The one thing you want from me is the one thing I can’t give you – concrete and unarguable clarity on what the New Zealand AML Supervisors need you to do to reach and maintain AML/CFT compliance.

“Just tell us exactly what to do, and we’ll do it,” you say. “Principles are all very well, but our staff need simple instructions. Just give us a list of things to tick off and we’ll do it,” you declare. “This feels unnecessarily complex!” you despair when I tell you the truth.


Truth is, you’re asking for something you will never get. You will never get concrete, unarguable clarity on what your AML/CFT Supervisor, be it the DIA, FMA, or RBNZ, needs you to do to reach and maintain compliance.

Here, I’m going to tell you why that is, and what you can do instead (that’s actually better anyway).

Why You Won’t Get It

Let’s use the metaphor of driving and road rules.

Most principle-based regulatory compliance regimes explicitly lay out the rules you need to follow when driving. Red traffic lights mean stop, don’t speed higher than 9km/hr over the advertised-limit, give left-turning vehicles right of way.

A good example of this is the health and safety compliance regime. Put a “wet floor warning” sign up to prevent people slipping in your tea room; designate an employee as “safety warden” and buy them a yellow hard hat. Because you are a grown-up with common sense, you know how to assess and manage health and safety risks and therefore comply comfortably with that regulatory compliance regime.

You know how to get where you need to go –


In the AML/CFT compliance regime, you’re being asked to do something that is much further out of most of our realm of experience.  You’re assessing risks associated with criminal networks and terrorist enterprises.

These risks are much more abstract, complex, and dynamic than the risk of an employee hitting their head on a shelf. This means you are required to use new and different tools, information, and attitudes to assess and manage these risks. You feel uncomfortable because you don’t know if you’re getting it right.

And here’s the very interesting thing (I KNOW YOU’RE SKIMMING THIS ARTICLE CAPITALS INSERTED TO SIGNAL THE BIG POINT IS COMING) – your AML/CFT Supervisor, the DIA, FMA, or RBNZ, don’t know if they’re getting it right either. They’re also responsible for demonstrating to international bodies like FATF that they are adequately managing the abstract, complex, and dynamic risks associated with criminals and terrorists in and around New Zealand. They be stressing too!

The road-rule of AML/CFT compliance, then, is do-your-best-to-keep-yourself-safe-and-don’t-hurt-anyone-else –


What To Do Instead

First, stop wishing it was different. The interaction of crime and terrorism in economic systems is a big, hairy, knotty ball of complexity – if there was a simple, quick, and cheap solution to this problem, I’m betting the government would give it a go. AML/CFT compliance will likely never be easy, quick, and cheap and your ulcers will stop inflaming when you stop fighting this fact.

But your business’ AML/CFT compliance regime can definitely be easier, quicker, and cheaper.

It could be your AML/CFT Risk Assessment is too generic so doesn’t provide you with any specific high-risks to pay attention to. Maybe your highly paid staff are spending resentful hours chasing down irrelevant photocopies of a customer’s March 2018 power and internet bill. Or could it be that your CEO has not clearly communicated to your sales teams that AML/CFT compliance team members are essential to getting the best and biggest deals through.

Maybe your AML/CFT Compliance Officer is not being celebrated for their magnificent traffic-mustering genius –



You Have The Power And The Responsibility

So the great news is that you have an immense amount of freedom and power to design and build an AML/CFT compliance regime that is an asset to your business and your customers. We work with companies every day who feel confident flowing with this complex regime.

The price of this freedom and power is responsibility. The onus is on you to proactively learn about the complex, dynamic, and often abstract risks of crime and terrorism being associated with your particular business. Asking me for a one-page list of to-dos, or wishing for a well-lit tar sealed motorway to race down, are acts of fantasy.

The truth is actually much more exciting than that.

Claire Piper is the Director of Fiducia. Connect with Claire on LinkedIn