Anti Money Laundering

22 March 2019
2 min read

As an AML/CFT reporting entity, you are required to have an independent audit of your AML/CFT Risk Assessment and Programme.

Every two years, or earlier on request of your Supervisor, AML/CFT reporting entities are required to have an independent audit of their AML/CFT risk assessment and programme.

It is your responsibility to identify and appoint an auditor who is independent and suitably qualified to conduct the audit.

Our Audit Services

At Findex, our team of audit specialists provide AML/CFT audit services to businesses across multiple sectors.

Our team has the experience and insight to support you in navigating your compliance obligations and in your interactions with Supervisors.

Our AML/CFT clients include:

  • Payment platforms

  • Casinos

  • Money Services Businesses

  • Life insurers

  • Collective investment schemes

  • Financial leasing providers

  • Financial advisers

  • Non-deposit taking lenders

Our Audit Approach

Our audits are performed in accordance with SAE 3100 Assurance Engagements on Compliance underpinned by ISAE (NZ) 3000 issued by the XRB. The approach covers the following key areas of good practice, providing practical recommendations for improvement where needed:


  • Appointment of AML/CFT compliance officer

  • Maintenance of policies and procedures

  • Management and board reporting

  • Annual reporting to Supervisors

  • External audit reporting

  • Change management

  • Record keeping, data and document retention

Risk Assessment

  • Identification and assessment of risks

  • Risk assessment methodologies

  • New and emerging risks


  • Staff recruitment, vetting, fit and proper screening

  • Employee training

Customer Due Diligence

  • Customer identification

  • Customer risk rating

  • Enhanced due diligence

  • Source of funds and wealth

  • Politically exposed persons (PEPs)

  • Sanctions, screening and reporting


  • Transaction monitoring

  • On-going screening

  • Internal controls

Reporting to the NZ Police FIU

  • Suspicious Activity Reports (SARs)

  • Prescribed Transaction Reports (PTRs)

  • Suspicious Property Reports (SPRs)

  • Dealing with requests for information

Download Crowe Horwath – AMLCFT Audit – April 2018