When the Regulator Says Enough: Lessons for New Zealand AML CFT Reporting Entities

Elaine Ramsay
Dec 2, 2025
3 min read

Updated: Mar 14

Recent enforceable undertakings accepted by Department of Internal Affairs (DIA) send a clear message to all reporting entities under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009.

Compliance is not optional.

Where fundamental obligations are not met, regulatory action will follow.

Recent cases involving Pagemark Limited and Lexington Trust Services Limited mark an important point in the evolution of the regime. They signal a shift away from education and guidance alone, toward firmer enforcement where basic requirements are not in place.

What the recent cases tell us

Pagemark Limited

The Department identified that Pagemark Limited had:

Failed to maintain a compliant risk assessment
Failed to maintain an AML CFT programme
Failed to file prescribed transaction reports

Under the enforceable undertaking, Pagemark agreed to:

Cease all activities captured under the Act
Accept the resignation of its director, who also undertook not to act as a director of any similar business in the future

In commenting on the action, Serge Sablyak, AML CFT Director, noted that these obligations exist to protect the financial system from misuse. Where responsibilities are not met, businesses can be exposed to criminal exploitation.

He also emphasised that enforceable undertakings allow the Department to work with reporting entities to ensure obligations are properly understood and corrected, while still making regulatory expectations clear.

Lexington Trust Services Limited

A Department review found that Lexington Trust Services Limited had:

Failed to establish, follow, or maintain a compliant AML CFT programme
Failed to submit required suspicious activity reports

Under its enforceable undertaking, Lexington agreed to stop providing captured services, including:

Company formation services
Asset management services
Business transaction support

These services may only resume with the consent of DIA.

Importantly, the Department confirmed that no money laundering or terrorism financing was alleged. Regulatory action was taken because of non-compliance itself.

As Serge Sablyak stated, the Department will take action where there is a pattern of non-compliance. Compliance with AML laws is not optional.

Common themes across both cases

Core documentation

Risk assessments and AML programmes were either absent or non-compliant. These are foundational legal requirements under the Act.

Reporting failures

Required reports were not submitted. Reporting obligations underpin the intelligence-gathering function of the regime.

Governance oversight

There was limited awareness at leadership level of AML responsibilities. AML compliance sits squarely with directors and senior management.

Operational consequences

Both entities were directed to stop providing captured services. The Department can restrict operations until compliance is demonstrated.

What reporting entities should take from this

A current and functioning risk assessment and compliance programme is not administrative formalities. They form the foundation on which all other obligations rest.

Leadership oversight cannot be passive. Directors and senior managers must understand how AML obligations apply to their business and be able to demonstrate that understanding in practice.

Reporting obligations are central to the regime. Prescribed transaction reports and suspicious activity reports are not simply compliance tasks. They support the intelligence framework that protects the financial system as a whole.

Perhaps most importantly, good intentions are no longer enough. The Department now expects compliance to be active, evidenced, and maintained over time.

The broader signal from the regulator

New Zealand’s AML CFT regime has moved beyond its early establishment phase. Reporting entities are now expected to have embedded systems and processes that work in practice, not just on paper.

Where that foundation is missing, DIA has shown it is prepared to intervene decisively, including restricting the ability to carry on captured activities.

Effective compliance protects more than the ability to operate. It protects trust, reputation, and the integrity of the financial system that underpins New Zealand’s standing as a fair and transparent jurisdiction.

Recent enforceable undertakings accepted by Department of Internal Affairs (DIA) send a clear message to all reporting entities under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009.

Compliance is not optional.

Where fundamental obligations are not met, regulatory action will follow.

Recent cases involving Pagemark Limited and Lexington Trust Services Limited mark an important point in the evolution of the regime. They signal a shift away from education and guidance alone, toward firmer enforcement where basic requirements are not in place.

What the recent cases tell us

Pagemark Limited

The Department identified that Pagemark Limited had:

Failed to maintain a compliant risk assessment

Failed to maintain an AML CFT programme

Failed to file prescribed transaction reports

Under the enforceable undertaking, Pagemark agreed to:

Cease all activities captured under the Act

Accept the resignation of its director, who also undertook not to act as a director of any similar business in the future

In commenting on the action, Serge Sablyak, AML CFT Director, noted that these obligations exist to protect the financial system from misuse. Where responsibilities are not met, businesses can be exposed to criminal exploitation.

He also emphasised that enforceable undertakings allow the Department to work with reporting entities to ensure obligations are properly understood and corrected, while still making regulatory expectations clear.

Lexington Trust Services Limited

A Department review found that Lexington Trust Services Limited had:

Failed to establish, follow, or maintain a compliant AML CFT programme

Failed to submit required suspicious activity reports

Under its enforceable undertaking, Lexington agreed to stop providing captured services, including:

Company formation services

Asset management services

Business transaction support

These services may only resume with the consent of DIA.

Importantly, the Department confirmed that no money laundering or terrorism financing was alleged. Regulatory action was taken because of non-compliance itself.

As Serge Sablyak stated, the Department will take action where there is a pattern of non-compliance. Compliance with AML laws is not optional.

Common themes across both cases

Core documentation

Risk assessments and AML programmes were either absent or non-compliant. These are foundational legal requirements under the Act.

Reporting failures

Required reports were not submitted. Reporting obligations underpin the intelligence-gathering function of the regime.

Governance oversight

There was limited awareness at leadership level of AML responsibilities. AML compliance sits squarely with directors and senior management.

Operational consequences

Both entities were directed to stop providing captured services. The Department can restrict operations until compliance is demonstrated.

What reporting entities should take from this

A current and functioning risk assessment and compliance programme is not administrative formalities. They form the foundation on which all other obligations rest.

Leadership oversight cannot be passive. Directors and senior managers must understand how AML obligations apply to their business and be able to demonstrate that understanding in practice.

Reporting obligations are central to the regime. Prescribed transaction reports and suspicious activity reports are not simply compliance tasks. They support the intelligence framework that protects the financial system as a whole.

Perhaps most importantly, good intentions are no longer enough. The Department now expects compliance to be active, evidenced, and maintained over time.

The broader signal from the regulator

New Zealand’s AML CFT regime has moved beyond its early establishment phase. Reporting entities are now expected to have embedded systems and processes that work in practice, not just on paper.

Where that foundation is missing, DIA has shown it is prepared to intervene decisively, including restricting the ability to carry on captured activities.

Effective compliance protects more than the ability to operate. It protects trust, reputation, and the integrity of the financial system that underpins New Zealand’s standing as a fair and transparent jurisdiction.

Comments