Information for Virtual Asset Service Providers

Register with us by clicking on the button below:

AML Online: Click here to register with us

Virtual Asset Service Providers Guideline (March 2020)

This guide and fact sheet is designed to help Virtual Asset Service Providers to develop awareness of money laundering and terrorism financing and build their compliance programmes to meet their obligations under the AML/CFT Act.

(Updated August 2023)

Financial Institutions Factsheet

Any financial institution, either existing or established after the introduction of the AML/CFT Act came into force on June 2013, that in the ordinary course of business carries on one or more of the financial activities captured by the Act, is a reporting entity and must comply with the legislation and regulations.

This factsheet outlines what financial institutions are required to do to meet their AML/CFT obligations.

Developing your Risk Assessment and Programme

AML/CFT Programme Guideline (updated October 2022)

The guideline is designed to help reporting entities develop their AML/CFT programme as required under section 56 of the AML/CFT Act.

Developing an AML/CFT programme is the next step after conducting a risk assessment. It involves developing the procedures, policies and controls to manage and mitigate money laundering and terrorism financing risks. A reporting entities AML/CFT programme must be based on their risk assessment.

Risk Assessment Guideline

The AML/CFT Risk Assessment Guideline is designed to help reporting entities conduct a risk assessment, as required under section 58 of the AML/CFT Act.

A risk assessment is the first step a business must take before developing an AML/CFT programme. It involves identifying and assessing the risks the reporting entity reasonably expects to face from money laundering and terrorism financing. Once a risk assessment is completed, a reporting entity must then put in place an AML/CFT programme that manages and mitigates these risks.

AML/CFT Risk Assessment and Programme: Prompts and Notes for DIA reporting entities (Prompts and Notes)

This guideline provides reporting entities with a series of questions, supervisory expectation, reference material and suggested best practice that will help guide their risk assessment and programme. It provides a starting point, which can be supplemented with more detailed information provided by DIA supervisors. This guideline can be used by all DIA-supervised reporting entities, both small and large.

This guideline is not mandatory. Reporting entities may choose to use alternative methodologies to conduct their risk assessment and develop their programme.

Terrorism Financing Risk Summary

Reporting entities must identify, assess, and mitigate their TF risks through their compliance programme. This risk summary provides an overview of Terrorism Financing risk factors relating to sectors supervised by the Department of Internal Affairs.

New Zealand remains exposed to Terrorism Financing risk; even small-scale financing within New Zealand could have significant impact. Terrorism financiers may manipulate New Zealand structures using methods similar to money launderers.

Financial Institutions Sector Risk Assessment – December 2019

The Financial Institutions Sector Risk Assessment (SRA) is a review of the characteristics of the sectors covered by the AML/CFT Act including remitters, virtual asset service providers, payment providers, lenders and other financial institutions. This document is intended to help AML/CFT supervisors understand the money laundering and terrorism financing risks across these sectors and assist reporting entities by providing guidance on the specific risks and vulnerabilities relevant to their business.

Guidance:  New AML/CFT regulations for Virtual Asset Service Providers (VASPs)  – July 2024

This guidance is designed to inform and assist virtual asset service providers (VASPs) of the various changes to the requirements of the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 and associated regulations. The new regulations relate to VASPs wire transfer, prescribed transaction reporting and occasional transaction requirements.

Guidance: New regulations for Virtual Asset Service Provider (PDF, 167KB)

Customer due diligence

In this section:

Beneficial Ownership Guideline (updated April 2024):

A key task in meeting the requirements of the AML/CFT Act is to identify and verify customers’ beneficial ownership arrangements. This guideline is to assist reporting entities in meeting the requirement to perform customer due diligence on the customer and beneficial owners of the customer.

Customer Due Diligence: Companies Guideline (updated April 2024):

Customer Due Diligence: Trusts Guideline (updated May 2024):

Customer Due Diligence: Limited Partnerships Guideline (NEW April 2024):

Customer Due Diligence Fact Sheets:

These fact sheets are designed to help reporting entities understand the identification and verification requirements for different types of customers. The fact sheets should be read in conjunction with the beneficial ownership guideline.

On 9 July 2021 the Anti-Money Laundering and Countering of Financing of Terrorism (Requirements and Compliance) Amendment Regulation came into force. The companies and partnerships guidance assists reporting entities to understand and implement the requirement to undertake customer due diligence for nominee directors and nominee general partners. 

Enhanced Customer Due Diligence Guideline (updated April 2024)

This guideline assists you to conduct enhanced customer due diligence (EDD) on your customers under the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 (the Act).

Outsourcing Customer Due Diligence

Outsourcing CDD typically occurs during the onboarding process for a new customer. While these providers can provide a useful service, we want to remind reporting entities that outsourced CDD does not exist in isolation from their wider CDD procedures and obligations.

Identity Verification Code of Practice

Amended Identity Verification Code of Practice 2013

On 10 October 2013 an Amended Identity Verification Code of Practice was gazetted under section 64 of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act). The amendments come into force on 1 November 2013.

Explanatory Note (updated August 2023)

The Explanatory Note clarifies requirements for electronic identity verification in accordance with the Amended Identity Verification Code of Practice 2013

This August 2023 update replaces the previous version published in July 2021.

Guidance on Expired Passports for Identification in Customer Due Diligence

This factsheet outlines how to use expired passports for identification purposes in accordance with the Amended Identity Verification Code of Practice 2013:

Factsheet: Birth Certificates with Redacted Information

This document outlines the position the AML/CFT Supervisors have taken on birth certificates with redacted information (other than name and date of birth) as a form of identification under the Identity Verification Code of Practice.

Statement of Kiwi Access Card

This document outlines the position the AML/CFT Supervisors have taken on the kiwi access card as a form of identification for the purposes of Identity Verification Code of Practice.

Annual reports

Annual Reports for Financial Institutions and Casinos - updated June 2021

The annual report is a requirement under section 60 of New Zealand's Anti-Money Laundering and Countering Financing of Terrorism Act 2009.

The User Guide: AML/CFT Report is designed to help reporting entities complete their annual reports. The form and content of the annual report is prescribed inthe Anti-Money Laundering and Countering Financing of Terrorism (Requirements and Compliance) Amendment Regulations 2017 – see schedule 2.

For more information about how to do this, including videos, see:

Audit Guideline

This guidance is to help reporting entities:

  • understand the AML/CFT audit requirements in terms of the AntiMoney Laundering and Countering Financing of Terrorism Act 2009; and
  • undertake an effective and credible audit of their risk assessment and AML/CFT programme.

This guidance will also be useful to persons who perform audits of risks assessments and AML/CFT programmes of reporting entities.

New regulations come into force on 9 July 2021 which will amend the audit timeframe from every 2 years to every 3 years. As of 9 July 2021, your next audit is due within 3 years of your last audit report. Please refer to the Audit section in the FAQs for further information on the audit timeframe change.

Please note that this guideline was created prior to the timeframe change from 2 years to 3 years so there will still be references to the outdated timeframe while we are in process of updating this document.

NZ Police Financial Intelligence Unit National Risk Assessment

The Financial Intelligence Unit of the New Zealand Police has released the National Risk Assessment (NRA) and a support document under the AML/CFT Act 2009.

The NRA is designed principally for the use of the Ministry of Justice, AML/CFT supervisors, and the New Zealand Customs Service. The NRA may also be useful to reporting entities in understanding the broader picture of money laundering and terrorist financing risks at a national level.

The NRA can be found on the Police website.

Territorial Scope of the AML/CFT Act 2009

This guideline is designed to help reporting entities understand the territorial scope of the AML/CFT Act and assist them to determine whether they have obligations under the Act.

Wire Transfers

This guideline is designed to help reporting entities understand the definition of wire transfer under the AML/CFT Act and sets out the minimum requirements for parties to a wire transfer.

Country Risk and Sanctions

This guideline is designed to help reporting entities supervised by DIA who deal with other countries:

  • assess the money laundering and terrorism financing risks related to those countries
  • determine whether a country has insufficient AML/CFT systems or measures in place
  • determine whether another entity is resident in a country with sufficient AML/CFT systems in place and supervised or regulated for AML/CFT purposes (for the purpose of forming a designated business group).

A general guideline produced in 2012 by the AML/CFT Supervisors for all reporting entities to decide when assessment of another country’s AML/CFT regulatory environment is required and how to undertake this assessment, is also available here.

Russia Sanctions

May 2024 Update

New guidance for circumstances where a duty holder has frozen the assets or blocked transactions of a customer under the Russia Sanctions Act 2022, where a duty holder may wish to provide a justification to their customer for their actions.

New Guidance note: For Russian Sanctions Act duty holders (PDF, 100KB)

September 2023 Update

Duty holders for AML/CFT purposes are also duty holders under the Russia Sanctions Act 2022. The Act imposes three types of obligation on duty holders.

Read more here: Russia sanctions update for DIA- duty holders

March 2022 Update

Te Tari Taiwhenua Department of Internal Affairs, the Financial Markets Authority and Reserve Bank of New Zealand have issued this joint guidance for reporting entities in relation to the Russia Sanctions Act 2022: Impact of Russia Sanctions on AML/CFT reporting entities (PDF, 429KB)

More information on the 2022 update can be found here: Russia Sanctions Act

Designated Business Groups Guidelines

Designated Business Group - Scope Guideline (updated October 2022)

This guideline is designed to assist reporting entities to understand which obligations may be shared by members of a designated business group.

This October 2022 update replaces the previous version published in 2017.

Designated Business Group - Formation Guideline (updated October 2022)

This guideline is designed to help reporting entities understand the process for forming a Designated Business Group. This guideline also explains the process for notifying an AML/CFT supervisor about the formation of, or change to, a designated business group and provides the forms for doing so.

This October 2022 update replaces the previous version published in 2020.

NZ Financial Intelligence Unit (FIU)

Please visit https://fiu.police.govt.nz if you require goAML assistance with:

  • How to register a new entity
  • How to register a new user to an existing entity
  • Useful frequently asked questions

Once logged into goAML further guidance and e-learning training is available by selecting the “?” icon on the blue task bar.

For further information go to:

Frequently Asked Questions