DIA’s enforcement history shows that AML/CFT breaches in the legal sector are not hypothetical. Foster & Milroy, Kidd Legal and PSB each provide a clear reminder that law firms must be able to show more than AML/CFT documents. They must be able to evidence that their risk assessment and compliance programme are current, understood, followed and working in practice.

A Hamilton law firm’s $60,000 AML/CFT fine carries a wider warning for the legal sector. The Foster & Milroy case is a reminder that AML/CFT compliance must be current, evidenced and operating in practice, not just sitting on paper.

Recent mortgage fraud typologies highlight a growing risk for law firms, where third party funding, inconsistent explanations, and transaction structures may signal activity that requires closer scrutiny.

The proposed AML/CFT levy would see DNFBPs contribute around $1.6 million annually. What might this mean in practical terms for law firms and their clients?

This guide highlights common weaknesses identified during AML/CFT supervisory reviews and helps firms identify areas where their framework may require attention.

This short checklist is designed to help law firms quickly assess whether their AML/CFT framework remains aligned with current supervisory expectations. 1. Risk Assessment Has your AML/CFT Risk Assessment been reviewed to reflect the 2024 National Risk Assessment and recent DIA guidance? Does it accurately reflect the types of clients, services, and transactions your firm actually undertakes? Is there a clear connection between your identified risks and the controls described

In February 2026 the Department of Internal Affairs reported the findings of a review involving 30 Designated Non-Financial Businesses and Professions (DNFBPs). The Department noted that while many reporting entities had risk assessments and AML/CFT programmes in place, most were not adequately implementing processes to monitor, examine and keep written findings for high-risk customers, activities or transactions. Most DNFBPs sampled are not adequately implementing a process

Recent commentary from the Department of Internal Affairs has highlighted weaknesses in how Designated Non-Financial Businesses and Professions (DNFBPs) monitor higher-risk customers, activities and transactions. In its February 2026 supervisory notice, DIA reported that while many reporting entities had risk assessments and AML/CFT programmes in place, most were not adequately implementing processes to monitor, examine and keep written findings for higher-risk situations. Fo

How AML CFT supervisors respond to non-compliance Recent Department of Internal Affairs (DIA) cases, including those involving Pagemark Limited and Lexington Trust Services Limited, show how enforcement powers are applied in practice. Supervisors are equipped with a range of measures to correct behaviour, protect the financial system, and maintain sector standards. This enforcement approach will sit within a changing supervisory structure. Under the announced single superviso

Recent enforceable undertakings accepted by the Department of Internal Affairs signal a clear shift in New Zealand’s AML CFT regime. These cases reinforce that foundational obligations must be met in practice, and that where compliance failures persist, regulatory action will follow even in the absence of proven money laundering.

This final article in the Insights trilogy examines the legal framework that gives New Zealand’s AML and CFT regime its force. It outlines how legislation translates international standards into enforceable obligations, and why understanding the law is essential to applying the regime with confidence, judgment, and proportionality.

This first article in an Insights trilogy explores why New Zealand has an AML and CFT regime. It examines the international context, the role of trust as a national asset, and why safeguarding system integrity matters in a small, connected economy.

This second article in the Insights trilogy examines how New Zealand’s AML and CFT regime operates in practice. It explores the risk based framework, the role of judgment, and the realities organisations face when applying obligations day to day with imperfect information.

This reflection traces my hesitant entry into AML work at a time when the profession viewed it with apprehension. What began as a practical decision gradually became a deeper commitment to safeguarding trust, integrity, and the values that underpin New Zealand’s institutions.