Back to blog

Navigating your annual AML/CFT report: An essential guide for your firm

This guide takes you through key aspects of the annual AML/CFT report, from risk assessment to record keeping.


With the closing of another business year, it's time to gear up for your firm's annual Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) report, which is a mandatory requirement under the AML/CFT Act 2009. Submitting a report provides the regulator with insights into your operations, demonstrating how you are identifying, managing, and mitigating potential AML/CFT risks. 

The Department of Internal Affairs (DIA) serves as the primary regulator for most reporting entities in New Zealand, which includes a range of professions such as accountants, lawyers and real estate agents. However, certain entities, such as banks, life insurers, and non-bank deposit takers, are regulated by the Reserve Bank of New Zealand, while the Financial Markets Authority oversees issuers of securities, derivatives issuers and other financial market participants.

When it comes to timing, the clock is ticking, with reporting entities required to submit an annual AML/CFT report by August 31st each year, covering the preceding year ending on June 30th – meeting this deadline is crucial for ensuring compliance and avoiding potential penalties.

We understand the process may appear daunting, especially with the ever-evolving regulatory landscape so we’ve put together this handy little guide to outline what key elements you need to include in each of the five sections as part of your report so you can stay compliant.

Key elements of your annual AML/CFT report

1️⃣ Risk assessment overview

Every AML/CFT report commences with a summary of your firm's risk assessment. This provides regulators with a snapshot of the potential risks your firm might be exposed to and how you manage them. 

Tip 💡: Keep it straightforward and precise. Describe your risk profiling methods, elaborate on identified risk areas, and outline the strategies you've implemented to mitigate these risks.

2️⃣ AML/CFT program implementation

This section presents an overview of your firm's AML/CFT compliance program. You should detail how it's designed to manage the risks identified in your risk assessment, including processes for customer due diligence (CDD), reporting, record-keeping, and monitoring. Highlight any updates made in response to changes in your risk profile or legislative amendments.

If you’re a Connectworks user, you’re easily able to export everything related to any due diligence you’ve carried out, so you’ve got an auditable digital trail of who you’ve carried out due diligence on, the risk assessment that was made, and what the outcome was.

3️⃣ Compliance Officer's performance

The effectiveness of your AML/CFT program relies heavily on the skills and competence of your assigned Compliance Officer. Part of your annual AML/CFT report needs to demonstrate what they’re doing in their role, with a focus on their contributions towards maintaining your firm's AML/CFT compliance. Showing evidence of continuing professional development (CPD) can strengthen this section.

4️⃣ Record keeping

Regulators will look for evidence of robust record-keeping practices. Make sure you're keeping appropriate records for each client and transaction, including CDD results, transaction monitoring reports, and any suspicious activity reports (SARs).

P.S. We’ve mentioned this already, but if you need a tool to keep all your due diligence results and decisions in one place – get in touch with us to learn more.

5️⃣ Training and education

Part of your compliance program needs to include the training and education of staff. It’s important to show the regulators how your firm has committed to keeping the team informed and trained on AML/CFT obligations. This could include in-house training sessions, webinars, or attending external AML/CFT seminars – an example of one such training provider here in New Zealand is Strategi.

Review and update

Your AML compliance program isn’t a set-and-forget exercise – it needs to be regularly reviewed and updated, this might include your risk assessment and how you make decisions at your firm, including incorporating any new changes or legal requirements.

As an ongoing task, your firm should regularly review and update your AML/CFT risk assessment and program. This ensures that they remain relevant and effective as your business, the regulatory environment, or risk circumstances change.

Maintaining a proactive approach

It’s easy to see AML as a checkbox exercise or an afterthought you have to report on – however, if you can be proactive with how you’re implementing your program and managing your obligations regulators may look more favourably on firms who are demonstrating they are taking legislation seriously. Building regular internal audits and compliance checks into your program can aid in identifying any shortcomings in your AML/CFT framework. This not only ensures your readiness for the annual report but also protects your firm from any potential risks.

To wrap up

Preparing your annual AML/CFT report doesn't have to be a gruelling process. With systematic planning, regular monitoring, and the right resources, it becomes a lot more manageable. In our view, this is more than a compliance exercise — it's an opportunity to review, revise, and strengthen your firm's AML/CFT processes.

(NB: This article doesn't constitute legal advice and is intended for general informational purposes only. Always consult with a legal expert or compliance consultant for guidance specific to your firm.)

Share this post with others
Linkedin IconTwitter Icon
In this post