FMA announces escalation in AML/CFT enforcement approach

The Financial Markets Authority (FMA) today announced an escalation in its approach to enforcement for noncompliance with the New Zealand anti-money laundering and countering financing of terrorism (AML/CFT) regime.  In doing so, the FMA referred to its latest AML/CFT monitoring insights report, for the period of July 2018 to June 2021 (Monitoring Report).

The FMA’s media release and the Monitoring Report can be found on the FMA’s website.

Who needs to read it? Why?

The Monitoring Report will be of particular interest to the many reporting entities supervised by the FMA, as well as their advisers.  It not only provides a clear indication of the approach the FMA intends to take in enforcing the AML/CFT regime, but also sets out examples of what the FMA considers good and unsatisfactory practice in respect of key obligations.  In fact, the FMA expressly encourages reporting entities to review the Monitoring Report’s findings and observations and update their policies, procedures, and controls as appropriate.

As part of the wider shift in supervisory approach in respect of this regime, it may also be relevant to other reporting entities.

What does it cover?

The FMA’s media release makes clear that, 8 years in, the AML/CFT regime is now very much a mature and established regime.  This means that reporting entities are expected to understand and comply with their obligations under the regime, and there will be less tolerance shown where they have failed to do so.

This change in supervisory attitude was identified as the reason behind the increase in enforcement actions, having risen from 1 public warning and 17 private warnings in the Monitoring Report’s 2016-2018 predecessor to 3 public warnings, 24 private warnings, and the FMA’s first High Court proceedings (which we have previously discussed).

Across the 60 monitoring reviews carried out by the FMA, there were 363 findings that required remedial action.  The Monitoring Report contains a breakdown of the key areas of noncompliance the FMA found, with (for example) 34% relating to AML/CFT compliance programmes and 21% relating to risk assessments.  Some of this noncompliance related to basic requirements under the regime, a fact that the FMA expressed particular disappointment about.

The Monitoring Report steps through the different areas of noncompliance and discusses not only what the FMA found, but also its expectations and a comparison of good and unsatisfactory practice.  While the full detail is beyond the scope of this release, some points that stand out include:

  • specific reference to electronic identity verification being increasingly used by reporting entities and the need to clearly and sufficiently explain how these processes will satisfy the relevant obligations (as set out in the Amended Identity Verification Code of Practice 2013 and its updated explanatory note, which we have previously discussed) – including, for example, whether there is a mechanism to link a customer to their claimed identity;
  • a reminder that the boards and senior management of reporting entities should maintain oversight over AML/CFT compliance;
  • that 22 of the (27 total) formal warnings related to failures to have an audit done within the required timeframe; and
  • that suspicious activity reports submitted to the Financial Intelligence Unit have more than doubled since 2013, but those submitted by FMA reporting entities increased more than tenfold.

Reference was also made to the Financial Action Task Force’s latest Mutual Evaluation of New Zealand’s AML/CFT regime earlier this year (our discussion of which can be found on our website).

Our view

This media release and the Monitoring Report reinforce the observation we have made in numerous previous alerts that the AML/CFT enforcement environment is becoming increasingly strong.

The supervisors (as stated in the Monitoring Report) still encourage reporting entities to seek guidance from them, and have not disavowed the collaborative approach of assisting reporting entities that fall short of compliance in reaching it.

However, where requirements have not been met, the supervisors have indicated (and, in many cases, proved) that they are willing to be assertive and make use of the range of enforcement mechanisms available to them.

This underscores the necessity for all reporting entities of ensuring full compliance with the complete range of AML/CFT requirements.  These are serious and intensive obligations, and underestimating or insufficiently prioritising them is increasingly likely to bring severe consequences.

What next?

The media release indicates that the FMA intends to continue its monitoring of its reporting entities’ processes, including some specific assessments targeted at particular components (for instance, how new customers are added).  Reviews, both desk-based and onsite, are intended to be longer, allowing more in-depth assessment.

It will also continue monitoring the financial advice sector, given the new regime in place there and the fact that this captures almost two-thirds of FMA reporting entities, to see if the new regime has materially impacted the sector’s money laundering or terrorism financing risk.

If you have any questions in relation to the enforcement approach of the FMA or the other AML/CFT supervisors, or the AML/CFT regime more generally, please contact one of our experts.

Who can help