A reporting entity must designate an employee as an AML/CFT compliance officer to administer and maintain its AML/CFT programme (AML/CFT Act s 56(2)).
The compliance officer must report to the senior manager of the law firm.
In the case of a sole practice that does not have employees, the reporting entity must appoint a person to act as its compliance officer.
An AML/CFT compliance officer can lead the next two steps in the process – developing a risk assessment, and establishing an AML/CFT programme.
Before conducting customer due diligence or establishing an AML/CFT programme, a reporting entity must first undertake an assessment of the risk of money laundering and the financing of terrorism that it may reasonably expect to face in the course of its business (AML/CFT Act s 56).
The well-worn cliché “one size does not fit all” is very apt in relation to this risk assessment. A law firm’s risk assessment will be particular to that firm.
Practices with a significant number of offshore clients would, for example, have a quite different risk profile than practices whose clients are New Zealand residents.
The risk assessment must be in writing and must:
- Identify the risks faced by the law firm in the course of its business;
- Describe how the firm will ensure that the assessment remains current; and
- Enable the firm to determine the level of risk involved in relation to relevant obligations under AML/CFT and regulations.
In assessing the risk, law practices must have regard to the following:
- The nature, size, and complexity of its business;
- The services it offers;
- The methods by which it delivers its services;
- The types of customers [the AML/CFT Act uses the word “customer”] it deals with;
- The countries it deals with;
- The institutions it deals with (eg banks);
- Any applicable guidance material produced by AML/CFT supervisors or the Commissioner of Police relating to risk assessments; and
- Any other factors that may be provided for in regulations.
A Risk Assessment Guideline has been produced by the Department of Internal Affairs (DIA), the Reserve Bank of New Zealand and the Financial Markets Authority (see under Guidelines available below). The DIA is the prescribed supervisor for the legal profession.
A sector risk assessment covering lawyers has been published on the DIA website here https://www.dia.govt.nz/diawebsite.nsf/Files/Phase-2-AMLCFT-Sector-Risk-Assessment-Final/$file/Phase-2-AMLCFT-Sector-Risk-Assessment-Final.pdf.
The Police’s Financial Intelligence Unit (FIU) has produced a National Risk Assessment Report and a Quarterly Typology Report.
Law firms established from 1 July 2018 will need to establish, implement and maintain a written AML/CFT programme (AML/CFT Act s 56(1)). Already established firms should already have complied with the requirements.
The AML/CFT programme must include internal procedures, policies, and controls to:
- Detect money laundering and the financing of terrorism; and
- Manage and mitigate the risk of money laundering and financing of terrorism.
The programme must include adequate and effective procedures, policies and controls for:
- Vetting senior managers, the AML/CFT compliance officer, and any other employee that is engaged in AML/CFT related duties;
- Training on AML/CFT matters for senior managers, the AML/CFT compliance officer, and any other employee that is engaged in AML/CFT related duties;
- Complying with customer due diligence requirements (including ongoing customer due diligence and account monitoring);
- Reporting suspicious transactions;
- Record keeping;
- Setting out what the reporting entity needs to do, or continue to do, to manage and mitigate the risks of money laundering and the financing of terrorism;
- Examining, and keeping written findings relating to complex or unusually large transactions; and unusual patterns of transactions that have no apparent economic or visible lawful purpose; and any other activity that the law firm regards as being particularly likely by its nature to be related to money laundering or the financing of terrorism;
- Monitoring, examining, and keeping written findings relating to business relationships and transactions from or in countries that do not have or have insufficient anti-money laundering or countering financing of terrorism systems in place and have additional measures for dealing with or restricting dealings with such countries;
- Preventing the use, for money laundering or the financing of terrorism, of products (for example, the misuse of technology) and transactions (for example, non-face-to-face business relationships or transactions) that might favour anonymity;
- Determining when enhanced customer due diligence is required (see s 22 of AML/CFT) and when simplified customer due diligence might be permitted (see s 18 of AML/CFT– the circumstances when standard due diligence applies is outlined in s 14 of AML/CFT);
- Providing when a person who is not the law firm may, and setting out the procedures for the person to, conduct the relevant customer due diligence on behalf of the firm; and
- Monitoring and managing compliance with, and the internal communication of and training in, those procedures, policies, and controls.
Guidelines to help organisations, including a Risk Assessment Guideline and an AML/CFT Programme Guideline have been produced by the three supervisors – DIA, Reserve Bank of New Zealand and the Financial Markets Authority.
Not only do these guidelines provide very useful information about preparing a risk assessment and an AML/CFT programme, they also point to sources of further information.
Other documents on this website may also be of use. These include:
- A guideline on interpreting “ordinary course of business”;
- A territoriality guideline;
- A countries assessment guideline; and
- An audit guideline.
DIA has a page on its website entitled Sector and National Risk Assessments.
It provides guides to help people think about how money launderers may use their business.
Of particular value to lawyers is the guide Trust and Company Service Providers.
More guides and resources are also available on the Codes of Practice and Guidelines page of the DIA website.
A very useful resource for lawyers when preparing a risk assessment and an AML/CFT compliance programme is A Lawyer’s Guide to Detecting and Preventing Money Laundering (PDF, 1.5 MB). This is a collaborative publication of the International Bar Association, the American Bar Association and the Council of Bars and Law Societies of Europe.
Among the information it contains is a list of some of the “red flags” lawyers can look out for that may suggest some criminal behaviour is involved with the funds about to be channeled through the practice.
The existence of a “red flag” may, of course, have a legitimate explanation, but international experience shows that they are something one should look out for. These “red flags” include:
- Once funds received into a trust account, the transaction is aborted;
- Client requests that deposited funds are sent to a third party or parties, rather than returned to the client;
- Client avoids personal contact without good reason;
- Unusual manner of execution – eg, the deposit of funds for the purchase price occurred unusually early in the transaction and before the purchase price had been agreed between the parties;
- Amount being deposited is large compared to client’s modest income;
- Surplus funds were deposited;
- Back-to-back property transactions, which were out of sync with normal market dynamics – the purported value of each property rapidly increasing with each subsequent transaction;
- Client changes legal advisor a number of times in a short time period for no apparent reason;
- The purchase price is paid entirely in cash;
- Client has no proper identification papers;
- There is no information available about the client and his or her business;
- Purported legal documentation is too simplistic for the relevant transaction;
- Client’s connection with the jurisdiction is unclear;
- No mention of the issue by the client initially, followed by an over willingness to provide a lot of documentation; and
- Urgency in getting the deal done.
Financial Action Task Force
Another useful resource is the Financial Action Task Force (FATF), an inter-governmental body established in 1989 by the ministers of its member jurisdictions (New Zealand is one). It aims to set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system.
FATF has produced two documents that are particularly designed for the legal profession. They are Money Laundering and Terrorist Financing Vulnerabilities of Legal Professionals and Risk Based Approach Guidance for Legal Professionals.
Section 3 of the latter, Guidance for legal professionals on implementing a risk-based approach, may be particularly useful.
This document also has a brief note about privilege as it applies to the legal profession.
Register with goAML
New lawyers in sole practice or law firms need to register with goAML so they can file Suspicious Transaction Reports (STRs) and Prescribed Transaction Reports (PTRs). goAML Web is the prescribed method by which reporting entities submit STRs and PTRs to the FIU.
Certain technical requirements must be followed in filing a report with the police. Lawyers in sole practice or law firms need to register as an “entity” and file reports electronically though goAML. Registering as an entity is simply a matter of filling out the form on the police’s FIU website.
This form is part of the FIU’s goAML platform. goAML is a reporting tool that allows rapid and secure exchange of information between the FIU, reporting entitles and law enforcement and intelligence authorities.
The confidentiality of the data collected is assured, the FIU says.
For more information on how to register and how to report a suspicious matter, see: Reporting a suspicious matter.
Now that lawyers come fully under AML/CFT, there are a series of other activities they need to do. These include:
- Conducting due diligence on customers (AML/CFT Act s 11 and ss 12-30);
- Reporting suspicious activities and keeping reports of suspicious activities (AML/CFT Act ss 40 and 41, likely to be amended by the AML/CFT Amendment Bill);
- Keeping records on transactions, identification and verification and other records (AML/CFT Act s 51, likely to be amended by the AML/CFT Amendment Bill);
- Reviewing and auditing its risk assessment and AML/CFT programme (AML/CFT Act s 59, likely to be amended by the AML/CFT Amendment Bill); and
- Providing an annual AML/CFT report to the AML/CFT supervisor (AML/CFT Act s 60).
The Law Society has provided more information about these activities on its website.
When the obligations apply
The AML/CFT obligations will apply when a lawyer or a law firm, in the ordinary course of business, carries out one or more of the following activities:
- Acting as a formation agent of legal persons or arrangements;
- Acting as, or arranging for a person to act as, a nominee director or nominee shareholder or trustee in relation to legal persons or arrangements;
- Providing a registered office or a business address, a correspondence address, or an administrative address for a company, or a partnership, or for any other legal person or arrangement, unless the office or address is provided solely as an ancillary service to the provision of other services;
- Managing client funds (other than sums paid as fees for professional services), accounts, securities, or other assets;
- Providing real estate agency work (within the meaning of s 4(1) of the Real Estate Agents Act 2008) that involves the representation, as an agent, of a vendor or purchaser in connection with the sale or purchase, or the proposed sale or purchase, of real estate or any business; or
- Engaging in or giving instructions in relation to:
- any conveyancing (within the meaning of s 6 of the Lawyers and Conveyancers Act 2006) on behalf of a customer in relation to the sale or purchase, or the proposed sale or purchase, of real estate;
- transactions on behalf of any person in relation to buying or selling real estate or transferring the title in, or beneficial ownership of, real estate;
- transactions on behalf of any person in relation to buying, transferring, or selling businesses or legal persons (for example, companies) and other legal arrangements; or
- transactions on behalf of a in relation to creating, operating, and managing legal persons (for example, companies) and other legal arrangements (s 5 of the AML/CFT Act as amended by the AML/CFT Amendment Bill).