This article originally appeared in LawNews (ADLS) and is here with permission.
Anti-money laundering and countering the financing of terrorism regulations are the bane of many businesses. On one hand, they’re a huge cost to organisations. On the other, they could be seen as a building block creating a civil society. But has the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML-CFT) and its implementation by regulators gone too far? Updates to the law that came into force on July 15 are bedding in and it’s not yet clear how they’re doing.
Few question that financial services companies, accountants, lawyers and some others are exposed and should fall under the legislation. Yet one member of the ADLS Trust Law committee is questioning whether its net has spread too widely.
Henry Brandts-Giesen, a partner at Dentons Kensington Swan, says the regime shifts the emphasis from a traditional law enforcement approach of investigating offenders directly. Instead, it outsources information-gathering obligations to third parties and intermediaries caught by the legislation such as lawyers, accountants and real estate agents with whom AML/CFT offenders may interact. “In terms of effectiveness, this ‘outsourcing’ may be equally as brilliant as it is controversial,” says Brandts-Giesen, who is the author of AML/CFT in New Zealand: A Handbook for Lawyers and Accountants.
The issues with this approach include:
- what proportion of the burden of countering AML-CTF should be borne by the private sector compared to traditional law enforcement agencies?
- what is a proportionate response to actual risk? and
- how much compliance can be standardised and what part(s) can be customised to the businesses concerned?
Pain in the pocket
The financial burden is high for smaller businesses, many of which face legislation overload from AML-CFT laws and others such as the Credit Contracts and Consumer Finance Act (CCCFA).
They must in most cases:
- appoint an AML-CFT compliance officer;
- complete a risk assessment and implement an AML/CFT process;
- carry out customer due diligence;
- report suspicious activities;
- make annual reports to their supervisor; and
- be independently audited every three years in most cases. That’s not cheap, says InvestNow founder Anthony Edmonds, who recently likened the AML-CFT burden to going through security at airports – a necessary evil.
One of the problems for smaller businesses is that while the law is written to allow organisations latitude in determining the risk scenario, in practice, supervisors impose rules-based standards, says Brandts-Giesen. “This results in a lack of critical thinking about risk and a default to tick-box compliance exercises.” He adds that although AML-CFT compliance regimes are quite properly designed as risk-based standards, standardisation of the compliance regime makes compliance more difficult for smaller businesses (and developing nations) with fewer resources.
Smaller businesses have some latitude to assess the AMLCFT risk in the circumstances of their business, the matter and the client, and then apply countermeasures proportionate to the risks, Brandts-Giesen says. “Those countermeasures should, in theory, be different depending on the circumstances.”
A classic example of the tension between the risk-based standards giving reporting entities latitude and rules-based standards imposed by supervisors is identity verification when doing customer due diligence. “Businesses are required under the law to take reasonable steps to verify the identity of the customer. This can be done in many ways, but the relevant code is very prescriptive,” Brands-Giesen says.
“Businesses spend many wasted hours trying to comply with the letter of the code and if they make a small technical breach, their auditor will likely make an adverse finding. “I frequently visit clients in their homes. And yet the code requires me to verify their address by procuring a copy of a utility bill. On any objective view, this does nothing more to help me verify their identity. Anyone can generate a fake utility bill, but it is much more difficult to stage the family home,” he says. “In any event, at what point should I take my compliance efforts to the stage of becoming a private detective?”
Asked about the latest iteration of the AML-CFT law, Dr Ronald Pol, former litigator and now director at EffectiveAML.org, doesn’t mince his words on New Zealand’s AML-CFT regime. Pol says: “No ‘fundamental’ review of AML regulations has reviewed anything fundamental. “Nor has any regulatory change, including the extension of AML rules to lawyers or even all regulatory changes combined, had any material, demonstrable, impact on money laundering, crime, or terrorism.”
In short, the “war” on money laundering isn’t working, he says. “Many lawyers, bank CEOs and even a few regulators agree that the [so-called] war on money laundering may be the world’s least effective anti-crime policy initiative but, as the CEO of a major bank privately declared, they are ‘too scared’ to say it publicly.
“Ironically, the latest research suggests that it is now possible for lawyers to help trigger a catalyst change, enabling major impact while virtually eliminating regulatory risk and compliance costs. But silos in the profession may be a barrier. “Lawyers seem to fall into three camps. One group gulped the AML Kool Aid. Another set up systems to tick all the right boxes and carry on business. If the third group, strategic board and government advisers, continue to let the first group lead advisory work without testing the narrative, the futile forever war looks set to continue endlessly.”
‘George Orwell would be proud’
Brandts-Giesen theorises that the actual money laundering and financing of terrorism has shifted, or is shifting, from its historic marketplaces, such as real estate and traditional financial centres and systems, to the dark web and metaverse.
But even for those attempting to use the mainstream markets for nefarious purposes, the law may not have much of an impact. Nick Kearney of Davenports has his own take on this. “Do you think the Comancheros or Hells Angels care about the AML laws? No, they don’t. I realise there have been convictions for AML crimes, but laws targeted at gangs could easily have been introduced instead of the catch-all, scattergun approach we have.
One way to look at just how difficult the regime has become for small businesses, says Kearney, is the number of entrepreneurs who have spotted a money-making opportunity out of it. “You only have to look at the number of AML businesses now popping up to see how much of a business it has become. “They obviously all see a huge market going forward where mums and dads will pay for the criminality of the Comancheros and Hells Angels. Is it a necessary evil? No, I don’t believe it is. I think it’s all part of a growing plan to capture mass collection of data of everyone on the justification that it’s for the better good. George Orwell would be proud.”
It’s too soon to judge how the new laws are bedding in, says Kearney. However, Garreth Collard, an accountant who runs EpsomTax.com, doesn’t believe the impact will be huge. He cites the new requirement to do due diligence around the existence and identity of nominee directors and shareholders. “Are nominee directors and shareholders used often? Only in limited circumstances. It certainly hasn’t been a regular topic of discussion with any of our AML service suppliers, any of the training or any of the industry training events for accountants that we attend, or for that matter when talking with other accountants.”
There may even be benefits. “Pushing out the audit to threeyearly from two-yearly saves cost, time and stress. I mean, we flew through our last audit and I’m confident about the next one. But not having to think about it for another year? Priceless. “I think it really depends on what the firm is doing as to how much impact there is but compared to the initial introduction of the AML-CFT regime for accountants, these are minor tweaks only.”
Regulators flash their teeth
Just as the most recent law changes may have eased the burden on some businesses, the regulators are escalating enforcement. The Financial Markets Authority (FMA), for example, announced late last year that it would be escalating its enforcement approach to non-compliance with AML-CFT rules.
The FMA is one of three supervisors under the AML/CFT Act, along with the Reserve Bank and the Department of Internal Affairs (DIA). Well-known entities such as Sharesies and the BNZ have been issued formal warnings under the Act. In the three years from July 2018 to June 2021, the FMA conducted 60 monitoring reviews on financial services firms, identifying 363 issues requiring remedial action. It brought its first High Court proceedings under the Act and issued 27 formal, private warnings.
James Greig, FMA director of supervision, said in September last year that the AML-CFT regime had been in place for eight years and businesses had had plenty of time to comply. Greig said the FMA had less tolerance for companies not meeting their obligation, especially around having robots AML-CFT programs.
InvestNow’s Edmonds says his business has had to evolve as the FMA has taken a greater focus on his industry. He accepts the AML-CFT regime is part and parcel of living in a civilised society. “When you first look at this area, the rules and regulations do look a bit like taking a sledgehammer approach to cracking a nut. But you have to move beyond that as a practitioner. [The legislation] is designed to detect and stop money laundering.”
Edmonds says during his career in financial services, he has never seen evidence of money laundering in mainstream financial markets, but one only must look within New Zealand society and the economy to know that it has happened. “So, this is a real thing, and it must happen out in the field.”
The most recent update to AML-CFT law has forced InvestNow, like many businesses, to go back to clients to seek more information. Not all can understand why they need to provide the information, and some have refused. “We’ve seen behaviour such as people being evasive and refusing to comply. “It’s like going through airport security. It’s annoying, and it’s frustrating. But it’s unavoidable if you want to get on the plane.” The irony is that AML checks also help to identify fraudulent activities in the financial services sector, which helps to protect those same disgruntled clients. “There’s a close alignment between the money laundering checks you’re doing for suspicious activity and detecting and stopping fraud.”