New Zealand Law Society - How to use the New Zealand Law Society specimen compliance documents

How to use the New Zealand Law Society specimen compliance documents

The New Zealand Law Society has provided to the profession some specimen AML/CFT compliance documents to assist lawyers to prepare for the implementation of Phase 2 of the compliance regime prescribed by the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act). 

The intention is to provide a helpful starting point for lawyers to assist with understanding their obligations under the AML/CFT Act and to develop internal policies and procedures to meet those obligations. The documents are not prescribed forms and they will require adaptation.

This note is intended to provide some practical guidance for law firms who may decide to use the specimen documents.

Compliance Documents

Lawyers use precedents in their daily practice and understand that precedents invariably must be adapted to specific circumstances to produce a document of value. The same is true for the AML/CFT compliance specimen documents provided by the Law Society or that might otherwise be available to lawyers. Not all law firms may find them helpful in the context of their particular practices. Many lawyers may choose to develop their own proprietary documents or software solutions, whether by using internal resources or external consultants.

The Law Society encourages lawyers to actively engage in determining the approach that will work best for them. However, it is mindful of the increased costs to the profession which will inevitably arise from AML/CFT compliance and the responsibility to protect the reputation and integrity of the profession. On this basis, the Law Society has determined, in good faith and without liability, to provide as much assistance and “know how” as to lawyers so that they can continue to practise lawfully and effectively after 1 July 2018 when the AML/CFT Act applies to lawyers undertaking certain activities.

Lawyers must adapt any AML/CFT specimen documents to take into account their particular circumstances. The Department of Internal Affairs (DIA), as supervisor of the legal profession for AML/CFT purposes, emphasised the importance of this when it was consulted by NZLS about the specimen documents. The form and content of all AML/CFT compliance documents ultimately adopted by law firms must evidence a clear understanding of AML/CFT obligations and how they apply in the context of each specific legal practice. There is absolutely no “one size fits all” approach to AML/CFT compliance.

There are three important steps which lawyers must undertake well in advance of 1 July 2018 and which the specimen documents are intended to assist with.

1. Understand the AML/CFT obligations

A complete understanding of the obligations and when they apply is fundamental to AML/CFT compliance. The starting point is to read and understand the AML/CFT Act and its associated regulations.

Understanding how money laundering and criminal activity may present risks to a law firm or practice is also essential. Much analysis has been done in this area and  lawyers should refer to the International Financial Action Task Force (FATF) report on the vulnerabilities of legal professionals for further information about the risks to the legal sector generally.

Whether or not a law firm has obligations under the AML/CFT Act is determined solely by the activities it provides to clients in the ordinary course of business. Activities which trigger compliance obligations are known as ‘captured activities’. These activities have been identified by the DIA as activities which potentially expose the legal profession to the risk of money laundering and terrorist financing.

It is essential that all law firms examine carefully the Department of Internal Affairs Guideline for Lawyers and Conveyancers before commencing any new matter or continuing work on a matter already commenced by 1 July 2018.

Every lawyer in private practice (including barristers) needs to be satisfied at the outset of a matter as to whether the work to be done is or may be a “captured activity”. For this reason, it is vital to understand what activities are within scope.

In the section "Know if the AML/CFT Act applies to your business" of the DIA’s guidance there is a helpful diagram which will assist in determining whether a particular matter is a “captured activity”.

If a lawyer is undertaking or may undertake a “captured activity” then compliance with the obligations prescribed by the AML/CFT Act is mandatory. These obligations are extensive and include requirements to:

  • Have a designated person within the firm or practice dedicated to AML/CFT compliance matters (AML/CFT Compliance Officer).
  • Undertake an assessment of the specific AML/CFT risks relevant to the law firm (AML/CFT Risk Assessment).
  • Establish and maintain policies and procedures to be implemented by the firm or practice to detect and prevent money laundering (AML/CFT Compliance Programme).
  • Vet the AML/CFT Compliance Officer, senior management and other relevant employees.
  • Gather, maintain and store information and documentation relevant to the implementation of the AML/CFT Compliance Programme.
  • Verify the identity of clients (referred to in the AML/CFT Act as “customers”) through a process known as Customer Due Diligence (CDD).
  • Understand the circumstances in which an enhanced level of CDD may be required (e.g. where the client is a trust or a “Politically Exposed Person”) and what exactly that more detailed level of due diligence entails.
  • Conduct ongoing monitoring of client and matter activity (e.g. identifying changes or establishing patterns that may prompt concern of money laundering activity).
  • Ensure all relevant staff are trained and aware of the risks and responsibilities in relation to AML compliance.
  • Undergo an independent audit of the AML/CFT Risk Assessment and AML/CFT Compliance Programme.
  • Report prescribed transactions and suspicious activities to the Financial Intelligence Unit of the Police in certain circumstances.
  • File an AML/CFT Annual Report to the DIA and respond to any queries and otherwise engage with the DIA as may be necessary in relation to AML/CFT matters.

2. Understand how the AML/CFT compliance obligations apply to your practice

Once the AML/CFT compliance obligations and inherent risk factors of the legal profession as a sector are understood they must be considered in the context of the specific law firm or practice. This involves identifying what is already known about the law firm or practice and also what further information is required to enable compliance.

There are a number of issues lawyers must consider at this stage. These include:

  • What (if any) “captured activities” does the law firm undertake?
  • What is the frequency and approximate transaction value of those matters?
  • How does the law firm typically deliver the services associated with the “captured activities”?
  • Who will be the AML/CFT Compliance Officer?
  • What risks associated with those activities are inherent to the legal profession?
  • What risks associated with those activities are specific to the law firm or sole practitioner?
  • Who are the clients (past, present and anticipated) of the law firm?
  • What activities do those clients undertake?
  • What are the obvious risks associated with certain types of clients?
  • What (if any) policies and procedures does the law firm have currently for identifying and verifying the identity of clients?
  • What changes (if any) to those policies and procedures are required for the law firm to comply with its obligations under the AML/CFT Act?
  • How will the law firm verify the source of a client’s fund (if required)?
  • How will the law firm manage and store information and documentation relevant to AML/CFT compliance?
  • How will the law firm deal with Suspicious Activity Reporting and Prescribed Transactions Reporting?

3. Prepare your AML/CFT Risk Assessment and AML/CFT Compliance Programme

Once a law firm understands its risks and obligations it should be ready to prepare an AML/CFT Risk Assessment and AML/CFT Compliance Programme.

Before doing so it may be helpful to prepare a basic mission statement which is appropriate for the way a law firm or practice operates when conducting “captured activities”. The wording of such statement could start as:

What we will do

  1. We regard AML/CFT compliance as essential to the ordinary course of business and to maintaining the reputation and integrity of the firm.
  2. We will apply resources to AML/CFT compliance which are commensurate to the risks identified.
  3. We will regularly assess and monitor the risks of money laundering within the firm and the legal profession generally.
  4. We will develop, maintain and implement a AML/CFT Compliance Programme intended to detect and prevent money laundering and the financing of terrorism by the firm.
  5. We will place AML/CFT compliance high on the agenda at each staff/board meeting

What we don’t do

  1. We won’t sacrifice AML/CFT obligations to commercial expediency
  2. We won’t accept cash
  3. We won’t advertise our trust account number or release it without being satisfied it is required for a transaction to take place.
  4. We won’t accept or make payment to or from a third party on behalf of a client unless there is a reasonable explanation
  5. We won’t cut corners and delay due diligence obligations in order to get the deal done

The specimen AML compliance documents provided by NZLS may provide a helpful starting point for lawyers who are preparing for AML/CFT. This section refers to specific documents and provides some guidance to their use.

Risk Assessment

The AML/CFT Risk Assessment must evidence to the DIA that the firm or practice understands its inherent and unique risks in relation to money laundering and the financing of terrorism.

The AML/CFT Risk Assessment will inform the law firm of the steps it must take to manage these risks in its AML/CFT Compliance Programme.

The specimen AML/CFT Risk Assessment sets out the matters a lawyer must consider when conducting a risk assessment (e.g. nature, size and complexity of the law firm or practice, the way services are delivered and the types of clients).

If a law firm decides to use the specimen AML/CFT Risk Assessment as a starting point then it must carefully review each of the matters to be considered in the context of the unique circumstances of the relevant law firm or practice and adapt it accordingly. The analysis conducted by the law firm should then be documented in detail in the Business Risk Type Assessment’ at Schedule 1.

It may also be helpful to provide a brief explanation of how the risk rating for a specific activity was determined or note any other relevant considerations. For example, in the ‘Company and Commercial’ section a firm might conclude there is a ‘very likely’ (‘v’) rating to a certain activity that it routinely conducts because it typically involves a series of complex transactions, trust and corporate structuring for foreign clients and intermediaries. On the other hand, in another section for “Trusts and Estates’ a firm might conclude that it is ‘unlikely’ (‘u’) that drafting a will for a long-standing client of the firm presents a risk of money laundering being conducted through the firm. The AML/CFT Risk Assessment should be comprehensive and extend to all activities carried out or contemplated by the law firm or practice in the ordinary course of business – even those which are not ‘captured activities’ under the AML/CFT Act.

Policies for mitigating some of the identified risks are referred to in Sections 11- 14 of the specimen AML/CFT Risk Assessment. Law firms must adapt these sections to their own particular circumstances. For example, specific mention should be made of the names and contact details of individuals with designated responsibilities and the scope of their responsibilities and authorities.

Compliance Programme

The specimen AML/CFT Compliance Programme provides some background information about money laundering and the financing of terrorism and sets out policies and procedures that a law firm or sole practitioner may consider implementing to detect and prevent the same.

The AML/CFT Compliance Programme ultimately developed by the law firm or sole practitioner will provide a base for preparing staff training and needs to be a ‘living document’ which is updated regularly and a constant reference point for all relevant people in the law firm or practice. The AML/CFT Compliance Programme must be tailored to the unique circumstances of the particular law firm or practice.

In an audit, the DIA will scrutinise the AML/CFT Compliance Programme to check whether the firm has the appropriate procedures in place to meet its obligations.

If a law firm decides to use the specimen AML/CFT Compliance Programme it must review each section to adapt the material provided so it reflects the unique circumstances of your firm. Not all aspects may be relevant, necessary or useful for a particular firm.

For example, the specimen AML/CFT Compliance Programme envisages the appointment of both an AML/CFT Compliance Officer and a functionary referred to as an Money Laundering Reporting Officer (MLRO). The appointment of an MLRO is not required or even contemplated under the AML/CFT Act and is simply an option some firms may wish to adopt for efficiency and as an internal control mechanism.

The New Zealand Law Society is very mindful of the unique obligations and duties placed on lawyers. These obligations are reflected in the Lawyers and Conveyancers Act (Lawyers: Conduct and Client Care) Rules 2008 which, at times, may be difficult to reconcile with the complex obligations required under the AML/CFT Act. The specimen documents have been drafted with this in mind.

Other types of businesses (such as financial institutions, for which the AML/CFT Act was originally designed) do not necessarily have all of these or equivalent obligations. The AML/CFT Act has been re-purposed for lawyers and great care needs to be taken by lawyers to ensure compliance with both the AML/CFT Act and ethical obligations.

The Law Society has produced some guidance on the ethical issues which may arise.

It believes there is some merit in law firms adopting an internal control mechanism similar to that suggested in the specimen AML/CFT Compliance Programme by which an MLRO or similarly appointed committee of senior lawyers review an internal Suspicious Activity Report before an external report is made to the Financial Intelligence Unit of the Police. Issues such as client confidentiality and legal professional privilege are nuanced and complex and may need careful consideration or advice in a particular situation. Furthermore, the AML/CFT Act is new to the legal profession and it will inevitably take some time and collective experience before individual lawyers are confident in dealing with these issues.

Other options are also suggested in the specimen AML/CFT Compliance Programme. Each law firm will need to decide if these mechanisms are appropriate and/or how they should be modified to the unique circumstances of the law firm or practice.

It may also be helpful to describe in the AML/CFT Compliance Programme where relevant forms and information can be accessed electronically and how different processes will work in practice.

Unique aspects of a specific practice should also be discussed in an AML/CFT Compliance Programme. For example, if certain high risk areas have been identified, the law firm should set out the specific steps to be taken to manage that risk over and above any other risk.AML/CFT Policy Statement

A separate AML/CFT Policy Statement is not a mandatory requirement. However, a law firm may choose to incorporate such a statement to provide context and understanding. Lawyers will need to tailor each of the different policies. For example, specific reference should be made to where the firm’s verification and identification guidelines can be found and specifically how ongoing assessment and training will be undertaken within the firm.

AML Reporting Procedure

The specimen AML/CFT documents provide for internal reporting of suspicious activities as a pre-cursor to a formal Suspicious Activity Report being filed with the FIU. As mentioned above, such a procedure is not mandatory under the legislation. Lawyers will need to decide whether such a procedure will be a useful check and protection mechanism in the circumstances of the specific firm firm. The process suggested need not be adopted and in any event should be varied and adapted to the specific circumstances of the law firm or practice.


Grappling with any new compliance regime can be daunting but there is plenty of assistance available . The intention is that the Law Society’s specimen AML/CFT compliance documents may provide a basic foundation upon which a tailored compliance framework can be built by law firms and sole practitioners. That framework will need to reflect the practical realities, needs and unique aspects of each law firm and practice. The Law Society website contains a suite of other information, articles and resources about AML/CFT for lawyers. We will also keep lawyers updated on AML/CFT developments via LawPoints and LawTalk.

Lawyer Listing for Bots