Practical implementation of the AML/CTF Act: Lessons learned from New Zealand and the UK
Practical implementation of the AML/CTF Act: Lessons learned from New Zealand and the UK
The Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Amendment Act 2024, will come into effect in Australia from 1 July 2026 bring with it significant changes. The legislation will require preparation to fulfil compliance requirements, particularly for newly designated non-financial businesses and professions (DNFBPs), or ‘Tranche 2’ entities who will be navigating the obligations and creating a business-specific AML/CTF framework for the first time.
BDO’s forensic services team in Australia collaborated with BDO New Zealand and BDO United Kingdom (UK), who have already dealt with similar challenges, to compile valuable lessons learned from each jurisdiction’s implementation of AML/CTF requirements. This includes respective challenges and how they were navigated, so that entities in Australia can successfully adapt and achieve compliance. This article aims to cut through the substantial noise around regulations and provide practical advice for implementation and best practice for entities, drawing on insights gained from our global counterparts as fellow reporting entities.
Regulatory framework differences
The landscape of AML compliance in the UK has evolved significantly over the past few decades, particularly with the introduction of the EU Third, Fourth and Fifth Money Laundering Directives and subsequent UK regulations, namely The Money Laundering Regulations 2007 and The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, as amended. These changes brought in new obliged entities in scope of the regulations, including art market participants, real estate professionals, accountants, lawyers, and even crypto asset businesses.
New Zealand’s Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 extended the regulatory obligations to a broader set of professions and industries beyond traditional financial institutions. This was enacted through the 2017 Amendment Act with a staggered implementation timeline:
Date effective from |
Profession/industry |
1 July 2018 |
Lawyers, conveyancers, and trust/company service providers |
1 October 2018 |
Accountants |
1 January 2019 |
Real estate agents |
1 August 2019 |
New Zealand Racing Board and high-value dealers |
AML/CTF regulators in the UK and New Zealand
Supervisory bodies and/or regulators play a critical role in assessing the implementation of the AML/CTF obligations the UK. Bodies such as the Solicitors Regulation Authority, Institute of Chartered Accountants in England and Wales, and HM Revenue & Customs offer helplines and educational webinars designed for firms. These resources aim to build competence and confidence in navigating AML obligations.
As of 1 June 2025, the Department of Internal Affairs is the sole regulator for AML/CTF across all sectors in New Zealand, making it similar to the Australian financial intelligence unit – the Australian Transaction Reports and Analysis Centre (AUSTRAC).
Sector-specific guidance
In the UK, sector-specific guidance documents are issued, offering detailed explanations and illustrative case studies tailored to legal professionals, accountants, and estate agents. These documents provide practical insights into conducting client risk assessments, identifying red flags, and maintaining an AML compliance program utilising a proportionate risk-based approach.
In New Zealand, detailed guidelines are also circulated by the regulator for specific sectors. For example, there were separate compliance guidelines introduced for lawyers, accountants, real estate agents, and trust and company service providers when each group became regulated. These guidelines break down the AML/CTF Act requirements and suggest best practice.
Australia is proposing to adopt a similar approach by providing sector-specific material to address individualised questions for those groups.
Global challenges in AML/CTF implementation for DNFBPs
Key themes that emerged globally were around challenges faced by new reporting entities. These include:
Resource constraints
Amongst New Zealand and the UK, DNFBPs in both countries faced challenges in resource allocation when implementing the AML/CTF regulations.
In the UK, this was particularly pronounced for small firms and sole practitioners. These entities often lacked the staff or technological infrastructure to implement the necessary controls, conduct customer due diligence (CDD), and maintain compliant documentation. The costs of hiring or consulting compliance professionals, acquiring AML software, and training existing staff were substantial.
This was consistent with New Zealand’s experience, where specific sectors in legal or law firms found compliance with requirements profoundly challenging due to the volume of clients they deal with and the associated administrative and legislative burden. Similarly, real estate agents interact with customers in varying capacities and can have stringent performance expectations regarding client onboarding. Therefore, CDD and additional documentation requirements may cause operational friction, which can lead to a poor client experience.
Lack of expertise
The initial implementation of AML requirements on DNFBPs presented an array of issues for businesses not previously subject to such regulatory scrutiny. One of the most significant challenges experienced in the UK and New Zealand was the lack of existing AML expertise within these sectors. Many art dealers and real estate agents had limited or no experience with financial crime compliance frameworks.
As a result, there was a steep learning curve in understanding the terminology, requirements, which included how to identify and assess inherent money laundering and terrorism financing risks, and the consequences of non-compliance. Although many firms in the UK were able to competently develop appropriate policies and procedures by utilising guidance, it was the lack of understanding of associated risks due to limited expertise and experience where firms really struggled.
For New Zealand, this challenge was also exacerbated by the limited labour force. To combat this, entities would need to source these skills abroad or upskill the existing workforce, bearing additional costs in doing so.
Implementation approaches used by New Zealand and the UK
Our BDO counterparts in New Zealand and the UK highlighted a range of strategies adopted by new reporting entities to meet their AML/CTF compliance obligations, shaped by jurisdictional requirements, business size, and resource availability.
1. Increased use of third-party service providers
In both countries, there is a growing reliance on third-party providers for key AML/CTF controls such as customer screening and transaction monitoring. Outsourcing these services offers operational efficiencies and cost savings. However, regulators in both jurisdictions have emphasised that ultimate accountability remains with the reporting entity. As a result, firms are expected to conduct thorough due diligence on their providers and maintain active oversight to ensure outsourced tools are effective and compliant.
In New Zealand, small businesses often initially opt to outsource compliance due to limited internal capacity and budget constraints before transitioning to internal teams as the organisation matures and gains a deeper understanding of regulatory requirements, resulting in longer term efficiency gains.
2. Cost considerations and resource allocation
In the UK, compliance costs remain high with both financial and non-financial organisations spending billions annually on financial crime compliance. These costs include staffing, technology, training, and regulatory fees. Larger organisations are more likely to invest in dedicated in-house compliance resources. For smaller firms, the financial burden is particularly significant, which has led to ongoing discussions around cost/benefit proportionality and associated regulatory support.
3. Customer due diligence (CDD)
In both the UK and New Zealand, the frequency of updating Know Your Customer (KYC) information was based on the level of money laundering risk and the type of service provided by the reporting entities, with higher risk clients and services requiring more frequent updates to KYC information.
For DNFBPs, compliance requirements would be dependent on the level of customer activity and purpose of receiving a designated service. For example, in the real estate sector, it is common to have a one-off transaction with a client, as opposed to an accountant who might provide designated services to the same client on an ongoing annual basis. One-off transactions with clients may have less exposure to money laundering risk compared to recurring transactions.
For financial institutions in New Zealand, it was practical to embed CDD requirements in initial client acceptance procedures, reducing friction during onboarding. Most of the new reporting entities repurposed their existing processes to include steps that would strengthen compliance with new the AML/CTF requirements.
However, this process should be tailored around the nature of the business and its customers, requiring regular updates of their CDD requirements based on the perceived AML risks that are present with specific customers.
Understanding designated services and trigger activities for AML/CTF compliance
While New Zealand’s AML/CTF regime is not structured around designated services but on captured activities, the UK provides a useful reference point for identifying activities that commonly trigger compliance obligations. For new reporting entities, understanding the below examples can help in assessing risk exposure and implementing appropriate controls.
Designated service |
Trigger activities |
Example |
High-risk sectors and transactions Certain sectors and transaction types such as high-value dealers and art market participants, particularly involving transactions of €10,000 or more which fall within the scope of AML regulations, are inherently higher risk and are therefore subject to stricter AML oversight in the UK.
|
|
The source of funds document such as a bank statement of a customer working in a cash intensive business (e.g. restaurant, salon or convenience store), has cash being deposited on a frequent basis. The reporting entity should try to collect more information on the nature of these transactions to manage the risk associated with tax evasion. |
Legal services
|
|
A solicitor facilitating the purchase of a London property for an offshore entity with opaque ownership would be expected to conduct enhanced due diligence (EDD) and potentially file a Suspicious Matter Report (SMR) if the source of wealth and source of funding are unclear.
|
Real estate professionals |
|
A buyer using layered corporate entities to purchase property should trigger EDD and possible SMR obligations. |
Accountants and tax advisers |
|
An accountant assisting a client in setting up multiple companies with no clear business purpose or transferring large sums between them would need to investigate and potentially escalate the matter. |
Recommendations for new reporting entities in Australia
BDO’s forensic services experts share practical tips to help new reporting entities adopt effective AML/CTF practices and steer clear of common pitfalls, drawing on lessons learned from the UK and New Zealand below:
- Leverage guidance information: New reporting entities should leverage guidance resources circulated by AUSTRAC including, but not limited to, the AML Program starter pack to ensure compliance with AML obligations. AUSTRAC is expected to release sector specific guidance information that can be utilised by new reporting entities for training and awareness. Professional associations can also disseminate sector-specific guidelines, webinars, and helplines to assist new reporting entities with managing compliance.
- Facilitate access to expertise: To address the expertise gap, professional associations could create partnerships with educational institutions to offer specialised AML courses and certifications to members.
- Utilise technology and outsourcing: New reporting entities could explore the use of technology and outsourcing to manage their compliance obligations. However, it is crucial that businesses perform due diligence on third-party providers and maintain oversight to ensure accountability.
- Documented risk-based approach: Although small reporting entities may perceive their money laundering, terrorism financing and proliferation risks as minimal, these reporting entities need to ensure the inherent and residual risk for relevant risk factors and the controls they utilise to manage or mitigate these risks is documented in the risk assessment.
How BDO can help
BDO is a trusted adviser to clients across a broad range of services and provides forensic services support, including preventative financial crime risk management. BDO’s forensic services team conduct AML/CTF independent reviews and financial crime risk assessments for highly regulated institutions to ensure they comply with their independent review requirements under the AML/CTF Act.
Access our free guide and checklist to help you navigate the changes for your business or contact us today for a complimentary consultation.