New Zealand Law Society

Navigation menu

Phase 2 of the AML/CFT Act: Practical implementation considerations for lawyers

31 March 2017 - By Rebecca Caird

On 13 March 2017 the Ministry of Justice introduced the Anti-Money Laundering and Countering Financing of Terrorism Amendment Bill to Parliament This is the next step in the introduction of the Phase 2 anti-money laundering and countering financing of terrorism (AML/CFT) reforms, which will extend the ambit of the AML/CFT Act 2009 to lawyers, as well as a number of other entities such as accountants, real estate agents and high value goods dealers.

Of the Phase 2 entities to be captured, it is proposed that lawyers will be the first cab off the rank, with AML/CFT obligations taking effect no later than 1 July 2018.

This article sets out key compliance obligations and outlines some practical considerations relevant to the implementation of those obligations.

Legal services captured

It is proposed that lawyers will be captured as a “designated non-financial business or profession” if they carry out specific activities. These include:

  • providing various trust and company services (acting as a formation agent or nominee director/shareholder, providing a registered office/business/correspondence address for clients),
  • conveyancing activities, including engaging or giving instructions on transactions for any persons in relation to buying or selling of real estate or businesses,
  • managing or arranging client funds, accounts, securities, or other assets,
  • engaging in or giving instructions in relation to transactions for customers related to creating, operating, and managing legal persons and other legal arrangements.

These specified activities are broadly framed and potentially capture a wide range of activities. As a threshold issue, lawyers will need to assess the different areas of their practice to determine if and how they may be captured. For example, transactional lawyers may be captured under one or more of the activities above whereas a client instruction that involves provision of a purely advisory opinion may not. This will be crucial for lawyers in determining how to structure their compliance regime.

What obligations will apply to lawyers?

Lawyers will be subject to the same obligations as existing reporting entities. These include:

  • appointment of an AML/CFT Compliance Officer,
  • preparation and maintenance, including regular review, of an AML/CFT written risk assessment and compliance programme,
  • conducting customer due diligence (CDD), including ongoing CDD,
  • monitoring transactions for unusual behaviour and reporting any suspicious activity to the Police Financial Intelligence Unit (FIU),
  • filing prescribed transaction reports (in relation to domestic cash transactions over $10,000 and international wire transfers over $1,000) to the FIU,
  • filing an annual report with their AML/CFT supervisor,
  • arranging an independent audit of AML/CFT documents and procedures every two years.

Appointment of AML/CFT Compliance Officer

A reporting entity must appoint an AML/CFT compliance officer to administer and maintain the AML/CFT programme. This must be an employee – unless the reporting entity does not have any employees – who is or reports to a senior manager of the reporting entity.

Risk Assessment

The first step in establishing an AML/CFT compliance regime is the preparation of a written risk assessment. The risk assessment must identify and assess the risks that the business reasonably expects to face from money laundering and financing of terrorism (ML/FT) across a number of specific business areas (s 58 of the AML/CFT).

The risk assessment will also need to take account of any sector risk assessment issued by the supervisor and typologies identified in the FIU’s National Risk Assessment. While a sector risk assessment has not yet been published, it is likely that this will draw from international guidance issued by the Financial Action Task Force (See Money Laundering and Terrorist Financing Vulnerabilities of Legal Professionals, June 2013).

Compliance Programme

The Compliance Programme must set out “the internal policies, procedures and controls necessary to detect [ML/FT] and to manage and mitigate the risk of it occurring” (Par 5 of the AML/CFT Programme Guideline issued by the supervisors). This will typically be a written document that summarises each applicable obligation under the AML/CFT with commentary on how, practically, that obligation is satisfied by the reporting entity. Lawyers should consider whether existing procedures – for example, staff vetting and record-keeping – need to be adjusted to take into account AML/CFT requirements.

Senior managers, the AML/CFT Compliance Officer and all staff engaged in AML/CFT related duties must undertake AML/CFT training. Law firms will need to determine whether training requirements apply to all staff or staff within particular roles. For larger law firms, this may include not only legal staff but staff involved in accounting or finance roles. Training also needs to be tailored – staff more heavily involved with AML/CFT duties should receive a higher level of training than others.

Supervisors have recently focussed on Phase 1 reporting entities’ management and governance oversight of AML/CFT matters and on entities’ procedures for monitoring and managing AML/CFT compliance. Phase 2 entities should include robust controls in the programme for how they monitor AML/CFT compliance, such as requiring staff to confirm their compliance, internal testing of CDD and monitoring activities by the AML/CFT Compliance Officer or engagement of external third parties to conduct testing.


Under the Financial Transactions Reporting Act 1996, lawyers are subject to existing obligations to verify identity of clients in limited circumstances. Lawyers involved in e-dealing conveyancing transactions through Landonline are also required to verify the identity of clients. Customer due diligence under the AML/CFT is more extensive than the existing obligations and will apply in a wider range of circumstances – such as the ones listed in “Legal Services captured” above. It includes CDD on any individual that are “beneficial owners” of a client (see s 5 of the AML/CFT and the Beneficial Ownership Guideline issued by the supervisors).

CDD for low-medium risk individuals is generally conducted in accordance with the AML/CFT Amended Identity Verification Code of Practice 2013, which differs slightly to e-dealing standards – for example, a driver’s licence alone is insufficient proof of identity. In addition, lawyers will need to develop procedures for identifying “high-risk” clients to whom Enhanced CDD must be applied. Enhanced CDD requires verification of the customer’s source of funds and wealth and notably applies to all trusts, whether or not that trust is classified as high risk.

Practically, lawyers will need to develop procedures, taking into account the particular services they offer, to ensure CDD is conducted at the appropriate time, including when services or instructions change, for example, an overseas client seeks an opinion on regulatory requirements for New Zealand land purchases and then proceeds to instruct the lawyer on a specific land acquisition transaction. CDD obligations will arise in respect of any new clients to whom captured services are provided and may also arise in relation to existing clients.

Transaction monitoring

While the Financial Transactions Reporting Act imposed requirements on lawyers to report suspicious transactions, lawyers should expect increased scrutiny in this area. Under the AML/CFT, reporting institutions must conduct ongoing CDD and account monitoring to ensure that the business relationship and transactions with a client are consistent with knowledge of that client and are not suspicious.

This obligation will require lawyers to consider first which transactions would be considered unusual in the context of their practice, and secondly to develop monitoring systems to identify such transactions with clear review and escalation procedures for any transactions identified. In all cases, it is likely that transaction monitoring will involve a combination of client-facing staff being alert to unusual customer behaviour as well as monitoring funds flows through law firm trust accounts.

Lawyers will need to consider whether existing regulations under the Lawyers and Conveyancers Act (Trust Account) Regulations 2008 provide sufficient control for AML/CFT monitoring purposes or if they should be supplemented by additional checks.

In our experience, early engagement on AML/CFT compliance obligations can result in a reporting entity more efficiently and effectively incorporating AML/CFT processes into their existing procedures and can reduce the compliance burden long-term.

Rebecca Caird ( is employed by AML Solutions, a specialist AML/CFT consultancy which was established in 2012 and has assisted over 500 reporting entities with their AML compliance programmes or audits.

Last updated on the 31st March 2017