AML Training & Awareness Policy¶
| Code | AML-010 |
| Domain | AML / Financial Crime |
| Owner | Chief People Officer |
| Status | Draft |
| Applicability | Platform |
| Jurisdiction | NZ + AU |
| Business domain | BD07 |
| Review date | 2027-03-25 |
Regulations: AML/CFT Act 2009 · AML/CTF Act 2006¶
Purpose¶
Govern the platform's AML/CFT training and awareness programme, ensuring all staff have the knowledge and skills to detect, assess, and report money laundering and terrorism financing risks in line with NZ AML/CFT Act and AU AML/CTF Act obligations.
Scope¶
All employees, contractors, and directors of the platform operating in New Zealand and Australia who have access to customer accounts, transaction data, or compliance systems.
Policy statements¶
The platform SHALL maintain a documented AML/CFT training programme covering: the nature and indicators of money laundering and terrorism financing, the platform's AML/CFT programme structure and controls, the staff member's specific role obligations, reporting obligations (STRs, PTRs), and the consequences of non-compliance.
All new employees in scope SHALL complete AML/CFT induction training within 30 days of commencing in their role. Contractor access to customer data systems SHALL be contingent on AML/CFT training completion.
All in-scope staff SHALL complete an annual AML/CFT refresher training programme. Annual training shall be updated to reflect: changes to regulatory requirements, updates to the platform's risk assessment, lessons learned from STR filings or internal incidents, and changes to the platform's products or customer segments.
Training content SHALL be tailored to staff function. Front-line customer-facing staff shall receive training specific to customer due diligence, unusual transaction indicators, and PEP/sanctions indicators. Compliance and risk staff shall receive expanded training on the platform's monitoring programme, escalation procedures, and regulatory filing requirements.
The platform SHALL record an acknowledgement for each training completion, capturing: staff identifier, training module code and version, completion date, delivery method, and acknowledgement timestamp. Records SHALL be retained for a minimum of seven years.
The Chief People Officer owns the training programme design and delivery schedule. The Chief Compliance Officer owns the training content for technical AML/CFT obligations. The Board Risk Committee SHALL receive an annual summary of programme completion rates and any material gaps.
Where completion rates fall below 95% for mandatory annual training, the Chief People Officer SHALL escalate to the CEO and produce a remediation plan within 10 business days.
Training records SHALL be made available to RBNZ, FMA, and AUSTRAC on request as evidence of the platform's compliance with its AML/CFT programme obligations.
Satisfying modules¶
| Module | Name | Mode | Description |
|---|---|---|---|
| MOD-049 | Open banking consent management | LOG |
app.staff_training_acks stores immutable, timestamped AML/CFT training completion records per staff member — gated by MOD-052 so only authenticated staff may write their own acknowledgement; retained for seven years under ADR-048 Cat 1 immutability. |
Part of AML / Financial Crime · Governance overview
Compiled 2026-05-22 from source/entities/policies/AML-010.yaml