The Financial Markets Authority says electronic verification systems the financial sector is using to detect money laundering and terrorism financing still aren't up to scratch.
While firms are generally getting better at meeting their obligations under the 2009 legislation, more are using electronic identity verification systems and they are not always integrating those with their other protocols for stopping money laundering and countering the financing of terrorism.
Deficiencies the FMA noted included reporting entities not describing how relevant criteria are satisfied, lacking processes for assessing and recording exceptions on customer due diligence, and not conducting extra due diligence when needed.
"As we reported previously, monitoring systems are still not fit for purpose, and include inadequate frequencies and transaction values," the report said.
The FMA is one of three AML/CFT supervisors, alongside the Reserve Bank and the Department of Internal Affairs. The latest report sets out actions required by the approximately 800 reporting entities it supervises.
Of those, around two-thirds are financial advisers, and the remainder are derivatives issuers, brokers and custodians, fund managers, providers of discretionary investment management services, equity crowdfunding and peer-to-peer lending platform providers, licensed supervisors and issuers of securities.
Between July 1, 2016 and June 30, 2018, the FMA carried out 44 onsite visits and 24 desk-based reviews.
"From this, we found 89 issues in 2017 and 175 issues in 2018 requiring remedial action" by reporting entities, it said. It also examined 145 independent AML/CFT audit reports, as well as information that must be included in annual AML/CFT reports.
While those entities have made good progress there are still a number of areas that require attention, the FMA said.
In some cases, AML/CFT programmes have not been reviewed or updated to align with the businesses' current practices. AML/CFT risk assessments that are not always updated when changes in risks occur and customer due diligence, including enhanced and ongoing account monitoring, remains problematic for reporting entities.
Looking to the future, it said there would be an increasing focus on reviewing independent audit reports, more in-depth reviews of client on-boarding and account monitoring processes. When undertaking operational reviews, the FMA will focus more on front-line staff who perform tasks such as client on-boarding, to assess their understanding of the obligations.
"We expect REs to consider the findings and observations in this report and, where required, update their AML/CFT policies, procedures and controls to ensure compliance with their obligations," it said.
The FMA said it would continue to investigate suspected non-compliance and take appropriate enforcement action. This will include "giving more consideration to publishing the outcomes of formal warnings we issue."