New Zealand Law Society - Internal Affairs develops AML/CFT identity verification guidance

Internal Affairs develops AML/CFT identity verification guidance

This article is over 3 years old. More recent information on this subject may exist.

The Department of Internal Affairs has published guidance for complying with AML/CFT verification requirements during COVID-19 Alert Levels.

The guidance is for reporting entities under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act) during COVID-19 Alert Levels.

"While New Zealand is subject to COVID-19 Alert Levels, reporting entities will be changing the way in which they conduct their business. At COVID-19 Level 4, only those reporting entities providing essential services are able to continue to operate at their premises, and must operate in a way that limits the risk of the spread and transmission of COVID-19, with limited interactions with customers," the department says.

"It is anticipated that during the COVID-19 Alert Levels, reporting entities may still need to establish new business relationships or conduct occasional activities or transactions (‘new activities’) for new customers. However, we expect that the volume of new business relationships established during this period to be lower than normal. A core component of establishing new activities is verifying a person’s identity.

"Where a person’s identity cannot be verified face-to-face because they cannot provide original identity documents, the AML/CFT Act contains various provisions:

A) Delayed verification provisions for new business relationships

The existing delayed verification provisions in sections 16(3) and 24(3) of the AML/CFT Act enable a reporting entity to establish a business relationship with a customer, but delay the verification component of CDD until later, subject to the following conditions:

(1) it is essential not to interrupt normal business practice; and

(2) money laundering and financing of terrorism risks are effectively managed through procedures of transaction limitations and account monitoring or (if the reporting entity is not a financial institution) through other appropriate risk management procedures; and

(3) verification of identity is completed as soon as is practicable once the business relationship has been established.

This means a new business relationship with a customer could be established and funds credited into a facility, provided that verification is completed as soon as practicable after COVID-19 Alert Levels have been lifted.

Reporting entities need to consider how to effectively manage money laundering and financing of terrorism risks during this time. Supervisors expect reporting entities that are continuing to operate and establish new business relationships would implement transaction limitations, i.e. limited transfers or withdrawals until verification requirements were completed.

B) Amended Identity Verification Code of Practice 2013 (IVCOP)

The IVCOP does not restrict reporting entities to verifying a person’s identity via face-to-face means only:

  • Under Part 3 of IVCOP, reporting entities can offer electronic verification options. This requires no face-to-face contact with the customer. It is important to note that under IVCOP, additional measures, eg, requiring the first credit into the facility from a New Zealand registered bank in the same name as the new customer, must be implemented where the electronic verification option does not contain a linking mechanism. (The IVCOP provides that where an electronic source does not have a mechanism to link the customer to their claimed identity (whether biometrically or otherwise), a reporting entity must apply additional measures to ensure the person being dealt with online is the genuine holder of the identity they claim to be.
  • Under Part 1 of IVCOP, a reporting entity must also have exception handling provisions for circumstances where a customer is unable to provide their original identity documents. With COVID Alert Levels in place, this is a time when exception handling measures would be suitable. Appropriate risk-based procedures must be adopted, this may include utilising the delayed verification provisions above if establishing a new business relationship.

It is also important to be aware that in this challenging environment, reporting entities should remain vigilant as criminals may try to target their products and services. Reporting entities must continue to effectively manage money laundering and financing of terrorism risks, and report suspicious activities where required to do so in accordance with the AML/CFT Act.

If any further assistance on specific scenarios is required, reporting entities should contact their AML/CFT Supervisor.