Services › Anti-Money Laundering › Codes of Practice and Guidelines

• NEW! AML/CFT Programme Guideline
• In the Ordinary Course of Business Guideline
• Identity Verification Code of Practice 2011
• AML/CFT Risk Assessment Guideline

AML/CFT Programme Guideline

The guideline is designed to help reporting entities develop their AML/CFT programme as required under section 56 of the AML/CFT Act. The guideline sets out the minimum requirements for a AML/CFT programme and outlines who is responsible for a reporting entity's AML/CFT programme. Reporting entities must have established an AML/CFT programme when the Act comes fully into force on 30 June 2013 (unless they are exempt from this requirement).

• AML/CFT Programme Guideline (PDF, 131K)* | (Word, 293K)

In the Ordinary Course of Business Guideline

This guideline is designed to help clarify the meaning of the phrase “in the ordinary course of business” in the definition of financial institution in the AML/CFT Act.

The meaning of this phrase is important if your business carries on an activity that is listed under the definition of financial institution. If the activity is in your “ordinary course of business”, your business will be a reporting entity under the Act.

• In the Ordinary Course of Business Guideline (PDF, 98K)* | (Word, 333K)

Identity Verification Code of Practice 2011

On 1 September 2011 the Identity Verification Code of Practice 2011 was gazetted. The code comes into force on 30 June 2013. This code of practice will help reporting entities verify the name and date of birth of customers (that are natural persons) they have assessed as low to medium risk.

• Identity Verification Code of Practice 2011 (PDF, 128K)* | (Word, 265K)

This code covers documentary identity verification, document certification and electronic identity verification.

Reporting entities may use this code to comply with customer due diligence requirements as required by the following sections of the AML/CFT Act:

• Section 16 – standard customer due diligence: verification of identity requirements
• Section 20 – simplified customer due diligence: verification of identity requirements
• Section 24 – enhanced customer due diligence: verification of identity requirements
• Section 28 – wire transfers: verification of identity requirements.

Complying with a code of practice is not mandatory, although it constitutes a safe harbour. If a reporting entity fully complies with the code it is deemed to be compliant with the relevant parts of the AML/CFT Act. If a reporting entity opts not to comply, it must notify its supervisor that it is opting out and adopt practices that are equally effective, otherwise it risks non-compliance.

For more information see our media release: New anti-money laundering code sets standard for customer ID checks (1 September 2011)

Risk Assessment Guideline

The AML/CFT Risk Assessment Guideline is designed to help reporting entities conduct a risk assessment, as required under section 58 of the AML/CFT Act.

• AML/CFT Risk Assessment Guideline (PDF, 141K)* | (Word, 280K)

A risk assessment is the first step a business must take before developing an anti-money laundering and countering financing of terrorism programme. It involves identifying and assessing the risks the business reasonably expects to face from money laundering and financing of terrorism. Once a risk assessment is completed, a business must then put in place a programme that minimises or mitigates these risks. Further guidance will be provided on the compliance programme at a later date.

Following this guideline is not mandatory. Reporting entities may choose to carry out their risk assessment using alternative methodologies, as long as they comply with the AML/CFT Act.


*You need Adobe Reader installed on your computer to view these forms. If you are unable to open the forms we recommend you get the latest version of Adobe Reader. You can download and install Acrobat Reader for free from the Adobe website.