Following a review undertaken by the Ministry of Justice between July 2021 and June 30, 2022, the New Zealand government revised parts of the Anti-Money Laundering and Countering Financing of Terrorism Act (AML/CFT Act). This regulatory reform is intended to bring relief to businesses and solve the immediate issues revealed by the legislative review.  

Areas of regulation changes 

In this article, we looked at the areas that regulated organisations should consider while meeting their AML/CFT requirements. The regulations listed below have been amended for 2023, 2024, and 2025. 


Amendments commencing on 31 July 2023 

Recent modifications to Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) rules have resulted in several clarifications and requirements for designated non-financial businesses or professions (DNFBPs) and real estate agents. 

One important clarification emphasises that a DNFBP that provides relevant services to a repeat customer in non-continuous business interactions is not required to re-verify previously received customer due diligence unless there are concerns about the sufficiency or veracity of the data. However, if a DNFBP provides non-related services and is then retained for relevant services by the same customer, it must perform due diligence again. Furthermore, countries designated by the Financial Action Task Force (FATF) as high-risk jurisdictions are subject to increased examination under specific parts of the Act. 

Real estate brokers, on the other hand, must adhere to new customer due diligence time frames for specific transactions, as specified in the Act. Additionally, the revisions require DNFBPs to incorporate unique identities in specified transaction reports involving trust accounts, allowing for better coordination among reporting institutions. 

Furthermore, corporate trustees or nominee businesses that are subsidiaries of reporting corporations in New Zealand are permitted a significant exemption from the Act, with the goal of streamlining compliance procedures. These modifications, which take effect on July 31, 2023, represent major shifts in AML/CFT compliance standards, with the goal of improving regulatory effectiveness while also giving clarity and exemptions where appropriate. 


Amendments commencing on 1 June 2024 

To begin, extra identity information requirements for legal entities and arrangements are required now as part of routine customer due diligence processes, with the goal of increasing openness and accountability. Furthermore, reporting companies are now required to conduct increased customer due diligence when suspicious activity warrants reporting.

In circumstances where authenticating a customer’s identification using papers from credible sources proves difficult, reporting organisations may depend on information from trustworthy sources, with exceptions as needed. Furthermore, when undertaking enhanced due diligence, companies must distinguish between requirements for the source of funds or wealth to effectively manage and reduce money laundering and terrorism financing risks. Additionally, there is a push to update risk assessments to include developing technology, goods, or delivery systems before they are used. For international wire transfers under $1,000, ordering institutions must guarantee that required information is included with the payment; therefore, improving financial transparency. 

Importantly, AML/CFT compliance programmes must describe procedures for vetting and training agents, as well as separate criteria for customer financial sources or wealth based on risk mitigation needs. 

Finally, ongoing customer due diligence and account monitoring must consider the timeliness of past due diligence efforts, as well as a regular evaluation of specified operations to ensure regulatory compliance. These modifications represent a proactive approach to enhancing AML/CFT regulations, in line with worldwide efforts to combat financial crime efficiently. 


Amendments commencing on 1 June 2025 

Beginning June 1, 2025, a key amendment to the principal regulations requires reporting companies to incorporate risk-rating methods for new customers during customer due diligence processes, particularly in scenarios outlined in sections 14 and 22 of the Act. This mandate seeks to improve risk assessment capabilities, allowing organisations to better recognise and manage possible risks associated with new customers. 

Furthermore, reporting organisations are now required to keep track of each customer’s risk rating and update them as needed, ensuring that risk profiles are current and reflect any changes in consumer conditions or behaviour. By incorporating risk-rating algorithms into customer due diligence activities and keeping up-to-date records, businesses can improve their ability to effectively identify and mitigate potential money laundering and terrorism financing threats, boosting overall compliance efforts.