AML/CFT identity verification during COVID-19 lockdown

On Thursday 26 March 2020, the Reserve Bank of New Zealand, Financial Markets Authority and Department of Internal Affairs (together, the AML/CFT Supervisors) jointly released urgent guidance on how to comply with the verification requirements under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act) while New Zealand is subject to the COVID-19 Alert Levels and, in particular, the current national lockdown of Level 4 (COVID-19 Verification Guidance).

Who needs to read it?  Why?

The COVID-19 Verification Guidance will be relevant to all reporting entities that remain operating and anticipate needing to conduct any type of customer due diligence (CDD) while the COVID-19 Alert Levels are in effect.  It will also be of interest to reporting entities going forward when they encounter situations impeding usual verification practices.

What does it cover?

As part of initial or subsequent CDD, a reporting entity must collect prescribed information about their customers, as well as any beneficial owners, or persons acting on behalf, of their customers.  The precise nature of this information will depend on whether the CDD is simplified, standard or enhanced in nature.  In addition to obtaining this information, the reporting entity must also “take reasonable steps” to verify that it is correct, on the basis of “documents, data, or information issued by a reliable and independent source”.

The impetus for the COVID-19 Verification Guidance is that the COVID-19 Alert Levels will necessarily change how New Zealand reporting entities conduct their business, especially during the current national lockdown at Level 4 where non-essential services can only operate remotely.

In the COVID-19 Verification Guidance, the AML/CFT Supervisors are not suggesting anything new, but are instead trying to draw attention to existing mechanisms within the regime that could assist in carrying out CDD while interactions with customers are so limited.  Specifically, these are:

  • the ability under the AML/CFT Act to, following the prescribed risk-based approach, in certain circumstances not sight certain documents, or accept as an interim measure scanned copies thereof, for ongoing CDD and account monitoring;
  • the ability under the AML/CFT Act to delay identity verification until after a new business relationship is established and operational, where:
    • it is essential to not interrupt normal business practice;
    • ML/FT risks are effectively managed through other procedures (for example, the Supervisors expect transaction limitations to be put in place while verification remains outstanding); and
    • the verification is then completed as soon as is practicable; and
  • the ability under the Amended Identity Verification Code of Practice 2013 to carry out verification by non-face-to-face means, including:
    • the use of appropriate electronic verification options, with a linking mechanism or other additional measures to tie the electronic source to the person being identified; and
    • the reporting entity’s existing exception handling process (with a statement by the Supervisors that, because of the COVID-19 Alert Levels in place, “this is a time when exception handling measures would be suitable”).

Underlying this all is an emphasis on the continuing need for vigilance even in these abnormal times.  The usual risks remain, and in addition there may be those seeking to capitalise on the disruption in an attempt to get away with what they otherwise wouldn’t be able to.

Our view

Given the significant consequences of noncompliance with AML/CFT obligations, it was important to proactively make clear to reporting entities that they are still expected to fulfil their usual requirements.

At the same time, although the AML/CFT Supervisors are not making concessions around obligations during this period, this guidance provides a helpful reminder that the regime already contains options for reporting entities to carry out verification of identity information in nonstandard ways where that would be appropriate.  As well as assisting them during these particular circumstances, a greater awareness of these options may allow reporting entities to carry out identity verification more efficiently going forward, in other situations where standard processes are not feasible.

What next?

If you have any questions in relation to your business’s AML/CFT obligations, or the regime more generally, please contact one of our experts.

Who can help