top of page
ChatGPT Image Mar 15, 2026, 05_03_24 PM.png

The AML/CFT Act Has Changed. What Actually Matters?

  • Writer: Elaine Ramsay
    Elaine Ramsay
  • Jun 10
  • 3 min read

If you've seen the recent AML/CFT reform announcements and thought, "I'll get to that when I have time," you're probably not alone.

For many reporting entities, particularly for those captured under phase 2 of the AML/CFT regime such as lawyers, real estate agents and accountants , the changes have arrived at a busy time.

Some firms are preparing for independent audits.

Others are working through audit findings and remediation plans.

Risk Assessments and Compliance Programmes are being reviewed and updated.

Annual AML/CFT reports are due in July.

Client files still need to be onboarded and reviewed.

Against that backdrop, many AML professionals are asking a simple question:

What actually changed?

Effective from 1 July 2026, reporting entities should be aware of several significant developments:

  • DIA becomes the sole AML/CFT supervisor.
  • A new Identity Verification Code of Practice (IVCOP) comes into force.
  • Greater flexibility is introduced in certain customer due diligence and verification requirements.
  • Lower-risk trusts may benefit from a more proportionate approach to verification in some circumstances.
  • The reforms signal a broader move toward reducing unnecessary compliance burden while maintaining AML/CFT outcomes.
  • Further reforms are expected as the wider reform programme continues.

For many reporting entities, the individual changes are less important than the overall direction of travel.

Taken together, the reforms point toward a more practical and proportionate regime, , where the focus is less on applying the same process in every case and more on matching the level of due diligence to the risk presented.

That theme appears repeatedly throughout the reforms and is likely to shape how reporting entities approach AML/CFT compliance in the years ahead.

1. DIA Becomes the Sole Supervisor

One of the most significant structural changes is the move to a single AML/CFT supervisor, effective 1 July 2026.

From that date, the Department of Internal Affairs (DIA) will become the sole AML/CFT supervisor, replacing the previous multi-supervisor model involving DIA, the Financial Markets Authority (FMA) and the Reserve Bank of New Zealand (RBNZ).

The practical impact may not be immediate. However, over time reporting entities may see greater consistency in:

  • guidance;
  • supervisory expectations;
  • inspection approaches;
  • remediation expectations; and
  • enforcement outcomes.

This is likely to be one of the most important developments to watch over the next few years.

2. A More Proportionate Approach to Compliance

This may be the most important theme running through the reforms.

The intention is to reduce unnecessary compliance burden where the risks do not justify it.

For reporting entities, the question increasingly becomes:

Are we collecting information because it helps us understand risk, or because we have always collected it?

The reforms appear to encourage a more risk-based and proportionate approach.

That does not mean less AML. It means applying the right level of AML.

3. Trusts, Beneficial Ownership and Control Remain Important

Trusts continue to attract attention because they can make it more difficult to understand who ultimately sits behind a customer.

The reforms do not remove the need to understand trust structures.

Nor do they remove the need to identify relevant persons connected to a trust.

However, they do support a more proportionate approach in some lower-risk situations.

For AMLCOs, the key takeaway is this:

The rationale behind your decision-making may become just as
important as the information you collect.

4. Source of Funds and Source of Wealth Are Still Relevant

One area that has generated significant discussion is source of funds and source of wealth.

The reforms should not be interpreted as removing these concepts.

They remain important components of enhanced due diligence.

What may change is the extent to which additional information is required in lower-risk circumstances.

The practical question becomes:
What information is necessary to understand and mitigate the identified risk?
That is ultimately a risk assessment exercise.

5. Identity Verification Is Evolving

The updated Identity Verification Code of Practice introduces a number of practical changes.

It also provides a glimpse of where identity verification may be heading in the future.

This includes recognition of emerging digital identity frameworks and digital credentials.

For most reporting entities, however, the practical reality remains the same.

Existing onboarding processes, electronic verification providers, biometric checks and traditional identity documents are likely to remain the primary verification tools for some time.

6. The Reform Programme Is Not Finished

The recent changes form part of a broader reform programme. Further guidance, regulatory tools and legislative developments are expected as the revised framework takes shape.

While many of the current changes focus on reducing unnecessary compliance burden and modernising aspects of the regime, they are unlikely to be the last reforms reporting entities will see.

Final Thoughts

The reforms matter because they signal a more practical and proportionate AML/CFT framework.

The core task remains the same: understand the customer, understand the risk, apply the right level of due diligence, and document the reasoning.

That is where the real shift sits. Less automatic collection. More considered judgement.

Comments


  • Grey LinkedIn Icon
  • Grey Facebook Icon

             © 2026 The AML Space | Christchurch, New Zealand

bottom of page