The AML/CFT Act Has Changed. What Actually Matters?
- Elaine Ramsay

- Jun 10
- 3 min read
If you've seen the recent AML/CFT reform announcements and thought, "I'll get to that when I have time," you're probably not alone.
For many reporting entities, particularly for those captured under phase 2 of the AML/CFT regime such as lawyers, real estate agents and accountants , the changes have arrived at a busy time.
Some firms are preparing for independent audits.
Others are working through audit findings and remediation plans.
Risk Assessments and Compliance Programmes are being reviewed and updated.
Annual AML/CFT reports are due in July.
Client files still need to be onboarded and reviewed.
Against that backdrop, many AML professionals are asking a simple question:
What actually changed?
Effective from 1 July 2026, reporting entities should be aware of several significant developments:
DIA becomes the sole AML/CFT supervisor.
A new Identity Verification Code of Practice (IVCOP) comes into force.
Greater flexibility is introduced in certain customer due diligence and verification requirements.
Lower-risk trusts may benefit from a more proportionate approach to verification in some circumstances.
The reforms signal a broader move toward reducing unnecessary compliance burden while maintaining AML/CFT outcomes.
Further reforms are expected as the wider reform programme continues.
For many reporting entities, the individual changes are less important than the overall direction of travel.
Taken together, the reforms point toward a more practical and proportionate regime, , where the focus is less on applying the same process in every case and more on matching the level of due diligence to the risk presented.
That theme appears repeatedly throughout the reforms and is likely to shape how reporting entities approach AML/CFT compliance in the years ahead.
1. DIA Becomes the Sole Supervisor
One of the most significant structural changes is the move to a single AML/CFT supervisor, effective 1 July 2026.
From that date, the Department of Internal Affairs (DIA) will become the sole AML/CFT supervisor, replacing the previous multi-supervisor model involving DIA, the Financial Markets Authority (FMA) and the Reserve Bank of New Zealand (RBNZ).
The practical impact may not be immediate. However, over time reporting entities may see greater consistency in:
guidance;
supervisory expectations;
inspection approaches;
remediation expectations; and
enforcement outcomes.
This is likely to be one of the most important developments to watch over the next few years.
2. A More Proportionate Approach to Compliance
This may be the most important theme running through the reforms.
The intention is to reduce unnecessary compliance burden where the risks do not justify it.
For reporting entities, the question increasingly becomes:
Are we collecting information because it helps us understand risk, or because we have always collected it?
The reforms appear to encourage a more risk-based and proportionate approach.
That does not mean less AML. It means applying the right level of AML.
3. Trusts, Beneficial Ownership and Control Remain Important
Trusts continue to attract attention because they can make it more difficult to understand who ultimately sits behind a customer.
The reforms do not remove the need to understand trust structures.
Nor do they remove the need to identify relevant persons connected to a trust.
However, they do support a more proportionate approach in some lower-risk situations.
For AMLCOs, the key takeaway is this:
The rationale behind your decision-making may become just as
important as the information you collect.
4. Source of Funds and Source of Wealth Are Still Relevant
One area that has generated significant discussion is source of funds and source of wealth.
The reforms should not be interpreted as removing these concepts.
They remain important components of enhanced due diligence.
What may change is the extent to which additional information is required in lower-risk circumstances.
The practical question becomes:
What information is necessary to understand and mitigate the identified risk?





Comments