The Department of Internal Affairs, the Financial Markets Authority and the Reserve Bank of New Zealand have published an updated Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Audit Guideline for reporting entities, making minor changes that clarify audit timing expectations and what counts as an "independent" and "appropriately qualified" auditor. The guideline reiterates that a reporting entity’s risk assessment and AML/CFT programme must be audited every three years unless the supervisor applies a four-year timeframe, and clarifies that an audit is only complete when the final audit report is issued, with the next deadline running from that report date. It expands practical guidance on auditor independence and conflicts (including where staff or internal audit teams are used) and on appropriate qualifications (emphasising relevant AML/CFT and audit skills rather than specific professional titles), alongside reminders on record-keeping, restrictions on sharing suspicious activity report information with auditors, the different audit trigger for high-value dealers, and supervisors’ ability to request audit reports or additional audits.
Department of Internal Affairs 2025-05-16
New Zealand's Department of Internal Affairs, Financial Markets Authority and Reserve Bank of New Zealand update AML/CFT Audit Guideline on timeframes and auditor independence
The Department of Internal Affairs, the Financial Markets Authority, and the Reserve Bank of New Zealand have updated the AML/CFT Audit Guideline for reporting entities. Key updates include a three-year audit cycle, guidance on auditor independence and qualifications, and supervisors' authority to request audit reports. The guideline also addresses record-keeping and restrictions on sharing suspicious activity report information.