Guy Dobson* argues that the government must zoom in on overzealous customer due diligence (CDD) practices or risk shutting out many New Zealanders from access to essential financial services
In the wake of the COVID-19 pandemic and an almost certainly impending economic downturn, our government will need to reassess how current and past practices have stifled businesses to the detriment of the public. A good start would be government departments with supervisory powers under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act) ceasing to bully and adding unnecessary costs to New Zealand businesses if we are going to build the best possible future for our people.
The AML/CFT Act was put in place to ensure that New Zealand complies with the 40 recommendations set out by the Financial Action Task Force – an inter-governmental body that sets global anti-money laundering standards. Essentially, the principle behind AML/CFT legislation is to follow the money to the criminal and take it away to weaken them.
In New Zealand, there are three supervisors overseeing the implementation, accountability and enforcement of the AML/CFT Act. These are the Department of Internal Affairs, Financial Markets Authority and the Reserve Bank of New Zealand. These three market regulators publish joint directives – which they call guidance – on how firms should apply, manage, report and be accountable for their compliance obligations.
It is clear that our AML/CFT Act exemplifies New Zealand’s light-handed approach to regulation. Meeting AML/CFT Act obligations is actually pretty simple. However, supervisors’ guidance often adds unnecessary constraints on how businesses can meet their obligations.
Customer due diligence is a key example of this. Businesses must conduct due diligence on their customers in order to verify their identity, address and other information. Under the Act, this is very straightforward, but under supervisors’ Identity Verification Code of Practice, businesses are expected to spend more money and verify unnecessary information.
The AML/CFT Act requires any financial institution that the public deals with to obtain and verify the following customer information:
(a) the person’s full name; and
(b) the person’s date of birth; and
(c) if the person is not the customer, then that person’s relationship to the customer, and
(d) the person’s address or registered office; and
(e) the person’s company identifier or registration number; and
(f) any information prescribed by regulations.
The verification of identity must be based on documents, data or information issued by a reliable and independent source, such as a government body.
Clearly, the AML/CFT Act doesn’t require an identity document to include a photograph or compel the public to provide their photograph to businesses caught under this legislation. The AML/CFT Act does not require the documents used to verify a person’s full name and date of birth to also include their photograph.
Despite this, supervisors’ Code of Practice requires businesses to collect their clients’ photographs. Part one of the Code instructs businesses to accept specific forms of “primary photographic identification”, and only to accept “primary non-photographic identification” with supporting “secondary” documents. According to the Code, a New Zealand birth certificate is not a reliable identity document by itself as it does not have a photograph attached, and thus cannot be used alone to verify a person’s full name and date of birth. As birth certificates are issued by the Department of Internal Affairs, this effectively means that the Department considers itself to be an unreliable body.
The repeated emphasis on requiring photographic identification to verify someone’s full name and date of birth carries a range of issues. Many individuals do not, for a myriad of reasons, appear as they do in their photographic ID. In cases like these, how can supervisors insist that photographic identity documents are the only type that can be relied on alone? If a transgender individual no longer looks like the photo in their passport, why is a passport more reliable than a citizenship certificate to verify their full name and date of birth?
The code is supposed to be voluntary. Yet businesses that have chosen to opt out receive hostile and intimidatory responses from supervisors.
Effectively forcing businesses to collect and verify this information also imposes additional expenses on them, including employing staff to complete these duties and purchasing software tools in order to meet supervisors’ requirements. In many cases, businesses pass on these costs to the consumer. The public is made to bear the brunt of these expenses and essentially pay businesses to verify their own identity.
Supervisors’ insistence that businesses compel clients to pass over this information both imposes added compliance costs to those businesses and infringes on the privacy of the public. As this is not supported by the language used in the AML/CFT Act, supervisors are requiring more than what businesses are legally obligated to do. In light of the recent unauthorised police trial of infamous facial recognition software Clearview AI, the New Zealand government departments appear to hold our right to privacy in low-regard.
Another issue with supervisors’ guidance with regards to customer due diligence recently surfaced at the beginning of lockdown in March. They published the guidance Complying with AML/CFT verification requirements during COVID-19 Alert Levels. The CEO of FMA, Rob Everett, stated that “the AML/CFT Act prescribes a risk-based approach to ongoing CDD and account monitoring”. This means that businesses have the discretion to not necessarily sight certain documents when conducting customer due diligence, depending on the business’s assessment of its risk of money laundering or terrorist financing. The guidance conveyed supervisors’ understanding that during this pandemic and the subsequent restrictions, it may be more difficult for businesses to carry out ongoing customer due diligence as per their usual processes.
Essentially, supervisors are recommending through this guidance that scanned copies of identity documents may only be used as an interim “stop-gap” during lockdown, and original documents must be sighted at a later date to avoid breaching AML/CFT obligations and risk regulatory censure.
Here, supervisors are presenting their actions as almost benevolent and generous during lockdown. Yet these “stop-gap” measures are already permitted under the AML/CFT Act. The sections of the AML/CFT Act that relate to identity verification do not prohibit the acceptance of documents sent electronically by a customer to their service provider. Supervisors themselves accept electronically transmitted documents without requiring hard copies to be sent through the mail. For example, the AML/CFT Annual Report is submitted electronically without the need to send a hard copy.
Supervisors must be aware that any demands over and above what is required by law has a negative public and market impact. Such unlawful demands on the public lead to unnecessary throttling of business and act as a barrier to the public accessing essential legal, accounting and financial services. If there has indeed been regulatory overreach – as evidence suggests – then the State Services Commission should investigate this abuse of power.
Now that we are in alert level one and determined to reinvigorate our economy and society, it is high time that the New Zealand government examines the actions of the AML/CFT Act supervisors and removes all supervisory practices that have crept in without legal sanction. If these practices continue, instead of striding into a new future, New Zealand’s economy will only be able to limp there.
Guy Dobson is director of financial education and AML compliance firm, Maxima. This opinion piece was co-authored by Janaye Kirtikar