Regulatory amendments to the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) regime have just been released. The regulatory package introduces some relief along with new obligations, with the potential to significantly increase the burden on reporting entities. The key changes are set out below.

The regulations come into force in phases:

  • Easing the burden: Amendments largely aimed at easing the compliance burden come into force on 31 July 2023. There are also some new obligations in this package.
  • New obligations: Amendments aimed at addressing shortcomings identified in the review of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act) come into force on 1 June 2024 or 1 June 2025.

Easing the burden

We previously highlighted the relief proposals described below.  Here is what has happened to them:

Proposal Implemented
Address verification – it was proposed that a reporting entity would not be required to conduct full address verification, except for enhanced customer due diligence (CDD) Not implemented.  Identified as requiring a change to the AML/CFT Act itself.
Low-risk trusts – it was proposed that the requirement to verify source of wealth or funds would be removed. Not implemented.
Stored value instruments (gift cards, loyalty cards, etc) – it was proposed to make existing exemptions technology-neutral, and to clarify the availability of the exemption where cards are bulk-sold to corporate customers for distribution to multiple recipients. Implemented from 31 July 2023.
Registered charities providing low-value loans – it was proposed that these would be exempted from being reporting entities, if they make only one loan per customer of up to $6,000. Implemented from 31 July 2023.
Timeframe for submitting prescribed transaction reports (PTRs) – it was proposed that this would be increased to 20 days. Not implemented.  Identified as requiring a change to the AML/CFT Act itself.

New obligations

We previously highlighted the proposals for additional obligations described below. Here is what has happened to them.

Proposal Implemented

CDD - the following was proposed:

  • It would become mandatory to risk-rate customers and to verify a customer’s legal form, control, and beneficial ownership;
  • CDD would be required whenever there are grounds to report a suspicious activity (even if the relevant transaction is below the threshold for an occasional transaction or activity);
  • Some enhanced CDD obligations would be increased.
Requirement to risk-rate customers implemented from 1 June 2025. Other requirements implemented from 1 June 2024.
Wire transfers – it was proposed that there would be enhanced obligations to ensure that all financial institutions involved in a chain of transactions, and government agencies, have information about the parties to a wire transfer in order to improve the transparency of payments. Implemented from 1 June 2024.
Non-financial business or profession (DNFBP) reporting entities – it was proposed that DNFBPs would be required to monitor a customer’s non‑financial activities, in addition to the current obligation to monitor financial transactions (but law firms would get longer for the submission of suspicious activity reports, given the time needed to consider whether information needed to be withheld as a privileged communication). SAR filing extension not implemented.  Identified as requiring a change to the AML/CFT Act itself. Other requirements implemented from 1 June 2024.
Trusts – it was proposed that reporting entities must identify a trust’s settlors and protectors. Implemented from 1 June 2024.
High-risk customers – it was proposed that reporting entities be required to take additional measures for high-risk business relationships. Implemented from 1 June 2024.
Record-keeping – it was proposed that reporting entities be required to keep records of PTRs, account files, business correspondence, and written findings for five years. Implemented from 1 June 2024.
Online marketplaces – it was proposed that online marketplaces would have suspicious activity reporting obligations where a buyer transacts more than $10,000 in a 12-month period. Implemented from 1 June 2025.
Remittance networks – it was proposed that remittance networks would have to consider both sides of a wire transfer where they have access to this, to monitor for suspicious activities. The specific provision consulted on has not been implemented.
Use of new technologies – it was proposed that increased risk assessment obligations would apply. Implemented from 1 June 2024.
Virtual assets – it was proposed that the position of virtual asset service providers (VASPs) would be comprehensively regulated. Implemented from 1 June 2024.
Reliance – it was proposed that a reporting entity’s ability to rely on third parties in overseas jurisdictions would be tightened up. Implemented from 1 June 2024.

But wait, there’s more…

The regulatory package introduces a considerable number of changes to the AML/CFT regime. We have highlighted some of the changes above, but the devil is in the detail with the AML/CFT regime, so it is crucial that reporting entities work through the whole package of regulatory amendments to identify the impact on them.  Our experts can help you assess how these changes affect your organisation’s AML/CFT obligations.

Contacts

Related Articles