Information for Financial Institutions and Casinos

Register with us by clicking on the button below:

AML Online: Click here to register with us

Developing your Risk Assessment and Programme

AML/CFT Programme Guideline 

The guideline is designed to help reporting entities develop their AML/CFT programme as required under section 56 of the AML/CFT Act.

Developing an AML/CFT programme is the next step after conducting a risk assessment. It involves developing the procedures, policies and controls to manage and mitigate money laundering and terrorism financing risks. A reporting entities AML/CFT programme must be based on their risk assessment.

Risk Assessment Guideline

The AML/CFT Risk Assessment Guideline is designed to help reporting entities conduct a risk assessment, as required under section 58 of the AML/CFT Act.

A risk assessment is the first step a business must take before developing an AML/CFT programme. It involves identifying and assessing the risks the reporting entity reasonably expects to face from money laundering and terrorism financing. Once a risk assessment is completed, a reporting entity must then put in place an AML/CFT programme that manages and mitigates these risks.

AML/CFT Risk Assessment and Programme: Prompts and Notes for DIA reporting entities (Prompts and Notes)

This guideline provides reporting entities with a series of questions, supervisory expectation, reference material and suggested best practice that will help guide their risk assessment and programme. It provides a starting point, which can be supplemented with more detailed information provided by DIA supervisors. This guideline can be used by all DIA-supervised reporting entities, both small and large.

This guideline is not mandatory. Reporting entities may choose to use alternative methodologies to conduct their risk assessment and develop their programme.

Financial Institutions Sector Risk Assessment – December 2019

The Financial Institutions Sector Risk Assessment (SRA) is a review of the characteristics of the sectors covered by the AML/CFT Act including remitters, virtual asset service providers, payment providers, lenders and other financial institutions. This document is intended to help AML/CFT supervisors understand the money laundering and terrorism financing risks across these sectors and assist reporting entities by providing guidance on the specific risks and vulnerabilities relevant to their business.

Phase 1 Sector Risk Assessment Guides 2014

Help with assessing your money laundering risk

These guides provide you with help in thinking about how money launderers might use your business putting it at risk.

It will also help you conduct or revise your risk assessment which is compulsory under section 58 of the Anti-Money Laundering and Countering Financing of Terrorism Act.

We have used examples from overseas and international organisations such as the Financial Action Task Force. These examples may have reference to your business. Examples of how people launder money in New Zealand are in the Police National Risk Assessment.

The guides are not intended to replace your own risk assessment of your business. A copy of this guide is not a reporting entity risk assessment.

How to use the guides

There is a separate guide for each type of business that we regulate under the Anti-Money Laundering and Countering Financing of Terrorism Act.

Go to the guide that describes your business. You may need to look at more than one guide if your business provides more than one type of service.

In each guide there is a table to help you assess your business and the risk money laundering may pose to it.

The left-hand column of the table identifies some features that may be present in products or services that your business offers.

For each feature, reasons that might increase the risk of money laundering are in the 'higher risk factors' column. Reasons that might decrease the risk are in the 'lower risk factors' column.

In preparing your risk assessment, you should not wholly depend on the table. You should consider any special features of your business which might increase or lessen the risk.

Your anti-money laundering and countering financing of terrorism programme must include procedures, policies and controls to manage and lessen the risks identified in your risk assessment.

Phase 1 In the Ordinary Course of Business Guideline - Updated December 2017

This guideline is designed to help clarify the meaning of the phrase "in the ordinary course of business" in the definition of financial institution and designated non-financial business or profession for the Anti-Money Laundering and Countering Financing of Terrorism Act 2009.

This December 2017 update replaces the previous version published in 2012.

Customer due diligence

In this section:

Beneficial Ownership Guideline:

A key task in meeting the requirements of the AML/CFT Act is to identify and verify customers’ beneficial ownership arrangements. This guideline is to assist reporting entities in meeting the requirement to perform customer due diligence on the customer and beneficial owners of the customer.

Customer Due Diligence Fact Sheets:

These fact sheets are designed to help reporting entities understand the identification and verification requirements for different types of customers. The fact sheets should be read in conjunction with the beneficial ownership guideline.

Enhanced Customer Due Diligence Guideline (2020 updates)

This guideline assists you to conduct enhanced customer due diligence (EDD) on your customers under the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 (the Act).

Identity Verification Code of Practice

Amended Identity Verification Code of Practice 2013

On 10 October 2013 an Amended Identity Verification Code of Practice was gazetted under section 64 of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act). The amendments come into force on 1 November 2013.

Explanatory Note (updated December 2017)

The Explanatory Note clarifies requirements for electronic identity verification in accordance with the Amended Identity Verification Code of Practice 2013.

This December 2017 update replaces the previous version published in 2013.

Guidance on Expired Passports for Identification in Customer Due Diligence

This factsheet outlines how to use expired passports for identification purposes in accordance with the Amended Identity Verification Code of Practice 2013:

Statement of Kiwi Access Card

This document outlines the position the AML/CFT Supervisors have taken on the kiwi access card as a form of identification for the purposes of Identity Verification Code of Practice.

Annual reports

Annual Reports for Financial Institutions 

The annual report is a requirement under section 60 of New Zealand's Anti-Money Laundering and Countering Financing of Terrorism Act 2009.

The User Guide: AML/CFT Report is designed to help reporting entities complete their annual reports. The form and content of the annual report is prescribed inthe Anti-Money Laundering and Countering Financing of Terrorism (Requirements and Compliance) Amendment Regulations 2017 – see schedule 2.
This user guide is used primarily to support Phase 1 reporting entities; i.e. financial institutions and casinos. Please note, trust and company service providers who have been using this report form should switch to using the DNFBP annual report form to cover the reporting period 30 June 2018 – 1 July 2019 onwards.

For more information about how to do this, including videos, see:

Audit Guideline

This guidance is to help reporting entities:

  • understand the AML/CFT audit requirements in terms of the AntiMoney Laundering and Countering Financing of Terrorism Act 2009; and
  • undertake an effective and credible audit of their risk assessment and AML/CFT programme.

This guidance will also be useful to persons who perform audits of risks assessments and AML/CFT programmes of reporting entities.

You must have your AML/CFT risk assessment and programme audited before your first two years of capture and within every two years following your first audit.

NZ Police Financial Intelligence Unit National Risk Assessment

The Financial Intelligence Unit of the New Zealand Police has released the National Risk Assessment (NRA) and a support document under the AML/CFT Act 2009.

The NRA is designed principally for the use of the Ministry of Justice, AML/CFT supervisors, and the New Zealand Customs Service. The NRA may also be useful to reporting entities in understanding the broader picture of money laundering and terrorist financing risks at a national level.

The NRA can be found on the Police website.

Territorial Scope of the AML/CFT Act 2009

This guideline is designed to help reporting entities understand the territorial scope of the AML/CFT Act and assist them to determine whether they have obligations under the Act.

Wire Transfers

This guideline is designed to help reporting entities understand the definition of wire transfer under the AML/CFT Act and sets out the minimum requirements for parties to a wire transfer.

Countries Assessment Guideline

This guideline is designed to help reporting entities decide when an assessment of another country's AML/CFT regulatory environment is required, and provides guidance on how to undertake this assessment.

Designated Business Groups Guidelines

Designated Business Group - Scope Guideline (updated December 2017)

This guideline is designed to assist reporting entities to understand which obligations may be shared by members of a designated business group.

This December 2017 update replaces the previous version published in 2012.

Designated Business Group - Formation Guideline (updated February 2020)

This guideline is designed to help reporting entities understand the process for forming a Designated Business Group. This guideline also explains the process for notifying an AML/CFT supervisor about the formation of, or change to, a designated business group and provides the forms for doing so.

This December 2017 update replaces the previous version published in 2012.

NZ Financial Intelligence Unit (FIU)

Please visit https://fiu.police.govt.nz if you require goAML assistance with:

  • How to register a new entity
  • How to register a new user to an existing entity
  • Useful frequently asked questions

Once logged into goAML further guidance and e-learning training is available by selecting the “?” icon on the blue task bar.

For further information go to:

Frequently Asked Questions