The Act imposes several obligations. If you operate a business that falls within the definition of reporting entity you will need:
The FMA's Sector Risk Assessment (SRA) is a review of the characteristics of certain sectors of the financial system. It assesses the level of risk of money laundering occurring in that sector and outlines any particular risks in that area.
Section 58 of the Act requires each reporting entity to assess the risk it may reasonably expect to face of money laundering and financing of terrorism in the course of its business. The Act calls this a risk assessment.
A risk assessment is the first step a business must take before developing an AML/CFT compliance programme. The supervisors have issued a guideline on how to complete a risk assessment. The FMA has published a separate guideline for small financial adviser businesses.
The Act requires that, in identifying money laundering or terrorism financing risk, your reporting entity must consider:
The Act takes a risk-based approach to compliance. Reporting entities (within the limits set by the Act and regulations) have some flexibility to determine the way in which they meet their obligations based on their risk assessment.
Once a risk assessment is completed, a business can then put in place an AML/CFT programme that minimises or mitigates these risks. See the AML/CFT programme guideline.
The AML/CFT programme will set out your procedures, policies and controls for detecting, managing and mitigating the risk of money laundering, and the financing of terrorism your business may reasonably expect to face. The programme must be in writing and based on your risk assessment.