Top 5 Preventive Money Laundering Practices for NZ Businesses

It’s estimated that over $1 billion a year is generated from criminal activity, laundered through New Zealand businesses. This puts both our country’s reputation and economy at risk. The Anti-Money Laundering and Countering Financing Terrorism (AML/CFT) Act ensures that businesses take appropriate measures to guard against money laundering and terrorism financing.

How do you prevent Money Laundering?

The AML/CFT Act imposes obligations designed to ensure that businesses have suitable policies,procedures and controls in place to not only detect money laundering but also deter or prevent criminals from committing illegal activities in the first place.

Failing to implement appropriate measures puts your business at risk of non-compliance with the AML/CFT Act and negative regulatory attention.

We’ve compiled the top 5 AML practices that will help prevent money laundering (and help ensure you meet your obligations under the AML/CFT Act):

1. Vetting and Training Staff


Vetting involves adequately checking ‘an employee’s background to make sure they are who they say they are, checking they are suitably qualified, ensuring that the information they have provided is correct and they do not pose an ML/TF risk to your business. Senior managers, your compliance officer, and any other employees who have AML/CTF duties should be vetted to a high standard and at a level appropriate to the risks involved with their different roles. This practice helps you avoid hiring a person who may use your business (or allow their associates to use your business) for money laundering or financing of terrorism.


All employees involved in AML/CFT duties should also be appropriately trained at the start of employment and at a minimum on an annual basis. This is to ensure they understand your company’s AML/CFT policies, procedures and controls, the checks they should make when dealing with customers or transactions, what to look out for, and how to report suspicious matters.

2. Conducting Customer Due Diligence

Customer Due Diligence involves collecting customer data to identify and verify customers, beneficial owners, or persons acting on behalf of the customers. This practice allows you to check people are who they say they are and determine the risk profile of a customer or transaction. It is also an obligation under the AML/CFT Act. The level of customer due diligence required for a new customer will depend on the level of AML risk identified.

Standard CDD for people assessed as low to medium risk involves collecting:

  • the person’s full name; and
  • the person’s date of birth; and
  • if the person is not the customer, the person’s relationship with the customer; and
  • the person’s addressor registered office; and
  • the person’s company identifier or registration number.

You must then take reasonable steps (actions that are proportionate and suitable given the risks involved and the obligations in the AML/CFT Act) to verify this information.

For higher-risk customers or transactions, enhanced CDD should be carried out, which includes identifying and verifying the source of wealth or source of funds.

3. Ongoing CDD and monitoring

CDD is not just a one-off obligation. While transactions or customers may not initially appear suspicious, they may reveal a pattern of behaviour over an extended period or a sudden change in behaviour that necessitates a change to a customer’s risk profile. Ongoing CDD should be periodically conducted throughout a business relationship or when there is suspicious activity to ensure that customers’ transactions are consistent with their established risk profiles.

The AML/CFT Act requires businesses to conduct CDD when there is a “material change” in the nature or purpose of the business relationship with an existing customer.

Note: ‘Material change’ is not defined in the AML/CFT Act. The supervisors’ AML/CFT Programme Guidance adopts a working definition of “an event, activity or situation that you identify that could change the level of money laundering or terrorism financing risk”.

4. Keeping Financial Records For At Least 5 Years

Keeping records that enable you to readily recreate a transaction for at least five years is an important AML practice. It is also a requirement under the AML/CFT Act.

In addition to records of transactions, you must keep:

  • all customer due diligence (CDD) verification records,
  • all records relevant to the establishment of or obtained during a business relationship with a client, for example, correspondence with a client and any notes or written findings you have made,
  • all records relating to your risk assessments, AML/CFT programmes, and independent audits.

For complex, unusually large, or patterned transactions, you are required to examine them in detail and keep written findings.

5. Reporting Suspicious Activities and Prescribed Transactions

Suspicious Activity Reporting (SAR)

Suspicious activity reporting is a key tool for detecting and preventing money laundering. This information is analysed by the New Zealand Police Financial Intelligence Unit (FIU) to determine if further criminal investigations are required.

Example indicators of suspicious activity include:

  • complex or unusually large transactions out of step with what you’d expect from the customer
  • unusual patterns of transactions or activity that have no obvious business or legal purpose
  • any other activity that appears to be or you suspect to be related to criminal activity

Prescribed Transactions

All businesses covered by the AML/CFT Act must report international wire transfers of NZD 1,000 or more and physical cash transactions over NZD 10,000 to the FIU.

This makes it more difficult for criminals to use multiple small transactions, senders, or recipients to avoid detection.

6. Scheduling Regular External Audits

It’s easy to become complacent. If everything seems to be running smoothly, why review or change what you are doing? But you may not realise you are not meeting your obligations or there is a problem until it is too late. By contrast, you may not realise you are doing unnecessary practices that are time-consuming or costly such as enhanced CDD investigations where standard CDD would suffice.

Under the AML/CFT Act, you are obligated to arrange an independent audit of your risk assessment and AML/CFT programme every three years. Making sure this is an external audit (e.g. not an employee) is the best way to protect your business from money laundering and ensure you are meeting your obligations.

An external auditor provides a fresh set of eyes, a wealth of experience and knowledge of the AML/CFT Act and application in your industry and ensures you have appropriate measures in place to prevent money laundering. This not only increases efficiencies within your business but also minimises the risk of money laundering and/or negative regulatory attention.

How can One AML Audit help you prevent money laundering?

One AML Audit are independent and fully qualified AML/CFT Audit specialists. We work with you to provide actionable insights to help your business prevent money laundering and stay on top of AML/CFT requirements.

Book a free 15-minute consultation to see how we can help you implement AML practices here.