The impending annual reporting deadline for Phase 2 of the Anti-Money Laundering and Counter Financing of Terrorism Act 2009 (AML/CFT) entities at the end of August, on top of completing the first round of independent auditing, is shadowed with a sense of trepidation within many in the legal profession.
To achieve compliance for a firm, practitioner, compliance officer, is no small feat. But for New Zealand, ranked first in the world in doing business last year, and regularly rated in the top three on corruption indexes such as Transparency International’s, achieving compliance is part of the bigger picture, the sum of which is a successful exercise in New Zealand’s reputation building.
While the application of AML legislation to lawyers is barely two years old, clarification has been sought where possible, including the boundaries of legal practice areas of covered activities, and the inevitably blurred lines between client confidentiality, underscored by legal professional privilege, and the obligation of disclosure.
In what may seem like uncharted territories in mitigating financial risks, legal professional privilege has been a consistent quandary for lawyers faced with suspicious activity. Where possible, the New Zealand Law Society | Te Kāhui Ture o Aotearoa has managed to provide guidance on these issues, and to continue highlighting other resources that might assist lawyers.
Auckland barrister and regulatory expert Gary Hughes recently authored an eBook entitled AML/CFT Workflow and Guidance, and says it was prepared as a detailed practical handbook rather than traditional textbook.
“We firmly had the AML Compliance Officer in mind, highlighting things that the unlucky partner or person occupying that new position really should have at their fingertips.”
Drawing on years of advising and representing Phase 1 entities, particularly in the financial and gaming sectors, Mr Hughes has “tried to put the practice of AML squarely into language that lawyers can relate to”.
“But even so, many areas of AML/CFT are not prescriptive, and never can be. Privilege questions are like that – it is heavily context specific,” he says.
“This is principles-based legislation we are dealing with. The Privacy Act or the Commerce Act and many other regimes are similar. They force people to weigh up decisions and outcomes against likely risks, and maybe to seek specific advice. Unfortunately, the statute often doesn’t provide neat yes or no answers.”
Disclosure and balance
The regulatory regime of AML compels lawyers to collect client information to mitigate the risks of money laundering or terrorist activities being financed/funneled through legal services. Activities where such risks are likely to present themselves are consequently captured by the regime. This is only a proportion of legal services, where the activity in question is considered a material risk.
Beyond this boundary is communication, as an umbrella term for conversation, advice, opinions, held sacrosanct as legal professional privilege.
“Those sort of activities may not match up neatly with the AML/CFT Act 2009 s 5 definition of ‘designated non-financial business or profession’, and therefore not captured based on the nature of its relationship,” says Mr Hughes.
Questions raised by lawyers over risk assessment and compliance are similar to dilemmas experienced by Phase 1 entities, Mr Hughes notes. Lawyers, too, battle with the little areas where the Act is deliberately not prescriptive.
“But the one true area of difference for lawyers is privilege and ethical duties of fidelity and confidentiality.
“Having to decide to report on a client, and for what aspects or activities, and selecting what information to convey, will be difficult decisions and may go against the grain of a lawyer’s training. But the Act requires it, or at least requires careful balancing of competing obligations based on what you know about the client and its activities.
“These are considerations that Phase 1 entities have simply not had to worry about. And other Phase 2 DNFBPs don’t face such dilemmas either.”
If information is truly privileged, even if the area of legal activity is captured, that does not mean that information must be reported to the Police in a suspicious activity report (SAR).
But while that privilege remains intact as a trump card over having to convey information in an SAR, much more attention is now required to the limits or exceptions to what is privileged – s 42 of the Act defines terms of what privilege is, and what it is not.
As the Law Society’s Practice Briefing on privilege, confidentiality and suspicious activities indicates, strict confidentiality must be adhered to under the Rules of Conduct and Client Care. There are limited exceptions to what client information must be held “in confidence indefinitely”. Party to this, under s 2.4 of the conduct and client care rules, is the obligation to not knowingly assist in the concealment of fraud or crime.
The fundamental importance of legal professional privilege is reflected in the AML/CFT Act by specifically excepting privileged communications under the disclosure regime. If a lawyer has reasonable grounds to believe information is legally privileged, they are not required to disclose it in compliance or reporting, such as in an SAR. The requirement for disclosure does not abrogate client confidentiality.
DIA’s guidelines for lawyers and conveyancers offers slightly more detail. It confirms that privileged communication can be oral or written, can include any information, opinion, or the agents of lawyers or clients involved. However, a communication is not privileged if the information in communication consists of records of financial transactions kept by a lawyer related to their trust account, or is in its first impression a case prepared for dishonest purposes or with the intent to commit an offence.
Ultimately, the Act places responsibility upon the broad shoulders of the lawyer to determine whether a case before them holds credible evidence that a communication is made for a dishonest purpose.
Mr Hughes says textbooks, overseas materials or the Financial Action Task Force (FATF) resources can provide some assistance, but it’s important to keep in mind the Act was not drafted for law firms specifically.
“When I started in the AML field around 2007, much of the work was helping clients to understand and influence the design of the new legislation then under development,” he says.
Ultimately, the Act places responsibility upon the broad shoulders of the lawyer to determine whether a case before them holds credible evidence that a communication is made for a dishonest purpose
“While there were also briefs and cases to advise on tricky scenarios before sending suspicious transaction reports to the Police, it was all developed with banking and financial players in mind. Because they were participating in the law reform, issues that might face non-finance firms were really given no thought.
“A decade later, when Phase 2 amendments were being rushed through, we still had to grapple with a statute designed, essentially, with a bank in mind, not a law firm or real estate agent.”
Nevertheless, more countries are joining New Zealand and much of Europe, capturing lawyers for AML/CFT regulation.
“Australia faces pressure for ‘tranche 2’ and just last month Germany released draft laws intending to capture real estate gatekeepers and notaries,” says Mr Hughes.
The scale of risk
Ostensibly, determining what fits within client confidentiality against the obligation of disclosure is a risk-based decision process for lawyers, who are presumed to know their clients best.
The Law Society’s role in these determinations are removed, especially where the risks of money laundering will differ based on the various types of practice, and even down to the practitioners’ method of providing communication. The exception might be if it later turns out disclosure was made in bad faith, or there were reasonable grounds to believe it was a privileged communication, under s 44(4).
The Department of Internal Affairs, alongside the Police Financial Intelligence Unit (FIU), have broader obligations to assess risk at sector, national and international levels. At stake here is the outcome of New Zealand’s pending evaluation from the FATF’s mutual reporting process. Part of its fourth round of reporting involved site visits here in February. While it is likely the evaluation report is being tested among AML supervisors and the Ministry, Gary Hughes says we won’t see the report publicly released until 2021.
That report holds potential consequences to influence a wide range of measures. How well New Zealand’s credit rating may perform overseas, but also the confidence of overseas financial players in doing business in New Zealand.
Involving a broader range of reporting entities under the Act such as lawyers and accountants enables a tangible movement towards reducing the risks of money being laundered or terrorist activity being financed unlawfully, meeting more of the standard FATF recommendations, therefore maintaining this country’s status as a place to conduct business safely and successfully.
Each end of the scale of risk in the AML/CFT regime is not mutually exclusive. At one end, potential harm from money laundering or terrorist financing bears significant costs to New Zealand society, and in the first presumption, Inland Revenue. At the other end, an individual lawyer faces reputational and career risk – highly intangible, but something not to ignore when considering the information included in reporting.
And so back to that annual report
“Law firms have been traditionally very private partnerships, and not accustomed to having to disclose their own data (and potentially some client data) in online annual reports or to an independent auditor,” says Mr Hughes.
It may come as a surprise how much information is required and intrusive the process may feel.
“Assembling that information can take time, particularly if the firm’s IT systems have not been set up to capture and report in these ways,” he says.
“But the DIA’s online ‘User Guide’, manual for annual reports, is a useful starting place, containing a lot of FAQ type information from trial and error over the years with the reporting formats. The DIA updates it every year or two, so make sure you are working to the current version.”
While not mandatory, internal reporting documents and process materials can be kept during the year, shared among the partnership as part of regular governance and assurance testing, and then build up the information to hand to complete the DIA’s report.
Some of those reports may also serve as a precursor to filing formal suspicious activity reports with the FIU, and “keeping written findings” on various risk aspects as required to meet the needs of the Act.