Transcription of AML/CFT Risk Assessment and Programme
1 AML/CFT Risk Assessment and Programme : Prompts and Notes for DIA reporting entitiesDecember 2017 ContentsExecutive summary 3 How to read this guideline 3 How to apply this guideline 3 Disclaimer 3 Conducting
2 Your AML/CFT risk Assessment 41. Methodology 42. Nature, size and complexity 63. Products and services offered 74. Methods of delivery 85. Customer types 96.
3 Country risk 117. Institutions 12 Preparing your AML/CFT Programme 131. General 132. Vetting 153.
4 Training 154. Customer due diligence (CDD) 165. Simplified CDD 186. Enhanced CDD (EDD) 187. Ongoing CDD 198.
5 Account monitoring 209. Suspicious activity reports (SARs) 2110. Prescribed transaction reports (PTRs) 2211. Record keeping 2312. Manage and mitigate ML/TF risks 2313. Monitor and manage compliance with the Act 2414.
6 Products, transactions and activities that favour anonymity 243 Executive summaryAs a reporting entity, you must comply with the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (the AML/CFT Act or the Act) by assessing the risks of money laundering and terrorist financing (ML/TF) to your business, and by implementing a Programme to manage those risks . risks of ML/TF vary from business to business, as will the best ways to mitigate those risks . You understand your business better than anyone else, so you are best placed to identify the vulnerabilities and risks faced from ML/TF and how to develop appropriate strategies to manage and control those recognise that assessing the risks faced by your business from ML/TF activities and establishing and implementing a Programme will take time and effort, so we have developed this guideline to help you undertake your AML/CFT risk Assessment (risk Assessment ) and design your AML/CFT compliance Programme ( Programme ).
7 How to read this guidelineThis guideline provides you with a series of questions, supervisory expectation, reference material and suggested best practice1 that will help guide your risk Assessment and Programme . It provides a starting point, which can be supplemented with the more detailed information provided by your supervisors. Before you read this guideline, make sure you are familiar with the Act2, DIA supervisor guidelines3 and Sector Risk Assessments and the National Risk Assessment4. Each section deals with a particular aspect of the risk Assessment and Programme and asks several questions that will help guide your understanding of your ML/TF risks and obligations. 1 Where suggested best practice is provided, which includes some supervisory expectations, this does not constitute legal advice, nor is it exhaustive in nature.
8 It is there to help you meet your AML/CFT obligations more effectively and to help you understand and mitigate the ML/TF risk you will face in the ordinary course of 3 4 Where AML/CFT guidance material is referenced (in bold type) it can be accessed at the following websites: Department of Internal Affairs( DIA): Financial Intelligence Unit (FIU): Reserve Bank of New Zealand (RBNZ): Financial Markets Authority (FMA): How to apply this guidelineThis guideline can be used by all DIA-supervised reporting entities, both small and large. Given the differences in size and complexity of reporting entities, some of the prompts and notes may not apply to your business or guideline is not mandatory.
9 You may choose to use alternative methodologies to conduct your risk Assessment and develop your should keep in mind that an effective AML/CFT regime is risk-based and your risk Assessment and Programme need to fit the risk your business faces. For instance, small and low-risk reporting entities should have a risk Assessment and Programme that is simple and proportionate to the risk they guideline is not a template for your risk Assessment or Programme . You should adapt the prompts and notes contained in this guideline to fit your individual business guideline is provided for information only and cannot be relied on as evidence of complying with the requirements of the AML/CFT Act. It does not constitute legal advice and cannot be relied on as such.
10 After reading this guideline, if you do not fully understand your obligations you should seek legal advice or contact your AML/CFT supervisor. 4 Conducting your risk assessmentYour first step to complying with the Act is to conduct a risk Assessment on the potential ML/TF risks faced by your business. The specific requirements for a risk Assessment are set out in section 58 of the Act. The prompts and notes provided below are there to assist you with understanding how to conduct your business risk Assessment . 1. MethodologyPromptsNotesDoes your risk Assessment have regard to applicable guidance material?Your risk Assessment must have regard to the National Risk Assessment (NRA), relevant Sector Risk Assessment (SRA) and applicable supervisor guidance.
