Services

Consulting & Advisory

We work with you to implement an effective AML/CFT Risk Assessment and Programme, including policies, procedures and controls that are tailored and functional to your business. Or provide a template AML/CFT Risk Assessment & Programme, including a user guide so you can tailor it to your business.

At One AML, we understand that each organisation faces unique challenges and requires specific, ad-hoc AML advice to effectively manage these risks. Talk to us today.

Checklist Icon
Consult

Bespoke AML/CFT Risk Assessment and Programme.

Message Icon
Advisory

Ad hoc AML advice

Click interface Icon
Consult +

Bespoke AML/CFT Risk Assessment and Programme, and video guide for implementation into your business..

Message Icon
Advisory +

AML hot line, AML advice, and an annual update to your AML/CFT Risk Assessment and Programme.

Award checklist Icon
Premium Consult Premium

Bespoke AML/CFT Risk Assessment and Programme, SAR, training, vetting, reporting registers and a video guide or personal walkthrough for implementation in your business.

Trophy with message Icon
Advisory Premium

AML hot line, AML advice, and an annual update to your AML/CFT Risk Assessment, Programme. Tailored in-person or team AML training. Regulator and industry updates via news letter.

Consultancy Packages

Consult
POA

AML/CFT risk assessment and programme.

  • AML/CFT Risk Assessment
  • AML/CFT Programme
Consult +
POA

AML/CFT risk assessment, programme and video guide for implementation into your business.

  • AML/CFT Risk Assessment
  • AML/CFT Programme
  • Video walkthrough
Consult Premium
POA

AML/CFT risk assessment, programme, SAR, training, vetting, reporting registers and a video guide or personal walkthrough for implementation in your business.

  • AML/CFT Risk Assessment
  • AML/CFT Programme
  • Virtual consult
  • Video walkthrough
  • Registers SMR, IFTI/TTR, Vetting, Training and Others

Advisory Packages

Advisory
POA

Ad hoc AML advice.

  • Hotline
  • Dedicated hours per month
  • Basic advice
Advisory +
POA

AML hot line, AML advice, and an annual update to your AML/CFT risk assessment and programme.

  • Hotline
  • Complex advice
  • Complex CDD due diligence
  • Yearly update of risk assessment and programme
  • AML training
Advisory Premium
POA

AML hot line, AML advice, and an annual update to your AML/CFT risk assessment and programme. Tailored in-person or team AML training. Regulator and industry updates via news letter.

  • Hotline
  • Regulator registration assistance
  • Complex advice
  • Yearly update of risk assessment and programme
  • Quarterly update of regulatory updates
  • AML training
  • Virtual AMLCO advice
  • Other

We’re qualified to audit all Phase 1 and 2 reporting entities.

Accounting

The easy access and wide geographic spread of accounting services, coupled with accountants' gatekeeper role and use in every phase of ML/TF.

Financial Services

Domestic and international evidence suggests that financial institutions are vulnerable to ML/TF. The Act. and regulations place obligations on New Zealand’s financial institutions to detect and deter ML/TF.

Law

The easy access and wide geographic spread of legal services, coupled with lawyers’ gatekeeper role and use in every phase of ML/TF.

Other Captured Sectors

Other industries that are widely spread and easy to access by ML. The nature of these industries lends itself to all stages of ML/TF.

Real Estate

The use of real estate in ML/TF is well-known and demonstrable. FIU research indicates real estate is the ML asset of choice.

Virtual Assets / Crypto

The easy access and wide geographic spread of VASP services, coupled with their pseudo-anonymous nature and use in every phase of ML/TF.

Consulting & Advisory FAQ

What is money laundering?

Money laundering describes the process by which criminals make ‘dirty’ money obtained from their criminal activities look legitimate, or 'clean'. They aim to make this dirty money look like it has come from a legitimate source, and therefore difficult to connect with its criminal past. Once that is achieved, criminals can introduce their dirty money into the financial system undetected. From there, the money can be transferred between bank accounts or financial products in New Zealand or abroad or used to purchase goods and services.

What is terrorist financing?

Terrorist financing is the financial support of terrorists or those who encourage, plan or engage in terrorism. Terrorist financing may involve funds raised from legitimate sources, such as personal donations and profits from businesses and charitable organisations. It may also be drawn from criminal sources, such as the drug trade, the smuggling of weapons and other goods, fraud, kidnapping and extortion. People who finance terrorism often use similar methods and tools to those used for money laundering.

What are regulations, codes of practice and guidelines?

Regulations - These contain minimum standards and thresholds. They are mandatory and must be followed. The regulations also contain several exceptions to the obligations under the Act. Codes of practice - These set out methods on how reporting entities can comply with their obligations. While not mandatory, they can provide a defense against charges of non-compliance (a 'safe-harbour'), if followed correctly. A reporting entity that fully complies with the code will be compliant with the relevant parts of the legislation. If a reporting entity decides to opt-out of all, or part of, the code, it is required to have provided written notification to its supervisor. This notification states that the reporting entity has opted out of compliance with all, or part of, the code, and intends to satisfy its obligations by some other equally effective means. Guidelines - These outline other non-binding guidance from supervisors.

What is a risk assessment?

Reporting entities are required to assess the money laundering and financing of terrorism risk that they may reasonably expect to face in the course of their business. In making this assessment, the AML/CFT Act requires a reporting entity to consider: the nature, size and complexity of its business the products and services it offers the methods by which it delivers products and services to its customers the types of customers it deals with the countries it deals with the institutions it deals with any guidance material produced by supervisors any other factors that are set out in regulations. Reporting entities also need to consider whether any of their products involve new or developing technologies that may favour customer anonymity. The AML/CFT Act also specifies that reporting entities must consider particular activities, such as wire transfers and correspondent banking relationships. Guidelines have been published to help reporting entities develop their own risk assessment. The Countries Assessment guideline will help you develop procedures on the assessment of risks associated with the countries you deal with, when you need to undertake this assessment and how to approach the assessment.

What is an AML/CFT programme?

An AML/CFT programme sets out a reporting entity's internal policies, procedures and controls to detect money laundering and financing of terrorism and to manage and mitigate the risk of it occurring. The programme must be in writing and be based on its risk assessment. Certain elements of a programme are specifically required by the Act, including: vetting senior managers and AML staff training senior managers and AML staff customer due diligence, including enhanced CDD and simplified CDD suspicious activity reporting monitoring and record-keeping monitoring and managing compliance with the AML/CFT programme. Risk-based systems and controls should be based on the nature, size and complexity of a reporting entity's business, along with any money laundering and financing of terrorism risks it may face.

When do I need to have my audit completed?

Three years is the default timeframe only – The Supervisor will notify you if your audit is required more or less frequently than the default timeframe, or at any other time when requested under section 59(2) of the AML/CFT Act.

What does an independent audit involve?

The AML/CFT Act requires that: An independent audit must be conducted every 3 years (or earlier if required by your supervisor). The auditor must be independent and appropriately qualified to conduct the audit. This does not necessarily mean the person has to be a chartered accountant or qualified to undertake financial audits. The auditor must not have been involved in the establishment, implementation or maintenance of the reporting entity’s AML/CFT programme; or the undertaking of the reporting entity’s risk assessment. An AML/CFT audit does not have to meet auditing and assurance standards set by the External Reporting Board (XRB). Your independent audit is a systematic check of your risk assessment and programme by an independent and suitably qualified person. It should advise whether: you meet the minimum requirements for your risk assessment and programme; your programme was adequate and effective throughout the specified period; and whether any changes are required.

What is an AML/CFT compliance officer?

Section 56(2) of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act) stipulates that a reporting entity must designate an employee as a Compliance Officer to administer and maintain its AML/CFT programme.

What are PEPs?

Politically-exposed persons (PEPs) are individuals who, by virtue of their position in public life, may be vulnerable to corruption. The definition of a PEP can be found in Section 5 of the AML/CFT Act. The New Zealand legislation currently limits this concept to foreign PEPs, and does not include domestic PEPs, ie persons who hold or have held public offices in New Zealand. Reporting entities are required to give specific consideration to the risks involved with PEPs and should: have procedures in place to determine whether a customer or a beneficial owner of a customer, is a PEP or a close associate of a PEP obtain senior management approval for establishing or maintaining business relationships with PEPs take reasonable measures to establish the source of wealth and source of funds of PEPs conduct enhanced, ongoing monitoring of the business relationship.

What is a designated business group (DBG)?

Entities that are eligible may choose to form a designated business group (DBG). This enables the entities to share a risk assessment and some, but importantly not all, aspects of their AML/CFT programmes. Guidelines have been published to help reporting entities decide whether they are eligible to form a DBG. The DBG scope guideline outlines the obligations that may be shared by members of a DBG. The DBG formation guideline highlights the eligibility criteria and election process when forming or joining a DBG. It also explains the process for notifying an AML/CFT supervisor about the formation of, or change to, a DBG and provides the forms for doing so. There will be occasions where the business of a DBG will be split between more than one supervisor. In these circumstances, supervisors will agree on who would be the best supervisor for the group. This may depend on where the majority of the DBG business lies.

What is customer due diligence (CDD)?

CDD involves: a) gathering information about customer identity b) verifying a customer's identity, to ensure the customer is who they say they are. In most cases, reporting entities will also need to establish and verify the identity of any beneficial owner, meaning the individual who ultimately owns or controls the customer or on whose behalf a transaction is conducted. CDD also involves establishing and verifying the identity of any person who acts on behalf of a customer.

What is ongoing CDD?

Ongoing CDD means regularly reviewing customer information and having systems to conduct account monitoring. Under section 31 of the AML/CFT Act ongoing CDD is required to ensure the ongoing business relationship is consistent with the reporting entity's knowledge about the customer's business and risk profile and to identify grounds for reporting any suspicious transaction. This is required for all customers, including existing customers.

What do I need to do for Standard CDD?

When undertaking standard CDD, you must obtain: (a) the person’s full name; and (b) the person’s date of birth; and (c) if the person is not the customer, the person’s relationship to the customer; and (d) the person’s address or registered office; and (e) the person’s company identifier or registration number; and (f) any information prescribed by regulations.You must do this for your customer, any beneficial owner of your customer and any person acting on behalf of your customer. For your customer, you must then take reasonable steps to verify this information to be satisfied it is correct. You must also, according to the level of risk involved, take reasonable steps to verify the identity of any beneficial owners, and to verify the identity and authority of any person acting on behalf of your customer.