Section 59 of the AML/CFT Act requires reviews of the AML/CFT risk assessment and programme in order to identify any deficiencies.
Save your time and resourcing by using ‘point and click’ regulatory technology. Examine 70+ hot-spots applicable to your AML/CFT compliance framework. The resulting report includes legislative references so you can independently check your obligations.
Completing the HealthCheck enables your firm to remedy weaknesses before breaches occur and strengthen outcomes of independent audits.
There are five primary areas of focus:
If the AML risk assessment is ineffective, the entire AML/CFT compliance framework is compromised and regulatory risk increases.
Due to the importance of an effective risk assessment, the New Zealand High Court received submissions from the DIA that the starting point for operating without an adequate AML/CFT business risk assessment should result in a maximum fine of $2,000,000!
The leading New Zealand case for determining pecuniary penalties for breaches of section 58 can be found in the High Court decision: Department of Internal Affairs v Qian DuoDuo Limited [2018] NZHC 1887. In guiding the Court the Crown Prosecutor advised:
This particular compliance failure is fundamental: the risk assessment guides a reporting entity’s business practices. If the underlying risk assessment is incorrect, then whatever practices the assessment recommends, even if those practices are in fact carried out, are unlikely to mitigate properly the risk of harm flowing from that reporting entity’s business.
CDD is a fundamental obligation under the Act – sufficiently so, that Parliament has mandated that the maximum penalty for failing to conduct CDD as required by subpart 1 of Part 2 carries a higher maximum penalty of $2 million. However, if the reporting entity’s ability to carry out the correct level of CDD obligations hinges almost entirely on undertaking the risk assessment correctly, then failure in relation to the underlying risk assessment should be seen as being equally egregious, if not more so, than compliance failures relating to CDD. Accordingly, the Department submits that, as a practical guideline, the maximum penalty for a failure to comply with s 58 should be treated in the order of $2 million.
There are three options for completing a risk assessment (1) use of internal resourcing, (2) advisory or consultancy services or (3) relying on regulatory technology.
Internal resourcing: Making use of internal resourcing will require the business to allocate employees away from core business activity and dedicate significant hours or weeks of research for report preparation. Attempts by businesses to take a DIY approach often fail to meet regulatory requirements.
Advisory or consultancy services: Appointing a 3rd party results in a number of information requests which disrupts business. Professional service fees can expect to be a minimum of $1,500.
Regulatory technology: Lexis Nexis found AML/CFT compliance spend is heavily skewed towards people-related costs, rather than technology. The report found that in order to reduce costs, the balance needs to shift compliance spend towards technology rather than people.
Their survey showed risk assessments was among the top three internal drivers of increased cost in AML compliance.
AML360 is committed to reducing anti-money laundering compliance costs.
