Information for Financial Institutions and Casinos

Register with us by clicking on the button below:

AML Online: Click here to register with us

Financial Institutions Factsheet

Any financial institution, either existing or established after the introduction of the AML/CFT Act came into force on June 2013, that in the ordinary course of business carries on one or more of the financial activities captured by the Act, is a reporting entity and must comply with the legislation and regulations.

This factsheet outlines what financial institutions are required to do to meet their AML/CFT obligations.

Financial Institutions Factsheet (PDF, 778KB)

Developing your Risk Assessment and Programme

AML/CFT Programme Guideline (updated October 2022)

The guideline is designed to help reporting entities develop their AML/CFT programme as required under section 56 of the AML/CFT Act.

Developing an AML/CFT programme is the next step after conducting a risk assessment. It involves developing the procedures, policies and controls to manage and mitigate money laundering and terrorism financing risks. A reporting entities AML/CFT programme must be based on their risk assessment.

Risk Assessment Guideline

The AML/CFT Risk Assessment Guideline is designed to help reporting entities conduct a risk assessment, as required under section 58 of the AML/CFT Act.

A risk assessment is the first step a business must take before developing an AML/CFT programme. It involves identifying and assessing the risks the reporting entity reasonably expects to face from money laundering and terrorism financing. Once a risk assessment is completed, a reporting entity must then put in place an AML/CFT programme that manages and mitigates these risks.

AML/CFT Risk Assessment and Programme: Prompts and Notes for DIA reporting entities (Prompts and Notes)

This guideline provides reporting entities with a series of questions, supervisory expectation, reference material and suggested best practice that will help guide their risk assessment and programme. It provides a starting point, which can be supplemented with more detailed information provided by DIA supervisors. This guideline can be used by all DIA-supervised reporting entities, both small and large.

This guideline is not mandatory. Reporting entities may choose to use alternative methodologies to conduct their risk assessment and develop their programme.

Financial Institutions Sector Risk Assessment – December 2019

The Financial Institutions Sector Risk Assessment (SRA) is a review of the characteristics of the sectors covered by the AML/CFT Act including remitters, virtual asset service providers, payment providers, lenders and other financial institutions. This document is intended to help AML/CFT supervisors understand the money laundering and terrorism financing risks across these sectors and assist reporting entities by providing guidance on the specific risks and vulnerabilities relevant to their business.

Designated Non-Financial Businesses and Professions and Casinos Sector Risk Assessment – December 2019

The Designated Non-Financial Businesses and Professions and Casinos Sector Risk Assessment (DNFBP SRA) is a review of the characteristics of the sectors covered by the AML/CFT Act - lawyers, conveyancers, accountants, real estate agents, high value dealers and the New Zealand Racing Board. The SRA is intended to help AML/CFT supervisors understand the money laundering and terrorism financing risks across these sectors and assist reporting entities by providing guidance on the specific risks and vulnerabilities relevant to their business.

NZ-to-Pacific Money Remittance Sub-Sector Risk Assessment

The Department has undertaken a risk assessment of the NZ-to-Pacific Islands money remittance sub-sector.

The risk assessment finds that the overall money laundering and terrorism financing inherent risk rating for the NZ-to-Pacific remittance corridor is Medium.  It was also found that low value (under $1,000) remittance transactions from the Pacific Island seasonal workers in NZ to the Pacific Islands for family support, familial or cultural events are assessed to be of Low inherent ML/TF risk.

NZ-to-Pacific Money Remittance Sub-Sector Risk Assessment (PDF, 2.3MB)*

Phase 1 Sector Risk Assessment Guides 2014

Help with assessing your money laundering risk

These guides provide you with help in thinking about how money launderers might use your business putting it at risk.

It will also help you conduct or revise your risk assessment which is compulsory under section 58 of the Anti-Money Laundering and Countering Financing of Terrorism Act.

We have used examples from overseas and international organisations such as the Financial Action Task Force. These examples may have reference to your business. Examples of how people launder money in New Zealand are in the Police National Risk Assessment.

The guides are not intended to replace your own risk assessment of your business. A copy of this guide is not a reporting entity risk assessment.

How to use the guides

There is a separate guide for each type of business that we regulate under the Anti-Money Laundering and Countering Financing of Terrorism Act.

Go to the guide that describes your business. You may need to look at more than one guide if your business provides more than one type of service.

In each guide there is a table to help you assess your business and the risk money laundering may pose to it.

The left-hand column of the table identifies some features that may be present in products or services that your business offers.

For each feature, reasons that might increase the risk of money laundering are in the 'higher risk factors' column. Reasons that might decrease the risk are in the 'lower risk factors' column.

In preparing your risk assessment, you should not wholly depend on the table. You should consider any special features of your business which might increase or lessen the risk.

Your anti-money laundering and countering financing of terrorism programme must include procedures, policies and controls to manage and lessen the risks identified in your risk assessment.

Phase 1 In the Ordinary Course of Business Guideline - Updated December 2017

This guideline is designed to help clarify the meaning of the phrase "in the ordinary course of business" in the definition of financial institution and designated non-financial business or profession for the Anti-Money Laundering and Countering Financing of Terrorism Act 2009.

This December 2017 update replaces the previous version published in 2012.

Customer due diligence

In this section:

Beneficial Ownership Guideline:

A key task in meeting the requirements of the AML/CFT Act is to identify and verify customers’ beneficial ownership arrangements. This guideline is to assist reporting entities in meeting the requirement to perform customer due diligence on the customer and beneficial owners of the customer.

Customer Due Diligence Fact Sheets:

These fact sheets are designed to help reporting entities understand the identification and verification requirements for different types of customers. The fact sheets should be read in conjunction with the beneficial ownership guideline.

On 9 July 2021 the Anti-Money Laundering and Countering of Financing of Terrorism (Requirements and Compliance) Amendment Regulation came into force. The companies and partnerships guidance assists reporting entities to understand and implement the requirement to undertake customer due diligence for nominee directors and nominee general partners. 

Enhanced Customer Due Diligence Guideline (2022 updates)

This guideline assists you to conduct enhanced customer due diligence (EDD) on your customers under the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 (the Act).

Outsourcing Customer Due Diligence

Outsourcing CDD typically occurs during the onboarding process for a new customer. While these providers can provide a useful service, we want to remind reporting entities that outsourced CDD does not exist in isolation from their wider CDD procedures and obligations.

Identity Verification Code of Practice

Amended Identity Verification Code of Practice 2013

On 10 October 2013 an Amended Identity Verification Code of Practice was gazetted under section 64 of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act). The amendments come into force on 1 November 2013.

Explanatory Note (updated July 2021)

The Explanatory Note clarifies requirements for electronic identity verification in accordance with the Amended Identity Verification Code of Practice 2013

This July 2021 update replaces the previous version published in December 2017.

Guidance on Expired Passports for Identification in Customer Due Diligence

This factsheet outlines how to use expired passports for identification purposes in accordance with the Amended Identity Verification Code of Practice 2013:

Factsheet: Birth Certificates with Redacted Information

This document outlines the position the AML/CFT Supervisors have taken on birth certificates with redacted information (other than name and date of birth) as a form of identification under the Identity Verification Code of Practice.

Statement of Kiwi Access Card

This document outlines the position the AML/CFT Supervisors have taken on the kiwi access card as a form of identification for the purposes of Identity Verification Code of Practice.

Annual reports

Annual Reports for Financial Institutions and Casinos - updated June 2021

The annual report is a requirement under section 60 of New Zealand's Anti-Money Laundering and Countering Financing of Terrorism Act 2009.

The User Guide: AML/CFT Report is designed to help reporting entities complete their annual reports. The form and content of the annual report is prescribed inthe Anti-Money Laundering and Countering Financing of Terrorism (Requirements and Compliance) Amendment Regulations 2017 – see schedule 2.

For more information about how to do this, including videos, see:

Audit Guideline

This guidance is to help reporting entities:

  • understand the AML/CFT audit requirements in terms of the AntiMoney Laundering and Countering Financing of Terrorism Act 2009; and
  • undertake an effective and credible audit of their risk assessment and AML/CFT programme.

This guidance will also be useful to persons who perform audits of risks assessments and AML/CFT programmes of reporting entities.

New regulations come into force on 9 July 2021 which will amend the audit timeframe from every 2 years to every 3 years. As of 9 July 2021, your next audit is due within 3 years of your last audit report. Please refer to the Audit section in the FAQs for further information on the audit timeframe change.

Please note that this guideline was created prior to the timeframe change from 2 years to 3 years so there will still be references to the outdated timeframe while we are in process of updating this document.

Audit Guideline for risk assessment and AML/CFT programme (PDF, 324KB)*

NZ Police Financial Intelligence Unit National Risk Assessment

The Financial Intelligence Unit of the New Zealand Police has released the National Risk Assessment (NRA) and a support document under the AML/CFT Act 2009.

The NRA is designed principally for the use of the Ministry of Justice, AML/CFT supervisors, and the New Zealand Customs Service. The NRA may also be useful to reporting entities in understanding the broader picture of money laundering and terrorist financing risks at a national level.

The NRA can be found on the Police website.

Territorial Scope of the AML/CFT Act 2009

This guideline is designed to help reporting entities understand the territorial scope of the AML/CFT Act and assist them to determine whether they have obligations under the Act.

Wire Transfers

This guideline is designed to help reporting entities understand the definition of wire transfer under the AML/CFT Act and sets out the minimum requirements for parties to a wire transfer.

Assessing Country Risk Guideline

This guideline is designed to help reporting entities supervised by DIA who deal with other countries:

  • assess the money laundering and terrorism financing risks related to those countries
  • determine whether a country has insufficient AML/CFT systems or measures in place
  • determine whether another entity is resident in a country with sufficient AML/CFT systems in place and supervised or regulated for AML/CFT purposes (for the purpose of forming a designated business group).

A general guideline produced in 2012 by the AML/CFT Supervisors for all reporting entities to decide when assessment of another country’s AML/CFT regulatory environment is required and how to undertake this assessment, is also available here.

Designated Business Groups Guidelines

Designated Business Group - Scope Guideline (updated October 2022)

This guideline is designed to assist reporting entities to understand which obligations may be shared by members of a designated business group.

This October 2022 update replaces the previous version published in 2017.

Designated Business Group - Formation Guideline (updated October 2022)

This guideline is designed to help reporting entities understand the process for forming a Designated Business Group. This guideline also explains the process for notifying an AML/CFT supervisor about the formation of, or change to, a designated business group and provides the forms for doing so.

This October 2022 update replaces the previous version published in 2020.

NZ Financial Intelligence Unit (FIU)

Please visit https://fiu.police.govt.nz if you require goAML assistance with:

  • How to register a new entity
  • How to register a new user to an existing entity
  • Useful frequently asked questions

Once logged into goAML further guidance and e-learning training is available by selecting the “?” icon on the blue task bar.

For further information go to:

Frequently Asked Questions