AML/CFT Programme Policy¶
| Code | AML-001 |
| Domain | AML / Financial Crime |
| Owner | Chief Compliance Officer |
| Status | Draft |
| Applicability | Platform |
| Jurisdiction | NZ + AU |
| Business domain | BD07 |
| Review date | 2027-03-25 |
Regulations: AML/CFT Act 2009 · AML/CTF Act 2006 · FATF 40 Recommendations¶
Purpose¶
Govern the platform's AML/CFT programme — the overarching framework establishing obligations under the NZ AML/CFT Act 2009 and AU AML/CTF Act 2006.
Scope¶
All products, customers, channels, and staff of the platform in NZ and AU.
Policy statements¶
The Board SHALL approve the AML/CFT Programme annually and following any material regulatory change or significant business change.
The platform SHALL appoint a designated AML/CFT Compliance Officer (CO) in each jurisdiction with direct Board access.
The platform SHALL enrol with AUSTRAC as a reporting entity under the AU AML/CTF Act and maintain RBNZ registration under the NZ AML/CFT Act.
The AML/CFT Programme SHALL include: a risk assessment, customer due diligence procedures, transaction monitoring procedures, SAR/STR reporting procedures, staff training, and an annual audit.
The risk assessment SHALL be reviewed at least annually and updated following material changes to products, services, customer base, or the operating environment.
The CO SHALL report to the Board Risk Committee quarterly on programme performance, including SAR/STR volumes, CDD completion rates, and training compliance.
The programme SHALL be independently audited by internal audit or an external reviewer at least annually. Audit findings SHALL be reported to the Board and remediation tracked to closure.
Any material non-compliance with AML/CFT obligations SHALL be self-reported to the relevant regulator within the timeframe required by that regulator.
Satisfying modules¶
| Module | Name | Mode | Description |
|---|---|---|---|
| MOD-012 | KYC audit trail store | LOG |
AML programme can be evidenced to regulator — every check and decision is logged |
| MOD-016 | Rule-based typology engine | LOG |
AML programme includes documented, tested monitoring rules — regulator can inspect rule logic |
| MOD-017 | ML behavioural scoring model | LOG |
ML model forms part of documented AML programme — supervisors can inspect model and outputs |
| MOD-019 | Regulatory report submission module | AUTO |
Reporting obligations met without reliance on individual staff remembering to submit |
| MOD-037 | AUSTRAC / RBNZ AML reporting pipeline | AUTO |
Annual AML compliance report data sourced from operational systems — no manual collation |
| MOD-047 | Agent action logger | LOG |
AML programme execution evidenced by audit log — regulator can inspect any decision |
Part of AML / Financial Crime · Governance overview
Compiled 2026-05-22 from source/entities/policies/AML-001.yaml