AML Compliance Reporting Policy¶
| Code | REP-003 |
| Domain | Regulatory Reporting |
| Owner | Chief Compliance Officer |
| Status | Draft |
| Applicability | Platform |
| Jurisdiction | NZ + AU |
| Business domain | BD07 |
| Review date | 2027-03-25 |
Regulations: AML/CTF Act 2006 · AML/CFT Act 2009¶
Purpose¶
Govern the platform's AML/CFT regulatory reporting obligations, including suspicious activity reporting, threshold transaction reporting, AUSTRAC annual compliance reporting, and RBNZ supervisory returns. Defines the data sourcing, pipeline governance, submission controls, and sign-off requirements that ensure all AML regulatory reports are accurate, timely, and submitted through governed channels.
Scope¶
All AML/CFT regulatory reporting obligations in NZ and AU, including: suspicious activity reports (SARs) and suspicious transaction reports (STRs) to the relevant financial intelligence unit; threshold transaction reports (TTRs) and international funds transfer instructions (IFTIs) to AUSTRAC; annual AML/CFT programme compliance reports to RBNZ and AUSTRAC; and any ad-hoc regulatory requests from AML supervisors.
Policy statements¶
The platform SHALL submit a Suspicious Activity Report or Suspicious Transaction Report to the relevant financial intelligence unit whenever a transaction or customer behaviour meets the applicable reporting threshold. Submission SHALL occur within the timeframe prescribed by the relevant AML/CFT legislation. No SAR or STR SHALL be suppressed, delayed, or manually filtered outside the governed tipping-off controls.
Threshold transaction reports SHALL be submitted to AUSTRAC for all qualifying transactions. The TTR pipeline SHALL be automated — no manual assembly of TTR data is permitted. Submission timestamps and regulatory acknowledgements SHALL be recorded in the submission log.
All AML regulatory reports SHALL be sourced exclusively from governed data pipelines that trace to the AML monitoring system's transaction and alert datasets. Manual data assembly outside governed pipelines is prohibited.
Report generation logic SHALL be version-controlled. Each report submission SHALL be traceable to the pipeline version and the underlying dataset snapshot used to produce it.
The AML reporting pipeline SHALL perform automated pre-submission validation covering: completeness of all mandatory fields, referential integrity of customer and transaction identifiers, and consistency with prior period submissions where applicable. Validation failures SHALL block submission until resolved.
Every AML regulatory report submission SHALL require sign-off by the Chief Compliance Officer or a designated deputy before dispatch to the regulator. The sign-off SHALL be recorded in the submission log with timestamp and authority.
The annual AML/CFT programme compliance reports for NZ (RBNZ) and AU (AUSTRAC) SHALL document the platform's assessment of its AML/CFT programme effectiveness and identify any deficiencies and remediation actions.
Any AML reporting breach — including late submission, missed threshold transaction report, or material error in a filed report — SHALL be reported to the Chief Compliance Officer within one business day of identification and escalated to the relevant regulator if required.
Satisfying modules¶
| Module | Name | Mode | Description |
|---|---|---|---|
| MOD-019 | Regulatory report submission module | LOG |
Regulatory submission records maintained with submission timestamp and acknowledgement |
| MOD-026 | IFTI / CMIR reporting trigger | AUTO |
IFTI/CMIR batch prepared and submitted automatically — no manual extraction |
| MOD-037 | AUSTRAC / RBNZ AML reporting pipeline | AUTO |
AML reporting obligations discharged automatically — no manual submission process |
Part of Regulatory Reporting · Governance overview
Compiled 2026-05-22 from source/entities/policies/REP-003.yaml