real estate or any business; or
• Engaging in or giving instructions in relation to:
  • any conveyancing (within the meaning of s 6 of the Lawyers and Conveyancers Act 2006) on behalf of a customer in relation to the sale or purchase, or the proposed sale or purchase, of real estate;
  • transactions on behalf of any person in relation to buying or selling real estate or transferring the title in, or beneficial ownership of, real estate;
  • transactions on behalf of any person in relation to buying, transferring, or selling businesses or legal persons (for example, companies) and other legal arrangements; or
  • transactions on behalf of a customer in relation to creating, operating, and managing legal persons (for example, companies) and other legal arrangements (s 5 of the AML/CFT Act as amended by the AML/CFT Amendment Bill).