KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

namedate of birth

KYC to onboard international persons

addressnamedate of birth

corporate requirements

full nameaddresscompany identifierregistration number

National ID card name

No national identity card

Does the country have Esignature Laws?

Electronic Transactions Act 2002

E-sig law files

whole.html

What year did the relevant AML laws and regulations become effective?

2013

Further details on AML regime

The AMLCFTA came into effect on 30 Jun 2013.

Who is the regulator for AML controls for Banking

The Reserve Bank of New Zealand for banks, life insurers, and non-bank deposit takers

Link to site

http://www.rbnz.govt.nz/

Other financial Services

The Financial Markets Authority for issuers of securities, trustee companies, futures dealers, collective investment schemes, brokers, and financial advisers

Website of Regulator

http://www.fma.govt.nz/

Financial Sector regulator

http://www.dia.govt.nz/

Practical Guidance for AML

Yes, the The AML Supervisors provides guidance. The guidance includes the following matters which are more commonly accessed by AML Practitioners: AML Programme guideline, AML Risk Assessment guideline, Interpreting “ordinary course of business”, Amended Identity Verification Code of Practice, Auditing guideline, Countries Assessment Guideline, Beneficial Ownership Guideline:, User Guide: AML/CFT Report, Wire Transfers:, Territorial Scope of the AML/CFT Act 2009, and Designated Business Groups Guideline

Practical guidance PDF's

Services-Anti-Money-Laundering-Codes-of-Practice-and-Guidelines

Is there a requirement to verify the identity of customers retroactively?

Yes

Retroactive details

Under the AMLCFTA, reporting entities are required to conduct on-going Customer Due Diligence (“CDD”) (or “KYC”). Reporting entities are required to have “triggers” or similar built into their AML systems, to enable on-going CDD to be carried out. Specifically, reporting entities are required to re-verify existing customers where there is both a material change in the nature or purpose of the business relationship and the reporting entity considers that it has insufficient information on that customer. For anonymous accounts, a reporting entity is required to undertake standard customer due diligence when it becomes aware of existing anonymous accounts regardless of whether a material change in the nature or purpose of the business relationship has occurred.

Has the country been the subject of FATF mutal evaluation in the last 3 years?

A FATF Mutual evaluation Report was produced in October 2009 and There was also a second Follow up Report produced in October 2013 containing a detailed description of the actions taken by New Zealand in respect of all recommendations rated partially compliant or noncompliant in the 2009 Mutual Evaluation Report

PDF of FATF review

mutualevaluationofnewzealand.html

Are there minimum transaction thresholds (Y/N)

Yes

More details on minimum transaction thresholds.

Yes. Under AMLCFTA, occasional transaction thresholds have been established. These are thresholds at which customer due diligence will need to be carried out in respect of occasional transactions including but not limited to: a) those over NZD9,999.99 (approx. USD6,540); b) cash transactions in a casino that are for NZD6,000 (approx. USD3,924) or more; c) travellers’ cheques NZD5,000 (approx. USD3,270) ; d) money & postal orders NZD1,000 (approx. USD654); e) wire transfers NZD1,000 (approx. USD654); and f) foreign exchange transactions over NZD1,000 (approx. USD654).

What are the requirements for customer identification information for individuals

Individuals: The person’s full name, date of birth, (if the person is not the customer, the person’s relationship to the customer) and the person’s address and any information prescribed by regulations. The Amended Identity Verification Code of Practice 2013 requires an individual’s name and date of birth to be verified.

Details to be Collected on Corporates

Legal persons: Full name, (if the person is not the customer, the person’s relationship to the customer), address, company identifier or registration number and any information prescribed by regulations.

What are the high level requirements around beneficial ownership (identification and verification)?

A beneficial owner is an individual who satisfies any one element or any combination of the elements listed below: a) who owns more than 25% of the customer; b) who has effective control of the customer; and c) the person(s) on whose behalf a transaction is conducted. Beneficial ownership threshold level is set at 25% meaning that any individuals owning 25% (or more) of a customer would be subject to CDD requirements. Identifying beneficial ownership of a customer is an obligation that must be satisfied, regardless of the level of risk associated with the customer. However, when deciding what reasonable steps to take to satisfy yourself that the customer’s identity and information is correct, you may vary your approach depending on the risk assessment of the customer. The process for assessing customer risk and deciding how to identify and verify beneficial ownership should be set out in a Reporting Entity’s AML/CFT programme. Section 16 of the AMLCFTA states: A reporting entity must: a) take reasonable steps to satisfy itself that the information provided under section 15 of the AML/CFT Act is correct; b) according to the level of risk involved, take reasonable steps to verify any beneficial owner's identity so that the reporting entity is satisfied that it knows who the beneficial owner is; c) if a person is acting on behalf of the customer, according to the level of risk involved, take reasonable steps to verify the person's identity and authority to act on behalf of the customer so that the reporting entity is satisfied it knows who the person is and that the person has authority to act on behalf of the customer; and d) verify any other information prescribed by regulations.

What circumstances are enhanced customer due diligence measures required?

Under AMLCFTA a reporting entity must conduct enhanced customer due diligence in accordance with sections 23 and 24 of the Act in the following circumstances: a) if the reporting entity establishes a business relationship with a customer that is: a. a trust or another vehicle for holding personal assets; b. a non-resident customer from a country that has insufficient anti-money laundering and countering financing of terrorism systems or measures in place; or c. a company with nominee shareholders or shares in bearer form; b) if a customer seeks to conduct an occasional transaction through the reporting entity and that customer is: a. a trust or another vehicle for holding personal assets; b. a non-resident customer from a country that has insufficient anti-money laundering and countering financing of terrorism systems or measures in place; or c. a company with nominee shareholders or shares in bearer form; c) if a customer seeks to conduct, through the reporting entity, a complex, unusually large transaction or unusual pattern of transactions that have no apparent or visible economic or lawful purpose; or d) when a reporting entity considers that the level of risk involved is such that enhanced due diligence should apply to a particular situation; or e) any other circumstances specified in the regulations. Wire Transfers: A reporting entity must conduct enhanced due diligence in accordance with Section 27 and 28 of the Act if it is an ordering institution, an intermediary institution, or a beneficiary institution in relation to a wire transfer. New/developing technologies: A reporting entity must conduct enhanced due diligence in accordance with Section 30 if: a) it establishes a business relationship with a customer that involved new or developing technologies, or new or developing products, that might favour anonymity; or b) a customer seeks to conduct an occasional transaction through the reporting entity that involves new or developing technologies, or new or developing products, that might favour anonymity.

How should FI's deal with Politically exposed persons

AMLCFTA requires foreign Politically exposed persons to undergo enhanced due diligence in accordance with Section 26 of the act if: a) it establishes a business relationship with a customer who it has determined is a politically exposed person; or b) a customer who it has determined is a politically exposed person seeks to conduct an occasional transaction through the reporting entity.

What enhanced due diligence must be performed for correspondent banking relationships?

Under Section 29 of AMLCFTA, the correspondent must: a) gather enough information about the respondent to understand fully the nature of the respondent’s business; b) determine from publicly available information the reputation of the respondent and whether and to what extent the respondent is supervised for AML/CFT purposes, including whether the respondent has been subject to a money laundering or financing of terrorism investigation or regulatory action; c) assess the respondent’s money laundering and countering financing of terrorism controls to ascertain that those controls are adequate and effective; d) obtain approval from its senior management before establishing a new correspondent banking relationship; e) document the respective AML/CFT responsibilities of the correspondent and the respondent; and f) be satisfied that, in respect of those of the respondent’s customers who have direct access to accounts of the correspondent, the respondent: a. has verified the identity of, and conducts ongoing monitoring in respect of, those customers; and b. is able to provide to the correspondent, on request, the documents, data, or information obtained when conducting the relevant customer due diligence and ongoing customer due diligence.

Are relationships with banks who might be considered a 'shell' and without substance permitted?

Yes, see section 39 AMLCFTA

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

Under AMLCFTA for non-face-to-face transactions, identity documents can be endorsed by one of a number of nominated persons (see A10).

To whom are SAR's made? (suspicious activity reports)

New Zealand Police’s Financial Intelligence Unit (FIU)

Link to website of SAR reporting

http://www.police.govt.nz/advice/businesses-and-organisations/fiu/about

Other Suspicious or unusual transactions obligations.

No. New legislation requiring the mandatory reporting of wire transfers over NZ$1000 (approx. USD654) is expected to come into force in 2017.

Are there any de-minimis thresholds below which transactions do not need to be reported?

No.

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Yes. It is an offence to: a) fail to report a suspicious transaction; b) provide false or misleading information; c) unlawfully disclose a STR; d) fail to keep adequate records in relation to filing of STRs; e) obstruct the investigation relating to a STR; f) disclose information in judicial proceedings; or g) structure transactions to avoid AML/CFT requirements. Penalties are: a) in the case of an individual, either or both of the following: a. a term of imprisonment of not more than two years, b. a fine of up to NZD300,000 (approx. USD196,200); and b) in the case of a body corporate, a fine of up to NZD5m (approx. USD3.2m). There are various other offences relating to non-compliance.

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

No, but it is encouraged. The FIU does not accept manual STR submissions. Submissions must be electronically submitted using “goAML”, the Police’s system, except in urgent circumstances

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

No.

Does the local legislation allow transactions to be monitored outside the jurisdiction?

No.

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

No. AML Risk Assessments and Programmes must be audited, but not necessarily by an external party. This applied to all Reporting Entities, which includes Banks. Section 59(5) of the Act outlines that a person appointed to conduct an audit must not have been involved in: a) the establishment, implementation, or maintenance of the reporting entity’s AML/CFT Programme; or b) the undertaking of the reporting entity’s risk assessment.

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

a Reporting entity is required to complete an annual report on the entity’s AML compliance and be submitted to the AML Supervisor (regulator). An audit must be conducted every two years, or at

To whom should the report on AML systems be submitted?

the Audit report is to be submitted to the reporting entity. The Entity must provide the audit opinion at the request of the supervisor. The annual report requires the entity to report the result (issues)

Is an AML system part of the financial statement audit?

not necessarily, but it could be.

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

The Act does not specify what the Audit (external report) should contain. The Supervisor guidance referred to above gives guidance. a) no, but testing is completed by PwC NZ in accordance with international auditing standards b) no, but testing is completed by PwC NZ in accordance with international auditing standards; and c) yes the audit is also of the reporting entity’s risk assessment.

Data Protection Laws And Personal Data

personal data is "Personal information" under the Act and defined as information about an identifiable individual; and includes information relating to a death that is maintained by the Registrar

Data Protection for Corporate Data

Data protection for "sensitive Data" and additional protections.

there is no separate definition of sensitive data. No differentiation is made between how different types of personal information are to be treated under the Act.

Do any restrictions on the transfer of credit reports exist?

The Privacy Commissioner is given the power to prohibit a transfer of personal information from New Zealand to another state, territory, province or other part of a country ("State") by issuing a transfer prohibition notice ("Notice") if it is satisfied that information has been received in New Zealand from one State and will be transferred by an agency to a third State which does not provide comparable safeguards to the Act and the transfer would be likely to lead to a contravention of the basic principles of national application set out in Part Two of the OECD Guidelines and set out in schedule 5A. There are further codes (enforceable by legislation) in place that prohibit some transfer of credit reports, criminal records and medical data. They are: a) Credit Reporting Privacy Code; b) Health Information Privacy Code; and c) Justice Sector Unique Identifier Code.

Regulator Acronym

RBNZ

Year of last FATF mutual evaluation

2009

Field 67

identity documents

National ID card details

No national identity card.

National ID source

N/A

Passport Photo

practical Guidance yes / no

Is there a risk based approach

Legal Requirement

Requirement to proceed

requirement to use automated suspicious transaction tools

Who are SARS made to?

FIU

shell banks

Yes

EDD for correspondent banking

Yes

Minimum transactions

NZD 6,000

Min transaction USD

3924

key restrictions

While the law does not exclude particular types of agreements, some agreements, like real estate transfer and wills, have additional requirements.

Summary

Yes, Section 8 provides that information will not be denied legal effect solely because it is in electronic form. Summary of law New Zealand's electronic signature law can be classified as permissive or minimalist. Under the law, parties to an agreement can freely agree on the type of signature to use, including simple electronic signatures. The primary requirements are that the parties agree on the forms of signature, and the electronic document remains readily accessible to the parties.

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

The previous regime was captured under the Financial Transactions Reporting Act 1996 (“FTRA”). Lawyers remain subject to the obligations in the FTRA.

Non financial sector (e.g. casinos, high value goods etc.)

The Department of Internal Affairs for casinos, non-deposit-taking lenders, money changers, and other reporting entities that are not covered by a) or b)

Does the country have a risk based approach?

The AMLCFTA requires a risk based approach.

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

Individuals: Name and date of birth can be verified by using one form of photographic identification including inter alia a passport, national identity card, New Zealand Firearms Licence, New Zealand Refugee Travel document or New Zealand Certificate of Identity. Alternatively, one form of non-photographic identification can be used in combination with a secondary or supporting form of photographic identification or a New Zealand Driving Licence can be used in conjunction with other forms of documentation which are itemised in the Code of Practice. Identification documents must be certified as a true copy by a trusted referee who is at least sixteen years of age and one of the following: a) commonwealth representative (as defined in the Oaths and Declarations Act 1957); b) member of the police; c) justice of the peace; d) registered medical doctor; e) Kaumātua (Kaumātua means Māori Elder and is as verified through a reputable source); f) registered teacher; g) Minister of religion; h) lawyer (as defined in the Lawyers and Conveyancers Act 2006); i) notary public; j) New Zealand Honorary consul; k) Member of Parliament; l) chartered accountant (within the meaning of section 19 of the New Zealand Institute of Chartered Accountants Act 1996); or m) a person who has the legal authority to take statutory declarations or the equivalent in New Zealand.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

Specialist advice will be required.

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

No specific bank secrecy laws.