Blogs

Get AML audit ready now, save yourself the headache later

With New Zealand’s AML/CFT requirements firmly in place, getting ready for an AML audit has never been more important. Whether you’re already regulated or preparing for your first audit, here’s what Kiwi businesses need to know about staying compliant and audit ready.

Why AML auditing matters in New Zealand

In New Zealand, every reporting entity—including financial institutions, real estate agents, lawyers, accountants, and others—must have a compliant AML/CFT programme, report suspicious activities, keep records for at least five years, and undergo regular independent audits every three years. The Department of Internal Affairs (DIA), Financial Markets Authority (FMA), and Reserve Bank of New Zealand (RBNZ) can (and do) inspect compliance programmes, and penalties for non-compliance can be significant.

Even if your first audit is some time away, having the right technology partner, like APLYiD, in place today enables you to track and store compliance information from the start, saving you on future admin and stress. We can help cut complexity and deliver secure digital onboarding, AML checks, and record keeping, keeping your business compliant and ready for any audit.

What’s covered under New Zealand AML/CFT law?

Businesses that are captured under AML/CFT law include banks, insurers, money remitters, law firms, real estate agents, and accounting practices.
You need an AML/CFT programme in place that must be risk-based, tailored to your business, and regularly reviewed and updated.
Customer due diligence (CDD): You must verify customers, beneficial owners, authorised representatives and instructing persons, and apply enhanced checks for high-risk individuals, such as politically exposed persons (PEPs)
You should have solid record keeping practices in place. All records related to transactions and CDD must be retained for at least five years after services have been provided. APLYiD’s new platform can help you store your records securely, in an audit-friendly format.
All suspicious activity reports and prescribed transaction reports (PTRs) should be reported to the NZ Police’s Financial Intelligence Unit (FIU) via their secure platform in the required timeframes. PTRs include:
- Large cash transactions (LCTs) of $10,000NZD or more
- International funds transfer instructions (IFTIs) for wire transfers of $1,000NZD or more, involving a NZ entity and an entity outside of NZ.
Independent audits of your AML/CFT processes and record keeping are required every three years. Audits often include checking if you’ve adhered to your programme.

These requirements may seem complex, but APLYiD can help you stay compliant with an audit-friendly platform that manages client onboarding, customer verification and record keeping from start to finish.

Your New Zealand AML audit-ready checklist

Confirm your business is registered and reporting to the correct NZ AML/CFT supervisor (DIA, FMA, or RBNZ).
Submit an annual AML/CFT report to your reporting authority which covers your AML/CFT activity, risk assessment, programme updates, staff training, volume of transactions and transaction type.
Develop and maintain a risk-based AML/CFT programme, signed off by senior management.
Ensure you follow your AML/CFT programme and maintain a record of doing so.
Schedule independent AML audits by a qualified third party not involved in programme design every three years.
Carry out customer due diligence (CDD) with ID verification checks.
Report suspicious activities within 3 working days, and prescribed transaction reports within 10 working days, via FIU’s secure online platform. (https://fiu.police.govt.nz/Home)
Retain all records, transactional and CDD, for at least five years. APLYiD’s new digital platform makes this easy with a clear, auditable trail.
Ensure ongoing staff training, leadership oversight, and clear compliance policies are in place.
Conduct a sample pre-audit to stress test your programme and processes.

Auditing red flags

Leaving audit prep till crunch time can grind your business to a halt while you scramble for documents. Get the right AML platform in place from day one and make audits a breeze.
Storing documents yourself is a risky move. System changes, hardware failures or file mismanagement could derail your compliance. We can help you keep everything you need secure, accessible, and audit-ready.
If your team is using different methods or missing crucial steps for ID checks you’re exposed. APLYiD standardises verification with compliant workflows.
Staff turnover is inevitable. If all your compliance knowledge walks out the door, business continuity is at risk. APLYiD’s people-friendly platform can help new team members pick up AML processes easily.

Stay audit-ready with APLYiD

Putting the right technology in place can help you get ahead of the changes and reduce the admin load on your staff. APLYiD’s new platform offers no nonsense AML compliance – stay compliant with confidence, from onboarding and customer due diligence right through to audits and record-keeping.

Australia's AML/ CTF laws - Big changes are on the way.

Is your business ready for the AUSTRAC Tranche 2 AML/CTF reforms? Here’s what you need to know

APLYiD, now inside Rex CRM - APLYiD X rex black banner

APLYiD partners with Rex to deliver simple AML compliance for Australia real estate agencies

406% increase in the account creation - thanks to faster, smoother, onboarding

How APLYiD increased account creation by 406% through quicker onboarding

Non-Compliance: What is could be costing you - blue banner

The hidden costs of non-compliance with AML laws

All you need to know: Biometric Privacy Code - red block

What you need to know about the new NZ Biometric Processing Privacy Code

APLYiD partners with MRI Software for no-nonsense AML compliance for Australian real estate agencies

Reasonable steps in compliance - what dpoes it mean? Shoe, bird, calculator

What does ‘reasonable steps’ really mean in AML compliance?

Total AML Complince - Whithout friction, bottlenecks or admin - Dark, calculator

APLYiD delivers total AML compliance – without friction, bottlenecks or admin

Get AML audit ready now, save yourself the headache later

Why AML auditing matters in New Zealand

What’s covered under New Zealand AML/CFT law?

Your New Zealand AML audit-ready checklist

Auditing red flags

Stay audit-ready with APLYiD

Read more

Is your business ready for the AUSTRAC Tranche 2 AML/CTF reforms? Here’s what you need to know

APLYiD partners with Rex to deliver simple AML compliance for Australia real estate agencies

How APLYiD increased account creation by 406% through quicker onboarding

The hidden costs of non-compliance with AML laws

What you need to know about the new NZ Biometric Processing Privacy Code

APLYiD partners with MRI Software for no-nonsense AML compliance for Australian real estate agencies

What does ‘reasonable steps’ really mean in AML compliance?

APLYiD delivers total AML compliance – without friction, bottlenecks or admin

AML vs KYC explained: What professionals need to know

Read more

Is your business ready for the AUSTRAC Tranche 2 AML/CTF reforms? Here’s what you need to know

APLYiD partners with Rex to deliver simple AML compliance for Australia real estate agencies

How APLYiD increased account creation by 406% through quicker onboarding

The hidden costs of non-compliance with AML laws

What you need to know about the new NZ Biometric Processing Privacy Code

APLYiD partners with MRI Software for no-nonsense AML compliance for Australian real estate agencies

What does ‘reasonable steps’ really mean in AML compliance?

APLYiD delivers total AML compliance – without friction, bottlenecks or admin

AML vs KYC explained: What professionals need to know