Independent and Trusted

The AML/CFT Act states that the person who conducts the audit must be independent, and not involved in the development of your Risk Assessment, or the establishment, implementation or maintenance of your AML/CFT Programme.

In addition the Department of Internal Affairs (DIA) states: 

"Ideally the auditor should understand your industry, and have audit experience. It is imperative you are comfortable with the auditor you appoint as we may request that you provide evidence to demonstrate to us how your auditor is appropriately qualified"

Less Interruption and Stress For You

For businesses interruption to business flow and confidentiality of information are major concerns, particularly when this is a mandatory legislated compliance exercise every two years.

Our job is to keep this disruption as insignificant as possible for you.  We aim to work around you and your team as quickly as possible and reduce the stress of the process to a minimum.  The information provided is kept secure and the report and any recommendations goes to you.  We do not share information with anyone else.  You, as the reporting entity, must however provide the audit report to the supervision (DIA) if requested s59B(5) and provide the results and implications of any audit undertaken in your yearly annual AML/CFT report s60(2)(b).

The audit process should not be seen as a threatening cloud, but an opportunity for fine tuning and ensuring you're getting things right.

We also take into consideration that some businesses have implemented programs that allow the capture of information that makes the audit and the time to process it a little bit easier so we offer a 10% discount for anyone using 2Shakes onboarding/AML software.

Talk to us about your situation and how we can help.  

We provide independent audits across New Zealand

We audit only those entities designated as non-financial businesses and professions.  This includes lawyers, accountants, bookkeepers, real estate and high value dealers, the 'phase two' entities captured by the AML/CFT Act and travel throughout New Zealand.

As a reporting entity you should already have in place an AML/CFT Risk Assessment and Compliance Programme. You will also be aware of the need to have your compliance with the Act independently audited at least every two years, from the date your activities were first captured, or as otherwise required by the Department of Internal Affairs. If you have any doubt regarding your obligations, please get in touch, we're happy to answer your queries.

The date your organisation was captured could coincide with many other organisations so we recommend you think about booking your audit early to avoid the pressure points of 1st January, 1st July, 1st August and 1st October.  

These are the dates up to which the audit must review your AML/CFT programme. The audit work should be completed (i.e. the auditor should do their review/testing) by this date.

What's Involved?

The independent audit is to verify that your Risk Assessment identifies the money laundering and terrorist financing risks faced by your business, that you are keeping the assessment current, and that you are effectively determining the levels of risk faced by your business. In essence the independent audit of the Risk Assessment and AML/CFT Programme is intended to check that you are implementing your programme effectively.


When you engage us we will provide you with an Engagement Letter which will provide you with the objective and scope of the engagement, note our independence and responsibilities, confirm your responsibilities and acceptance, and provide any other information relevant to the audit.  

You will then be provided with a checklist of documents, information and records to be made available to the auditor.  Once these have been provided the audit will commence.  A site visit will be arranged with you where walk-through testing, observation and interviews with the compliance officer, senior management and staff would be undertaken.   


An evaluation of the evidence obtained will then be made and a draft report given to you so you have the opportunity to correct anything that we may have misinterpreted. After this process has been finalised we will issue you with our Independent Audit Report.

What is the difference between our own review, an independent audit, and a desk-based review (by Internal Affairs) of my risk assessment and AML/CFT programme?

Your own (internal) review is a process that you carry out to ensure that your risk assessment and AML/CFT programme are up to date and to help you identify and remedy any areas of deficiency; 

The independent audit is to verify that your risk assessment identifies the money laundering/terrorist financing risks faced by your business, that you are keeping the assessment current, and that you are effectively determining the levels of risk faced by your business. In essence the independent audit of the risk assessment and AML/CFT programme is intended to check that you are implementing your programme effectively;

The desk-based review by Internal Affairs is to ensure that you have produced a risk assessment and AML/CFT programme that meet the requirements of the AML/CFT Act.