What does ‘reasonable steps’ really mean in AML compliance?

When it comes to AML compliance, the government’s asking real estate agents and lawyers – like you – to take reasonable steps to verify your clients and manage your risks.

Reasonable steps sounds pretty vague, though. That’s why we’re here to clear that up and give you confidence that you’re following a consistent and correct approach for every client, every activity, every time.

The risks of not following AML compliance are stark: your reputation is on the line, you risk disrupting business, and you’re up for some hefty legal consequences and financial implications.

The last thing we want is for you to tiptoe around “reasonable steps”, second-guess every decision, and have that nagging fear of dropping the ball.

Reasonable steps can be used in verifying identity where standard verification is not possible, as a backup plan if your client fails the first level of AML checks, or if they are deemed higher risk.

So, we see 3 priorities here:

1. You want to minimise how often you have to resort to reasonable steps.
2. You want the steps you take to match the level of risk – not too much for low-risk and the right amount for medium to high risk.
3. When you do need to follow reasonable steps – to feel confident you’re doing it right.

A heads-up on what to expect from this blog: we’re not going to get super specific on scenarios and the types of reasonable steps. Please don’t take this as individual legal advice – it’s more to give you general context on the topic of AML compliance. That said, we’ll point you in the right direction if you need more info on the finer details.

Onboarding your clients

The activity you’ll do most in AML compliance is onboarding – so let’s start here. When it’s time to onboard a client, there are several phases you must complete:

• ‍Verify your clients: You need to verify and easily re-verify your clients using the right AML, KYC, and KYB checks.
  APLYiD flags when identity verification checks have not passed the standard threshold, helping you decide when to take additional steps.
• Conduct due diligence (either standard or enhanced – based on the client’s risk profile).
  APLYiD guides you through this process and flags when you need to up the ante because of heightened risk like: country of origin, client appears on a PEP list or adverse media check, or the source of funds.
• Record their risk rating (low, mediumand high) and record your reasons for this decision.

The other phase – which is significant but not as frequent – is your ongoing monitoring:

• Regular reviews
• Suspicious activity reporting – APLYiD flags when an activity requires more caution, so you can determine if you need to send a Suspicious Activity Report (SAR) to the authorities.
• Audits – APLYiD makes auditing faster and smoother because everything’s stored in one place.

Reasonable steps aren’t the process you take all the time. It’s the backup when something fails.

You must follow the standard verification processes first. For example, if done digitally, the AML checks include ID, live face match, and address verification.

It’s only when these fail – for example you can’t prove your client’s address because they’ve just moved countries – that you fall back on reasonable steps.

APLYiD is designed to minimise the grey areas of AML compliance.

AML Compliance New Zealand – where to turn for more info.

As promised, if you’re after more guidance on the specifics of reasonable steps, we recommend you check out these links:

• Guidance from the Financial Markets Authority
• AML and CTF guidance from the Department of Internal Affairs
• Useful frequently asked questions from the DIA

There’s a case for going above and beyond: you get a uniform process, remove the ambiguity, and have better records.

Interestingly, many businesses discover that going above and beyond minimum requirements actually reduces complexity.

Instead of having different processes for different risk levels – or relying on individual judgement calls – they use the same approach for everyone.

Take AML biometric verification. You might not legally need it for every client, for example if you’ve met them face-to-face, but using it consistently means staff don’t have to remember different procedures.

This approach removes confusion about whether a particular client needs a specific check, or whether meeting them in person changes the requirements. Or where you’ve scanned and stored their ID.

We know a mid-sized real estate agency who used to have different AML compliance procedures for different clients. Staff got confused about which checks to perform for each situation. Training new employees was a nightmare.

The agency decided to overhaul this and instead carries out AML biometric checks (using APLYiD) for every client, regardless of risk level or whether they verified their ID in person too. Yes, it’s more than strictly necessary in some cases – but overall it saves them time, money and stress.

The benefits of this approach are immense:

1. ‍Staff training is simpler. There’s one process for everyone. A lot of businesses we talk to don’t have resources for a dedicated compliance officer with years of anti-money laundering experience. It’s more likely someone senior will take on compliance responsibilities alongside their other duties.‍
2. Human error rates drop. No more “which checklist do I use for this client?” moments.‍
3. Record keeping becomes uniform. When audit time arrives your consistency around documentation pays off, making the whole experience smoother. Auditors can gain access to your APLYiD records which means they don’t need access to your Dropbox or to trawl through paperwork. ‍
4. Send the right signal to auditors. Many auditors already know and trust APLYiD so this is a clear sign you take AML compliance seriously. ‍
5. You avoid tricky timing issues. No second guessing yourself around when verification has to happen.

AML compliance will always have grey areas.

Unfortunately, you can’t completely steer clear of falling back on “reasonable steps” and using your discretion. There’s always going to be verification fails and those out-of-the-box activities.

But with APLYiD you’re less likely to come across ambiguous situations because you get a clear, streamlined, low-admin approach with these 4 simple steps:

1. ‍Onboard – Requestthe right docs every time with guided document collection‍
2. Verify – Verify and easily re-verify your clients using the right AML, KYC, and KYB checks
3. ‍Manage – View and manage all AML activities and risks – for every client – in one place‍
4. Monitor & relax – Set risk levels, automate review alerts and set up ongoing monitoring

The next logical step for your AML Compliance: Get started with APLYiD today.

We’ve designed it to be so easy you don’t need to speak to us, book a demo, or get any training.