Anti-Money Laundering and Countering Financing of Terrorism Audits

Clive McKegg

August 28, 2018 15:49


  • AML/CFT Audit (Beta Released 30 May 2018) - For use in the audit of compliance with requirements of Anti-Money Laundering and Countering Financing of Terrorism Act 2009. Based on SAE 3100 (Revised), ISAE (NZ) 3000 (Revised) and SAE 3150.  

Updated to:

  • AML/CFT Limited Assurance Compliance Engagement (Full release 10 July 2018) For use in carrying out limited assurance compliance engagement in accordance with requirements of Anti-Money Laundering and Countering Financing of Terrorism Act 2009. Based on SAE 3100 (Revised), ISAE (NZ) 3000 (Revised) and SAE 3150. Includes assurance reports as recommended by CAANZ. 

The full release includes the following changes from the beta version:

  • Tidying up of terminology because this is a limited assurance engagement
  • in most places "audit" replaced with "assurance engagement" except where using "audit" is a generic sense for all assurance engagements as the Act does
  • "opinion" replaced with "conclusion"
  • title changed from "audit" to "Limited Assurance Compliance Engagement"
  • Removal of walk-through and detailed testing of SARs (Suspicious Activities Reports) as these will not be allowed to be examined by the assurance practitioner in terms of S46
  • in discussion with Zowie Pateman from CAANZ it seems that all the practitioner can do is test design effectiveness, and maybe ask how many they have submitted during the period
  • on this basis we have included a "walk-through" testing page where the practitioner can ask the client if there were any SARs and whether they were treated according to the Programme and the requirements of the Act
  • Adding in of transactions testing pages for PTRs (Prescribed Transaction Reports) in the K section
  • Removal of Performance Materiality and Trivial level for misstatements as subject matter is non-financial 
  • Lots of minor typos and inconsistencies have been fixed - thanks to Zowie Pateman from CAANZ for her very thorough review and suggestions. 

To select , go to the "Compliance Audits" tab, select new job and you will see the option to create a new job using this template

The work-flow of the AML/CFT Limited Assurance Compliance Engagement template is as follows:

  • Normal acceptance/independence/engagement requirements
  • Gathering information from client including their Risk Assessment and AML/CFT Programme
  • Documenting and evaluatingAML/CFT Programme and Risk Assessment including walk-through tests of significant controls
  • Materiality setting, identified risk analysis and strategy
  • Testing of key controls to see if they extend across the period under review
  • Compliance checklists for all the requirements of the AML/CFT Act
  • Management representation letter, and management report and breach evaluation
  • Summary of assurance engagement process, and completion of final report with options for modifications 

Note that CAANZ has now released their guidelines to practitioners - this are available to members here. We have used this to assist with preparing our template and used the model Engagement Letter, Representation Letter, and Assurance Report from the Appendices. 


Those of you who were at the annual CAANZ audit conference in December 2017 will have heard Andrew Holmes from Internal Affairs talking about AML/CFT Act audits and how they represent a significant  opportunity for auditors to expand their assurance services, with many more entities requiring audit within the next year or two.

The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 ("the Act") came into effect on 30 June 2013 for “reporting entities”. Money laundering is how criminals disguise the illegal origins of their money. Financiers of terrorism use similar techniques to money launderers to avoid detection by authorities and to protect the identity of those providing and receiving the funds. 

If you want to get some background on why this legislation has been introduced, I suggest watching the Tom Cruise movie “American Made”. It is based on the true story of Barry Seal, a former commercial pilot who in the 1980s flew missions for the CIA and became a drug smuggler for the Medellín Cartel. In order to avoid jail time, he became an informant for the DEA. It’s a bit over the top but it’s a fun watch and you get the idea how easy money laundering from illegal operations has been - and where there is easy money there will likely be all manner of corrupt activities.

To maintain New Zealand’s image as corruption-free in the global economy this legislation has been adopted, to make the transfer of wealth from illegal activities into the enonomy or into terrorist activities more difficult, and to spot and track schemes set up to facilitate these activities. The process of implementing and supervising the whole thing is shared between the Reserve Bank, the Financial Markets Authority (FMA), and Internal Affairs (DIA).

Reporting entities were required to prepare a AML/CFT compliance programme in terms of the requirements of the Act. The first entities to be affected by the Act were Banks, Casinos and a range of Financial Service Providers.

The Act has recently been updated to include a much broader range of entities including: LawyersConveyancers and Businesses that provide Trust and Company Services (from 1 July 2018), Accountants (from 1 October 2018), Real Estate Agents (from 1 January 2019), Businesses trading in High Value Goods (from 1 August 2019) and the NZ Racing Board (also from 1 August 2019).

This affects accountants and auditors in a number of ways:

  • From 1 October 2018 accountants may need to prepare their own AML/CFT compliance programme and have it audited (see below*)
  • Accountants and auditors are in a great position to assist clients with setting up AML/CFT compliance programmes
  • The programmes are required to be audited every two years, and this presents auditors with a new opportunity to offer their services for this work

Any “appropriately qualified” person may perform these audits may, (not restricted to chartered accountants). Those with an audit background will obviously be a first choice.

For the chartered accountant, the appropriate frameworks for this type of job will be:

  • SAE 3100 (Revised) - Compliance Engagements
  • ISAE (NZ) 3000 (Revised) - Assurance Engagements Other than Audits or Reviews of Historical Financial Information
  • SAE 3150 - Assurance Engagements on Controls.

In terms of these standards the subject matter of the audit is the AML/CFT Programme established by the entity in terms of S56(1) of the Act. The purpose of the work is to provide assurance that the entity has complied with the requirements of the Act.