AML/CFT regulations arrive

  • Legal update

    04 July 2023

AML/CFT regulations arrive Desktop Image AML/CFT regulations arrive Mobile Image

On Friday 30 June, the Ministry of Justice’s webpage was updated for the long-awaited amendment regulations (Regulations) under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act), which are now made and Gazetted. Additionally, expiring parts of the Anti-Money Laundering and Countering Financing of Terrorism (Class Exemptions) Notice 2018 were extended. 

Who needs to read it and why?

As anticipated, the Regulations bring the most significant set of changes to the AML/CFT regime since the incorporation of the Phase 2 entities. They should be carefully read by: 

  • all existing reporting entities under the AML/CFT Act, to understand the impact on their treatment by the regime;
  • service providers that keep or administer virtual assets and entities relying on the online auctions exemption, who may be brought under the regime; and
  • other persons with an interest in financial inclusion and/or innovation in the financial sector more generally, as the application of the AML/CFT regime has significant implications there.

Reporting entities (current and future) will need to be across all of these changes to ensure they are compliant with the AML/CFT regime – the consequences of not being so can be significant.

What does it cover?


The Regulations are the latest development in the ongoing reforms to the AML/CFT regime, following the Statutory Review released November last year.  They cover a broad range of areas within the AML/CFT regime, amending each of the main sets of regulations under the AML/CFT Act (see below for links).

Broadly, the changes in the Regulations can be divided into immediate regulatory relief (commencing 31 July 2023), new obligations for existing reporting entities (commencing 1 June 2024), and extending the coverage of the regime (commencing 1 June 2025). 

While we will not step through the roughly 80 regulations added or amended in detail, key changes to look out for in these different stages include:

31 July 2023:
  • adjusting the definition of a beneficial owner, to only include “a person on whose behalf the transaction is conducted that is a customer of a customer” if that person has “ultimate ownership or control of the customer”;
  • declaring persons that “provid[e] safekeeping or administration of virtual assets on behalf of any person” to be financial institutions (and thus reporting entities) – although without the express “virtual asset service provider” definition of the earlier draft;
  • declaring persons “that, in the ordinary course of a non-finance business…transfe[r] money on behalf of a customer to facilitate the purchase of goods or services by the customer” to not be financial institutions, replacing the previous exemption that declared them to not be reporting entities as a whole;
  • clarifying the “stored value instrument” concept (e.g. around its exemption), including to be clear that they can be intangible but also cannot be instruments that store virtual assets;
  • clarifying when customer due diligence (CDD) needs to be carried out where non-regulated services have already been provided;
  • clarifying reporting obligations for designated non-financial businesses or professions (DNFBPs) making or receiving prescribed transactions from or into a trust account held with another reporting entity;
  • defining who the customer will be for a number of kinds of reporting entity;
  • declaring wire transfers of $1,000 or more outside of business relationships to be occasional transactions;
  • declaring financial institutions that also manage client funds to not also be trust and company service providers (and thus DNFBPs);
  • exempting corporate trustee or nominee company subsidiaries from the regime where their activities are covered by their parents’ AML/CFT compliance programmes;
  • exempting small loans that cannot be repaid in cash made by charitable entities;
  • extending the exemptions for court-appointed liquidators to those appointed under the Limited Partnerships Act 2008, and adding some exemptions for non-court-appointed liquidators;
  • removing the previous exemption for trust accounts (likely following the beneficial ownership changes); 
  • defining “a country that has insufficient anti-money laundering and countering financing of terrorism systems or measures in place” to “includ[e] a country identified by the Financial Action Task Force as being a high-risk jurisdiction subject to a call for action”; and
  • declaring Entain New Zealand Limited to be a reporting entity, while extending some of TAB NZ’s exemptions to it (due to a partnership arrangement between the two);
1 June 2024:
  • declaring virtual asset to virtual asset and virtual asset to fiat currency (or vice versa) transfers to be wire transfers, that should also be treated as international wire transfers “unless satisfied that all the parties to the wire transfer are in New Zealand”;
  • declaring virtual assets transactions of $1,000 or more outside business relationships to be occasional transactions;
  • declaring the deposit, withdrawal, exchange, or transfer of virtual assets to be a transaction for the purposes of the AML/CFT Act;
  • adding conditions for some kinds of reliance under the AML/CFT Act;
  • expanding the information that must be collected for standard CDD, including for ongoing CDD and account monitoring;
  • expanding the information that must be collected for international wire transfers, including those less than $1,000;
  • clarifying when enhanced CDD must be carried out where simplified CDD would otherwise apply or otherwise within business relationships;
  • expanding the required details of AML/CFT compliance programmes;
  • adding an obligation to review risk assessments to take account of new or developing technologies or products before they are used;
  • clarifying that reporting entities that fall under multiple categories of reporting entity must comply with the regime in respect of each;
  • extending prescribed transaction reporting obligations to money or value transfer service (MVTS) operators making funds available to a beneficiary of an international wire transfer by depositing physical cash into a bank account;
  • removing the exemption for intermediary institutions from having to make prescribed transaction reports for non-bank MVTS operators;
  • requiring some suspicious activity reports to also be provided to foreign financial intelligence units; and
  • prohibiting correspondent banking relationships with North Korean banks; and
1 June 2025:
  • adding a requirement to risk-rate customers as part of CDD; and
  • replacing the previous online auctions exemption with a narrower exemption for certain transactions with online marketplaces.

The Regulations can be found at the following links:

We have previously discussed the earlier draft of the Regulations that was consulted on (as well as the subsequent removal of some proposed changes from them), the Statutory Review that gave rise to them, and the Financial Action Task Force Mutual Evaluation of New Zealand that the Statutory Review followed.

Class Exemptions Notice

In addition to the Regulations, the Anti-Money Laundering and Countering Financing of Terrorism (Class Exemptions) Amendment Notice 2023 came into force on 30 June 2023. For the most part, this renews the various class exemptions that would have expired then until a new expiry date of 31 December 2024, in addition to adding a phase-out period for some aspects of the managing intermediary exemptions (likely intended to align with beneficial ownership changes in the Regulations). 

Removed changes 

In addition to the 6 proposed changes removed from the draft Regulations in May, the Ministry’s website has been updated to identify an additional 6 that have since been removed, namely those:

  • requiring border cash reports when moving stored value instruments (such as vouchers and gift cards) and casino chips into or out of New Zealand;
  • exempting a person receiving accompanied cash (i.e. cash accompanied by a person) from having to submit a border cash report;
  • enabling MVTS operators and their agents/sub-agents to disclose information relating to suspicious activity reports to each other;
  • prescribing the process that reporting entities must follow when conducting enhanced CDD on trusts (i.e. lessening the compliance obligation where the level of risk permits);
  • simplifying CDD requirements with respect to delegation by senior managers of customers; and
  • enabling members of a designed business group to share a compliance officer (shifting this into regulations from a class exemption).

As with the earlier 6, these further removals are explained as needing changes to primary legislation (i.e. the AML/CFT Act) rather than regulations. Consequently, these also do not appear to reflect a change in policy or intention, although the timeframe for legislative change is inherently longer than for regulatory change (and, taking into account the Parliamentary process, may take 1-2 years).

Our view

We support the consultative approach the Ministry has taken with developing the Regulations, and recommend it be continued for future developments. The principles- and risk-based approach of the AML/CFT regime in particular makes the calibration of obligations and their practical consequences crucial, and the industry has a great deal of insight there.

A number of points of ambiguity in the regime will become clearer once the Regulations are in effect – for instance, where reporting obligations sit for international wire transfers where multiple kinds of reporting entity are involved (e.g. around trust accounts), and the position of intangible stored value instruments or certain kinds of virtual asset service providers, have long been a source of confusion. Entities operating in those spaces have been eager for there to be clarity in either direction, so the Regulations should be a welcome addition.

However, most reporting entities will need to make material changes to their compliance documents and practices, which will inevitably require an investment of time and cost. We encourage all reporting entities (or entities likely to become reporting entities) to determine what will be required of them as soon as possible, so that changes can be operationalised as conveniently and efficiently as possible. Especially for the changes that come into force in a year or two, given that time period we anticipate the supervisors will expect reporting entities to be ready to comply as soon as they do come into force. 

We support the staged approach to the Regulations, coming into force in waves over the next 2 years. In particular, having some of the regulations now come into force in 2025 (which was not the case in the earlier draft of the Regulations) will be very useful for reporting entities to be able to work through how to bring their operations into compliance – in particular, the requirement to risk-rate all customers will be a significant amendment for most, and the exemption changing from (broadly defined) online auctions to (narrower) online marketplaces has the potential to pull into the regime entities that previously were entirely outside it.

While we understand the need to delay some changes due to requiring a legislative, rather than a regulatory, vehicle, it is unfortunate that some of the most eagerly-awaited changes in the earlier draft of the Regulations (for instance, the relaxation of address verification requirements and the enhanced CDD obligations in relation to trusts) are among them.

What next?

The first stage of the Regulations will come into force in less than a month, on 31 July 2023. This will be followed over the next 2 years by the second (1 June 2024) and third (1 June 2025) stages.

The Regulations are themselves only the first step in intended reforms to the AML/CFT regime. The Ministry has indicated that work is underway towards medium- and long-term changes, including operational changes (such as supervisor guidance), further regulatory change that first needs more policy work, and amending the AML/CFT Act itself (including the 12 changes removed from the draft of the Regulations).

We recommend affected entities move quickly (if they have not done so already) to identify the impacts on them and what they will need to do to update their compliance documents and practices.

If you have any questions about the Regulations, the wider reform process, or the AML/CFT regime more generally, please contact one of our experts.


This article was co-authored by Sam Short, a Senior Solicitor in our Banking and Financial Services team.