sign up log in
Want to go ad-free? Find out how, here.

When a customer is conned by a fraudster & in an out of character move sends significant sums of money overseas, does a bank have any AML-CFT Act responsibilities?

Personal Finance
When a customer is conned by a fraudster & in an out of character move sends significant sums of money overseas, does a bank have any AML-CFT Act responsibilities?

By Gareth Vaughan

In what's unfortunately an all too familiar scenario it started with a cold call.

Mr X, who has agreed not to name, received a phone call from a very professional sounding individual touting investment opportunities. 

Mr X made an initial US$5,000 investment in what he thought were companies listed on the US Nasdaq share market. And as is usually the case in these scenarios, things initially appeared to be going well. Mr X was able to go online and keep an eye on his portfolio via a very professional looking website. Ultimately Mr X sent more than $230,000 overseas to, he thought, be invested in Nasdaq companies. Mr X didn't tell his wife and family and viewed the investment as a business project.

Mr X is an ASB customer and had a business development and relationship manager. Mr X made the overseas payments via a business savings account he set up to which he transferred money from another business account and from a family trust account. He had never transacted overseas before and ultimately made nine payments between May and October last year to what were apparently bank accounts in Malaysia and Japan.

The companies Mr X invested through were DCS Wealth Management, which claims to be based in Japan, and Bridge Capital Advisors, which claims to be based in Malaysia and has subsequently been the subject of a Financial Markets Authority warning, following an Australian Securities and Investments Commission warning last October, not long before Mr X realised something was wrong.

He realised something was amiss when he was asked to pay withholding tax for the US Internal Revenue Service, and around the same his wife, Mrs X, who has also agreed not to name, found out what had been going on and hit the roof.

Realising Mr X was the victim of fraud, the Xs approached ASB last November. The initial response of their business development and relationship manager was "everyone makes mistakes." Working with ASB, which contacted the recipient banks, the Xs managed to claw back about $30,000. As the Xs delved into what had happened, they were frustrated with an apparent lack of urgency on ASB's behalf, and frustrated at the role, or lack of a role, their business development and relationship manager had played.

With the assistance of an Anti-Money Laundering and Countering Financing of Terrorism Act (AML/CFT Act) compliance specialist, the Xs also started raising questions about ASB's responsibilities under the AML/CFT Act.

'The transactions were completed by an authorised signatory'

Ultimately ASB offered the Xs $500 compensation, with a customer care manager saying that whilst ASB had not contributed to their loss, there were gaps in its process that contributed to their frustration.

ASB told the Xs Mr X's transactions were not necessarily suspicious or unusual for a business account.

"These were completed by an authorised signatory in accordance with the mandate and all security requirements to process the transactions were satisfied," ASB said.

"In addition we note that disclosure of a suspicious transaction report or any information that discloses the existence of a suspicious transaction report to anyone other than the Police is expressly prohibited by the AML/CFT Act. This means the Bank could not disclose any information concerning a suspicious transaction report to a customer," ASB said.

"Based on the information available to us, there does not appear to be any indicators that the transactions in question related to either money laundering or the financing of terrorism."

Off to the Banking Ombudsman

The Xs, however, weren't satisfied and turned to the Banking Ombudsman. 

They were clear that the transactions involved in the investment fraud were unusually large and were to destinations Mr X had never sent funds to previously. They argue that under Section 31 of the AML/CFT Act a reporting entity, such as ASB, is expected to conduct ongoing customer due diligence and account monitoring.

And they note that under Section 57 of the AML/CFT Act reporting entities are required to put an AML/CFT programme in place. Among other things this should include procedures and controls for unusual patterns of transactions that have no apparent economic or visible lawful purpose, and any other activity that the reporting entity regards as being particularly likely by its nature to be related to money laundering or the financing of terrorism.

They wonder if ASB should have been concerned that Mr X could have been coerced or threatened. And under the police AML/CFT Act suspicious transaction guidelines point out that, as a general rule, a suspicious transaction will often be one that's inconsistent with a client's known activities and profile, or with the normal business expected for that type of client.

It's not clear what the money defrauded from Mr X was used for by the fraudsters. One possibility is the funding of terrorism. A police response to an Official Information Act (OIA) request from Mr X says they don't hold any records in regards to suspicious banking activities involving Mr X or his business. Thus it appears ASB didn't file any suspicious transaction reports.

Their complaint to the Banking Ombudsman has resulted in the Xs being offered $1,500 compensation in total, with the Ombudsman proposing $1,000 because ASB failed to act in a timely manner to recover their money.

"We found that the bank failed to act in a timely manner to recover the funds. These delays did not cause you any financial loss as unfortunately the funds were irrecoverable when you notified the bank about the fraud. However, we have no doubt the bank's actions exacerbated an extremely stressful situation. We have proposed compensation of $1,000 to recognise the distress caused by the recovery delays," Banking Ombudsman Nicola Sladden wrote to the Xs.

"We also accept that the bank could have provided you with better service when you raised concerns about the transactions, and the bank's proposed compensation of $500 is adequate to recognise this."

'I don't see how the AML/CFT Act gives them the Xs any redress'

But did ASB do all it should under its AML/CFT Act responsibilities in Mr X's case? To get some clarity on this spoke to two leading AML/CFT Act lawyers.

Unfortunately for the Xs both barristers, Fiona Hall and Gary Hughes, don't believe the Xs have grounds for complaint about ASB's actions under the AML/CFT Act.

"The legislation isn't there to protect the consumer, that's not the purpose of this legislation. The purpose of this legislation is to detect and deter potential money laundering and so its focus is on requiring businesses like banks to collect and report information for, ultimately, examination and use by the police and other government agencies," said Hall.

If ASB thought this was suspicious activity the bank would have been reporting its own customer, she added.

"I don't see how this legislation [the AML/CFT Act] gives them [the Xs] any redress," said Hall.  

"I think where the customer is missing the point is that any suspicion raised would have been in relation to their activity, not about the other end because they [the bank] wouldn’t have oversight of the other end, a non-customer. So what they would've been saying is 'our customer is behaving suspiciously and we're going to report him.'  As I understand it the customer isn’t disputing they authorised the transactions. So how thrilled would they have been if they'd discovered that the bank had reported what they did as suspicious?" Hall added.

Hughes agrees that in the X's case any ASB report of suspicious activity would be about Mr X.

"They'd just be saying 'this is unusual, it's out of profile, we don't know what to make of it, but potentially Mr X is importing some illicit substance from Malaysia and has to pay his supplier or dealer there'," said Hughes.

"Because he [Mr X] has been sucked in by a scam artist, he's initiating the transaction, he's making them [the transactions] voluntarily."

"The legal bar to showing that the banks owe a duty to third parties taken in by scam artists is quite high unfortunately in civil courts, and I don't think the additional information your correspondent has got here about the AML law would make this case any stronger," Hughes said.

"In fact it probably has that additional difficulty in that you've got the client convinced that they're dealing with a real person. If the bank had rung them and said 'this looks unusual sir, do you know what you're doing?' He probably would have said 'yeah, of course I do, go ahead, make the transaction. That's me, it's not an imposter or somebody impersonating me. I authorise that transaction, please do it.' Because that's what people, when they're under the relationship guise of these scam artists, ... they're usually so in the environment and relationship they want to believe it's true."

The RBNZ's 10 cents worth

The Xs have also taken their concerns to the Reserve Bank as ASB's AML/CFT Act supervisor, the Commission for Financial Capability, their MP National's Chris Penk, and made an OIA request to Prime Minister Jacinda Ardern about the Reserve Bank's AML/CFT Act responsibilities that has been referred to the Ministry of Justice (see more below).

"We cannot comment on specific entities that we supervise, but we can assure you we will take action designed to ensure that ASB’s policies, procedures and controls for reporting of suspicious activities and transactions are effective and in compliance with the law," a Reserve Bank spokesman told Mrs X.

"The Reserve Bank is sorry to hear that your husband has been the unfortunate victim of a sophisticated financial scam and as a result suffered the financial loss of the magnitude you indicated. It is unfortunate that innocent New Zealanders are being targeted by criminals with the level of sophistication involved in some of these scams. We work alongside a range of government agencies, some of which seek to remind people of these risks and to help reduce the incidence of scams. In this regard, if you haven’t already, we advise you to review the advice available on the Ministry of Business, Innovation and Employment’s Consumer Protection website."

"Please also note that if you do not accept the decision of the Banking Ombudsman, redress against ASB can be sought through the courts," the Reserve Bank spokesman added.

'Without the frontline entities fulfilling their reporting duty how can this legislation possibly be effective?'

So where does all this leave Mr and Mrs X?

They won't be accepting the $1,500 compensation from ASB recommended by the Banking Ombudsman, maintaining its interpretation of the AML/CFT Act displays a complete lack of understanding of the legislation. The Ombudsman said the transactions the Xs complained about don't fall within the purpose and scheme of the AML/CFT Act.

According to Mrs X, they are no longer seeking personal redress. 

"I understand this is not a customer-protective legislation, but rather a regulatory one. Yet it seems to be failing in what it is actually meant to do which is to detect crime potentially connected to money laundering or the financing of terrorism. Without the frontline entities fulfilling their reporting duty how can this legislation possibly be effective?" Mrs X asks.

"Of course the bank would have to report its own customer’s suspicious activities/transactions to the FIU [police financial intelligence unit], but then, having done so, that law enforcement authority would step in and investigate further and hopefully be able to trace and intercept the actual criminals, thereby not only curtailing the relevant criminal activity but also protecting further customers from becoming targets of such a crime in the future. How can this happen if nothing is reported in the first place and the criminals are left to continue unchecked?"

"The FIU relies on information from reporting entities for it to be able to do its job. If the FIU is given no information from a reporting entity it cannot pursue criminal activity – hence these types of crime are flourishing," Mrs X added.

"It would be the job of the FIU to investigate ‘the other end’ once the report about the customer’s transactions/activities was filed by the bank. Banks report, law enforcement investigates."

In a sense Mrs X's frustrations with the AML/CFT Act mirror those of Ron Pol, whose PhD research released earlier this year suggests anti-money laundering rules are almost completely ineffective in disrupting the proceeds and funding of serious crime, with a box ticking, rather than an outcomes oriented approach, taken towards the AML/CFT Act.

Below are the questions the Xs addressed to Ardern.

*(Note, it may not be well known but it is illegal in New Zealand to sell financial products by cold call).
**See a video interview here with Bronwyn Groot, fraud education manager at the Commission for Financial Capability, where she says anyone can fall victim at any time to fraud.
*** is also publishing the Commission for Financial Capability's Little Black Book of Scams with the first chapter here.

This article was first published in our email for paying subscribers early on Tuesday morning. See here for more details and how to subscribe.

We welcome your comments below. If you are not already registered, please register to comment.

Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.


Two comments on a very interesting article:
(1) $1,000 seems to be the 'go away' amount that the Banking Ombudsman's' office regularly pays to disgruntled Kiwis to finalise their files, (I initially rejected that offer made to me, but thought, "Bugger it!' and took the pay-off; bought a Hells pizza and washed it down with a bottle of Grange!) and,
(2) Isn't splitting up $100,000 into smaller parcels to avoid detection Money Laundering in the eyes of the Law even if it 'normal practice'?


The question is how many other $1,000 'bugger it' payments get doled out, and how do these people get together?


With the level of fraud reaching all kinds of new levels of sophistication, as well, presumably of money laundering, and considering all countries interest in curbing crime, I would think it would be in everyone's interest to expand the law to cover this? Money laundering is about illegally obtained funds, thus catching it at source is better and likely easier than somewhere down stream surely?


the cost of compliance to administer AML is enormous. The ability to work the system reasonably straightforward, even for the unsophisticated fraudster. The payback infinitesimally small. At the end of the day the authorities need to follow the money, do the hard yards,and prosecute.


This unfortunately rings true:

If the bank had rung them and said 'this looks unusual sir, do you know what you're doing?' He probably would have said 'yeah, of course I do, go ahead, make the transaction. That's me, it's not an imposter or somebody impersonating me. I authorise that transaction, please do it.' Because that's what people, when they're under the relationship guise of these scam artists...

How is the bank to protect people from themselves in such a situation? It's going to be impossible for banks to investigate and exclude (from transfers) every conman out there.

AML law is essentially more robust record keeping than we had previously, when there was little political will to track such things. And as noted above, about holding people responsible for money laundering in retrospect (as well as acting as a deterrent).


As the barristers say, the legislation is focused "on requiring businesses like banks to collect and report information", a classic tick-box compliance exercise, with 'compliance solutions providers' reaping tens of millions in fees annually.

The uncomfortable truth is that NZ's legislation was (demonstrably) not designed with any observable critical, imaginative, 'criminal', or contemporary thinking, nor principles of policy effectiveness.

As to the latter, that is, not just if we have rules, if they meet standards, or if firms comply with them (all of which NZ's system does well), but whether it is calibrated to achieve the underlying policy objective, which NZ's system doesn't do at all (unless the policy objective was solely political or supremely underwhelming, ie to cauterise political pressure prompted by Panama Papers by giving the appearance of a meaningful response absent substance, and/or to get the FATF tick; and in either case incidentally to have the slightest possible impact on serious profit-motivated crime). That's why my own focus mostly pivoted internationally.


This is an important issue, so thanks Interest and Gareth V for the piece. It’s becoming increasingly so, too, as accountants and their customers (and banks, but I don’t feel sorry for them) become unpaid agents for the state in gathering more and more information about us, but with none of the associated apparatus apparently intended to help, well, us. As in, I was particularly struck by this line from lawyer Fiona Hall, “The legislation isn't there to protect the consumer, that's not the purpose of this legislation.” I suppose it could be argued that, per the bigger picture, targeting money laundering and financing of terrorism is aimed at protecting The Little Guy, but given how many unknowns there are in this case (where the money went, what it was used for etc.) it’s hard to see (as Mrs. X argues) how any of this legislation can be remotely useful for that bigger purpose if Mr X’s transactions weren’t flagged and somehow acted on; and therefore, why on earth this legislation is NOT intended to protect the consumer. It damn well should be!

As for the weak argument that a bank calling a customer to query an uncharacteristic (and large) transaction would get short shrift, I rather imagine the kind of reaction I have given when a bank has called to query an odd credit card transaction: “Thanks for calling! It’s great to know you’re keeping an eye on this.” What’s more, if the bank had called and could have gone the extra half kilometre and given Mr. X information about where his money was going — or even said they didn’t know, couldn’t find out — it might have sparked a rethink on his end. I feel terrible for them and have no sanguine thoughts that I wouldn’t fall for this or that scam...rather my reaction is “crap, that could be me, and it sucks to know neither my bank, nor my government, gives a shit about it.”

On a wider note that might alienate more mainstream readers, I can’t help but have confirmed yet again my suspicions that the surveillance state is making us give up more and more of our privacy under cover of protecting, us/society/whatever, but that it’s just bullshit cover for protecting their own interests, and those of the corporates who really run them. Who is this legislation really helping? It’s certainly not helping us or the X’s. Whom I also thank for doggedly pursuing this when doing so can’t be at all easy. I hope they and Interest keep gnawing away at this bone on all our behalfs.


Shall we just get a handle on the scale of international fraud whilst we introduce this new law.

A 234 billion Euro money laundering fraud has been discovered in one of Denmark's banks.
"According to an internal probe cited by the FT, Danske found that "the vast majority" of 6,200 "risky" customers of the bank's Estonia branch were "suspicious."…
There is no way that other banks transacting through these entities, did not know something was up. However just like when Wall Street banks commit fraud, the fines (if any) will be insignificant.


What is the definition of suspicious??

Someone who has never transacted overseas then does nine international transactions over six months totalling $230k—does that not seem a tad suspicious? If not, then what is?

As a bank customer, tired of completing forms and providing endless ID under the AML/CFT it does not humour me to read about the X’s and the seeming lack of professional inquiry into where their money went. If the bank won't pursue the missing money on behalf of its customers who will?

It seems it is a technical point as to whether the AML/CFT is the correct law to address the X’s plight but the question that remains un-answered is where did their money go? And for what purpose? If the bank fails to see something as suspicious to begin with, doesn’t report it to the police and doesn’t investigate it at all—how can it know that the money WASN'T going to terrorism? Where is the due diligence in all of that, and why isn’t the bank being held accountable for that?

Woe betide any financial institution that doesn’t get its compliance affairs in order… but for what point?

If I am going to have to co-operate with all this data-reveal to do my banking then I WANT my bank to be proactive and do more due diligence so they can identify dodgy companies, and send out alerts and warnings, faster. And, yes, not all of those enquiries will reveal terrorist connections, but please don’t try to disguise a lack of professional enquiry behind the ‘wrong Act’.

Thank you Gareth Vaughan for reporting on this interesting topic. Sadly it seems that company’s website is still in business and presumably more people will be losing money even as I write this. I hope we will see more on this topic in the future.