Targeted Compliance Assessments – Independent AML/CFT Audit

Return to News and Information

14 May 2021

An important component in having an effective New Zealand AML/CFT system is effective supervision. Therefore, the Department continues to look at how we can enhance our risk-based regulatory approach.

We are increasingly using targeted compliance assessments that focus on the effectiveness and implementation of specific AML/CFT obligations in practice. We have recently used this approach to focus on the requirement for a reporting entity to have an independent AML/CFT audit conducted every two years.

Why audits?

A successful AML/CFT audit will help ensure that policies, procedures and controls remain up-to-date and that any deficiencies in the adequacy and effectiveness of your AML/CFT programme can be identified and remediated. This can help protect your business from the risks of money laundering and terrorism financing.

What our review involved:

  • We selected reporting entities from a group who had disclosed they had had an independent audit conducted. 19 reporting entities were assessed.
  • This group was further broken down into two groups:
    • Group A: 10 reporting entities who had confirmed that they had not remediated issues identified in their audit. For this group, we requested a written explanation as to why no remediation had occurred.
    • Group B: 9 reporting entities who had confirmed that they had remediated all issues identified in their audits. For this group we requested information regarding the remediation that had occurred.
  • For Group A, we assessed the explanation provided as to why remediation had not occurred and how the reporting entity intended to remediate the issues identified.
  • For Group B, we assessed the areas of deficiency identified by the auditor and assessed the remediation action undertaken and whether that action was enough to raise compliance. 

Our findings:

The most common areas of non-compliance identified by auditors were:

  • In assessing risk, having regard to the products and services offered;
  • Having regard to guidance material (risk assessment); and
  • Policies, procedures and controls for politically exposed persons.

From the 19 reporting entities we assessed, 7 are being progressed to having an on-site inspection conducted on them by the AML Group to assess the effectiveness of the implemented remediation. 

Our recommendations to reporting entities:

  • You are responsible for your own compliance with the audit requirements so you should plan and book your audit in advance.
  • Conduct research when choosing an auditor to make sure they are independent, suitably qualified and right for your business.
  • The audit report may include actions that are required to rectify non-compliance. If so, we expect those to be addressed and how you respond to these issues is your responsibility. An auditor will normally give a recommendation to raise compliance, but you can also use resources available on our website to help you.

For more  information on audits, please read our Audit Guideline.