Skip to main content
CDD Reference Guide

Learn what CDD is and how to perform it in a variety of situations.

Jessica avatar
Written by Jessica
Updated over a year ago

This guide is to be read in conjunction with your Risk Assessment and Compliance Programme.

Table of contents - jump to...

Section 1: Customer Due Diligence under the AML/CFT Act

There are three types of CDD under the Act: Standard, Simplified and Enhanced.

Standard CDD is the default level of CDD that applies to all low-medium risk clients, unless the client qualifies for Simplified CDD. Enhanced CDD applies higher risk clients/transactions and for certain types of clients deemed to be higher risk from an ML/FT perspective.

1.1 When do I need to do CDD?

You must conduct CDD in the following circumstances:

  • When you establish a business relationship with a new client for a captured activity.

  • A client seeks to conduct an occasional transaction or occasional activity through you.

  • In relation to an existing client, and according to the level of risk involved:

    • there has been a material change in the nature or purpose of the business relationship; and

    • you consider that you have insufficient information about the client.

  • As soon as practicable after you become aware that an existing account is anonymous.

1.2 Who do I need to complete CDD on?

You must identify and verify:

  • the client;

  • each beneficial owner of the client; and

  • each person acting on behalf of the client including the authority to act on behalf of the client e.g. a lawyer or representative of your client’s who is giving you instructions on their behalf.

What is a beneficial owner?

A beneficial owner is any individual (natural person) who satisfies one or more of the below elements:

  • the individual has effective control of the client; or

  • the individual is a person on whose behalf a transaction is conducted;

  • the individual owns more than 25% of the client or person on whose behalf a transaction is conducted (e.g. direct/indirect shareholders).

What is effective control?

Effective control is the ability to exercise control or influence over a company or entity. Typically, this will be the directors of a company or entity or those who hold senior positions. It could also be those who are funding the company, so this is something else that you will need to consider, and where relevant, enquire about.

Things to consider:

  • There may be more than one beneficial owner associated with the client.

  • If a person acting on behalf is unable to provide the information required that person will not be able to undertake any transactions in respect of that client.

  • There must always be at least one beneficial owner identified when dealing with entity type clients.

1.3 What do I need to get?

As a starting point, the following identity information must be obtained for each relevant person:

  • the person's full name;

  • the person's date of birth;

  • if the person is not the client, the person's relationship to the client;

  • the person's address or registered office;

  • the person's company identifier or registration number; and

  • any information prescribed by regulations.

You will need to refer to the relevant section for each client type (individual, company, trust etc) in this guide for guidance on how to obtain and verify this information and what other information you will need.

Nature and Purpose

In addition to the above, you must also obtain:

  • information on the nature and purpose of the proposed business relationship between the client and your organisation; and

  • sufficient information to determine whether the client should be subject to Enhanced CDD.

What is the nature and purpose of the business relationship?

Reporting entities are required to get information on the nature and purpose of the proposed business relationship with their clients. It includes understanding what the client is trying to achieve, how much business (volume and value) is expected, and how regular their interactions will be.

‘Nature’ refers to the client, products or services, etc. (i.e. what the client is bringing to the business relationship including expected volumes of business and how regular interactions might be).

‘Purpose’ relatesto the uses that the client intends to put the products/services to (i.e. why the client wants the particular product or service and what they are using it for).

1.4 What is a Politically Exposed Person? (PEP)

A Politically Exposed Person (PEP) is an individual who holds, or has held at any time in the preceding 12 months, in any overseas country, certain prominent public functions. This includes heads of state or of government, government ministers, senior judicial or military officials, senior foreign representatives, ambassadors or high commissioners, senior executives of state/government owned enterprises and the Reserve Bank Governor (or equivalent position). The definition of PEP also includes any immediate family member of the individual (i.e. spouse, partner, child, parent, etc.) and certain known associates (having regard to publicly available information) of an individual who is a PEP.

It's important to note that the Act only considers foreign PEPs. While you should confirm with all clients whether they are a PEP or not, you will need to pay particular attention to those who have an obvious foreign connection.

The following indicators, amongst others, to be signs of an obvious foreign connection:

  • The client provides foreign identity verification documents.

  • The client provides foreign contact information (e.g. mailing address, phone number or email suffix).

  • The client indicates that they have migrated to New Zealand within the last 12 months.

You will need to screen any clients who you suspect might be a PEP. You should screen any clients who have an obvious foreign connection.

Your AML/CFT Compliance Officer will guide you through the screening process.

What do I need to do when I encounter a PEP?

You MUST get approval from a senior manager before beginning a business relationship with a PEP. You will need to contact with your AML/CFT Compliance Officer who will guide you through the things you need to do, part of this will require you to conduct enhanced CDD as set out in s9 of this guide.

Section 2: Individuals

2.1 Who do I need to conduct CDD on?

You need to complete CDD on the following people:

  • the client;

  • each person acting on behalf of the client including the authority to act on behalf of the client.

2.2 What do I need to get?

The following identity information must be obtained for each relevant natural person:

  • the person's full name;

  • the person's date of birth;

  • if the person is not the client, the person's relationship to the client; and

  • the person's residential address.

See Appendix 1 for the acceptable combination of identity documents that you need to obtain. Its important that you obtain documents in line with these options.

2.3 What do I need to get for address verification?

You have some flexibility when it comes to address verification. Ideally, you need something from an independent and reliable source. We have included some documents considered to be reliable and independent.

Residential Address Verification

The following documents are acceptable as reliable and independent verification of address:

  • NZ Driver Licence (if address included)

  • Recent (less than 12 months old) bank statement including the client's residential address

  • Recent (less than 12 months old) utility or rates bill including the client's residential address

  • Statement issued by a government agency to the person in the 12 months immediately preceding the date of application (e.g. a statement from the Inland Revenue Department)

  • A copy of a report from a credit reporting agency

If you can’t get one of the above, but you have visited the client in their home, a statement to the following effect could be used:

“I visited [insert name of client] at the following address [insert address] on [insert date and time]. During my visit I have gained a reasonable level of assurance that this person resides here. [your name and your signature]”

Section 3: Companies

3.1 Who do I need to perform CDD on?

You need to do CDD, in line with the requirements for individuals in s1, on people who:

  • Own a prescribed threshold of more than 25% of the client.

  • Has authority to act on the account (i.e. signing authority).

  • Exercise effective control over the client.

  • Is a person on whose behalf the transaction is conducted.

If there are no shareholders over 25% then you will need to onboard the directors and those who exercise effective control over the company.

3.2 What do I need to get?

You will need to obtain copies of the following documents – remember, it is not enough just to sight them, you must obtain a copy.

Identity requirement

Verification documents

Full name of the company

Certificate of Incorporation (can be verified by an online Companies Office search: www.business.govt.nz/companies)

Full address of the company's registered office and principle place of business

A Companies Office online search (www.business.govt.nz/companies)

Registration number of the company

Certificate of Incorporation (can be verified by an online Companies Office search: www.business.govt.nz/companies)

Names of the directors

A Companies Office online search (www.business.govt.nz/companies)

Section 4: Trusts

4.1 Who do I need to complete CDD on?

You need to do CDD, in line with the requirements for individuals in s1, on the following:

  • All trustees and settlors.

  • Verify the identity of the trustees who are entitled to act on behalf of the trust including documentary evidence of their authority to act, in accordance with the Code.

When professional entities are appointed, for example as corporate trustee or agent, you need to identify the individual(s) representing the corporate trustee or agent.

4.2 What do I need to get?

The table below sets out what you need to obtain. It is important that you get a copy of the trust deed and any subsequent deeds of amendment. You then need to conduct enhanced CDD in line with s9.

Identity Requirement

Verification Documents

Full name of the Trust

Trust Deed or relevant pages of the Trust Deed.

Note that the client must provide any amendments to the Trust Deed that are made after the original document was submitted.

Full business name of the trustee in respect of the Trust

Trust Deed.

Note: If a charitable Trust, you must also obtain the objects of the Trust.

Address of the Trust

A recent utility bill or bank statement for the address (not more than 12 months old).

Natural persons to verify

  • Collect the name, date of birth, and residential address of all trustees and settlors.

  • Verify the identity of trustees who are entitled to act on behalf of the Trust including documentary evidence of their authority to act.

  • Verification as per individuals.

Beneficiaries

Where there are less than 10 beneficiaries obtain their name and date of birth. There is no requirement to verify these individuals.

Discretionary and charitable trusts

If the trust has 10 or more beneficiaries, or is a discretionary or charitable trust, obtain and record the class of each type of beneficiary.

Note: you must conduct additional steps around the collection and verification of a client's source of funds/wealth, per section 7 on enhanced CDD.

Section 5: Partnerships

5.1 Who do I need to do CDD on?

You need to do CDD, in line with the requirements for individuals in s1, on all partners including all partners or agents with the authority to operate the account.

5.2 What do I need to get?

You will need to obtain copies of the following documents. Remember - it is not enough to just sight them, you must obtain a copy.

Identity requirement

Verification documents

Full business name

Partnership Agreement

Address of the business

A recent government document, utility bill or bank statement for the address (not more than 12 months old.

Natural persons to verify

  • A list of all partners should be maintained. All partners must be identified and verified including all partners or agents with the authority to operate the account.

  • Verification is as per 'Natural Persons'.

Section 6: Simplified Customer Due Diligence

The Act permits Simplified CDD to be conducted on certain categories of clients.

6.1 Who can I do Simplified CDD on?

  • The Act allows for simplified CDD on the following types of clients:

  • A listed issuer (as defined in section 6(1) of the Financial Markets Conduct Act 2013);

  • A New Zealand Government department;

  • A New Zealand Local Authority;

  • The New Zealand Police;

  • A New Zealand State enterprise or State enterprise that is located in a country with sufficient AML/CFT systems;

  • The New Zealand Security Intelligence Service;

  • New Zealand licensed statutory supervisors;

  • New Zealand trustee corporations, when acting for themselves;

  • New Zealand Crown entities;

  • Overseas government bodies that correspond to a New Zealand government department and are located in a jurisdiction with sufficient AML/CFT systems;

  • New Zealand registered banks or licensed insurers; and

  • A company, or a subsidiary of that company, whose equity securities are listed in New Zealand or on an overseas stock exchange with sufficient disclosure requirements and in a country with sufficient AML/CFT measures in place and their subsidiaries.

6.2 What do I need to get?

If a client qualifies for Simplified CDD, there is no requirement to identify or verify beneficial ownership of the client. The following information should be collected:

  • Client's full name

  • Confirmation of how the client qualifies for Simplified CDD

  • Person acting on behalf of - full name

  • Person acting on behalf of - date of birth

  • Person acting on behalf of - relationship to client

  • Person acting on behalf of - authority to act on behalf of client

The client's full name, and the name and date of birth and authority of the person acting on behalf of the client must be verified in accordance with Standard CDD procedures (excluding the requirement to verify address). For the purposes of verifying authority to act, you may rely on an authority provided in an application form or other document that shows a person's authority to act or transact on an account.

If conducting Simplified CDD you should contact your AML/CFT Compliance Officer for guidance.

Section 7: Enhanced Customer Due Diligence

Enhanced CDD is an enhanced level of CDD that you need to conduct for certain clients. It involves, in addition to standard CDD, the collection of information relating to a client's source of funds and wealth.

Note: the supervisors' expectations are clear: if you can't complete Enhanced CDD to the required standard, you must terminate the business relationship. There are no exceptions permitted when it comes to enhanced CDD.

7.1 When do I need to do EDD?

You must conduct Enhanced CDD where it considers that a client presents a higher level of risk of money laundering or terrorist financing activities.

The following client types are deemed to be higher risk:

  • trusts or another vehicle for holding personal assets;

  • PEPs;

  • a non-resident client from a country that has insufficient anti-money laundering and countering financing of terrorism systems or measures in place;

  • a company with nominee shareholders or shares in bearer form.

You must also conduct Enhanced CDD:

  • where a client seeks to conduct a complex, unusually large transaction or unusual pattern of transactions that have no apparent or visible economic or lawful purpose;

  • in respect of a transaction conducted (or sought to be conducted) by a client as soon as practicable after it becomes aware that it must report that transaction as a suspicious activity;

  • clients seeking to use new and developing technologies or products that might favour anonymity.

7.2 What do I need to get?

For Enhanced CDD, you must, in addition to Standard CDD, obtain the following information:

  • information relating to the source of the funds or the wealth of the client; and

  • any additional information prescribed by regulations.

It is important that you include a narration/story of the clients source of funds/wealth. You must also, according to the level of risk involved, take reasonable steps to verify this information.

The level of verification is based on the client’s risk. To help you verify information about the client’s source of wealth or funds, you may use publicly available information on the internet, other commercially available databases or documents issued by third parties that support their financial position. Example documents for verification of source of funds/wealth are set out in Appendix 3.

7.3 Source of funds/wealth

Source of funds relates to where the funds have actually come from e.g. a New Zealand bank account in the client’s name. Source wealth relates to how those funds got there in the first place e.g. how they got the money. You need to understand and include information on a client’s wider wealth, but you only need to verify this information as far as the transaction itself is concerned. It is important that you consider and ensure the information you gather aligns with the transaction.


Appendix 1: Acceptable Identity Verification Documents

What documents do I need to get?

Per the Code, you have the following three options to verify a client's name and date of birth:

Option 1:

One of the following:

  • New Zealand passport

  • New Zealand certificate of identity

  • New Zealand refugee travel document

  • New Zealand firearms license

  • Overseas passport or similar document issued for the purpose of international travel which:

    • Contains the name, date of birth, a photograph and the signature of the person in whose name the document is issued; and

    • is issued by a foreign government, the United Nations or an agency of the United Nations

  • a national identity card issued for the purpose of identification that:

    • contains the name, date of birth and a photograph of the person in whose name the document is issued and their signature or other biometric measure included where relevant; and

    • is issued by a foreign government, the United Nations or an agency of the United Nations

Option 2:

Two forms of identification, being one of:

  • New Zealand full birth certificate

  • Certificate of New Zealand citizenship

  • Citizenship certificate issued by foreign government

  • Birth certificate issued by a foreign government, the United Nations or an agency of the United Nations

And one of:

  • New Zealand driver licence

  • 18+ Card

  • Valid and current international driving permit

Option 3:

  • New Zealand driver licence

And one of:

  • Confirmation that the information presented on the driver licence is consistent with records held in the National Register of driver licences e.g. through Equifax, Centrix.

  • A document issued by a registered bank that contains the person’s name and signature, for example a credit card, debit card or EFTPOS card. Note: The bank card must have the client’s name embossed on the card. A copy of the credit card must not be kept in either paper or scanned form and the credit card number must not be written down.

  • A bank statement issued by a registered bank to the person in the 12 months immediately preceding the date of the application

  • A document issued by a government agency that contains the person’s name and signature (e.g. a SuperGold Card)

  • A statement issued by a government agency to the person in the 12 months immediately preceding the date of the application (e.g. a statement from the Inland Revenue Department)

Note: a driver license by itself is not enough. If the expiry date is not on the front of the drivers license you need to get a copy of the back. If using an eftpos or credit card, you MUST get the front and back, and will need the signature. Don’t forget to obscure the big number on the front. You can’t use an eftpos card that doesn’t have the client's name on it.

Appendix 2: Certification / verification requirements

For documentary verification of CDD, the following verification or certification requirements apply:

(a) an employee can sight the original document and retain a verified copy;

(b) a copy of the original document can be provided, certified by a trusted referee; or

(c) an agent can sight the original document and provide a verified copy.

If you take a copy for your organisation to use internally then you would verify a document.

Who can certify a document?

Only trusted referees can certify documents. A trusted referee must be at least 16 years of age and one of the following:

  • Commonwealth Representative

  • Member of the Police

  • Justice of the Peace

  • Registered medical doctor

  • A person who has legal authority to take statutory declarations or the equivalent

  • Registered teacher

  • Minister of religion

  • Lawyer

  • Notary public

  • New Zealand Honorary consul

  • Member of Parliament

  • Chartered accountant

  • Kaumatua

The trusted referee must not be:

(a) related to the client (e.g. cannot be a parent, child, brother, sister, aunt, uncle or cousin);

(b) the spouse or partner of the client;

(c) a person who lives at the same address as the client; or

(d) a person involved in the transaction or business requiring the certification e.g. the lawyer who is doing the conveyancing.

When certification occurs overseas, copies of international identification provided by a client resident overseas must be certified by a person authorized by law in that country to take statutory declarations or equivalent in the client’s country. You will need to research the relevant country to determine this.

What does the certification/verification need to state?

Certification (or verification in the case of an employee or an agent sighting documentation) must:

(a) include a statement to the effect that the documents provided are a true copy and represent the identity of the named individual;

(b) include the name, occupation and signature of the employee or trusted referee and the date of certification/verification (Note: If completed by a trusted referee, the trusted referee must specify their capacity to act as a trusted referee from the selection above); and

(c) have been carried out in the three months preceding the presentation of the copied documents in the case of a trusted referee.

  • For photographic identification documents – “I verify OR certify that this is a true copy of the original document, which I have personally sighted; and the photograph is a true likeness”.

  • For all other identification documents – “I verify OR certify that this is a true copy of the original document, which I have personally sighted”.

Note: If you take a copy of a document for internal use within your organization you VERIFY documents.

Appendix 3: Source of Funds/Wealth Verification Documents

The list of documents below is non-exhaustive. In all instances, Enhanced CDD verification must be reviewed to confirm that it validates or confirms the Enhanced CDD information supplied. More than one document may be required to verify Enhanced CDD information. According to the level of risk, verification documents may need to be certified.

The Supervisors have also indicated that a bank statement, of itself, is unlikely to be sufficient evidence of source of wealth, unless the bank statement adequately identifies where the funds originated from.

In some instances, a letter from a professional, such as an accountant or lawyer, which outlines a client’s source of funds/wealth may be sufficient. Where such a letter is accepted, it should be certified and an assurance should be sought that the professional has an understanding of the clients financial position as it is relevant to the transaction.

Such a letter should:

  • Be on a letterhead;

  • Include the date;

  • Explain the relationship the client has with the Agency (e.g. nature and length);

  • Include an amount to which the professional is comfortable with the client transacting; and

  • Provide a clear description which explains the source of funds/wealth of the client (e.g. amounts and how the funds/wealth were obtained).

Source of funds/wealth

Documents

Property ownership

  • Sale and Purchase Agreement

  • Property Ownership Database

Salary, wages, bonus commission

  • Bank statements

  • Payslips

  • Contract of employment or confirmation of employment

  • IRD Statement

  • External sources (websites, social media)

  • Tax returns

  • Letter from accountant

Investments

  • Investment statement

  • Bank statements

  • Letter from accountant, financial adviser

Business Income, Corporate Investments, Company Profits

  • Financial statements (preferably audited)

  • Business plan for a start-up

  • Contract (for a sole trader or SME start-up)

  • External sources (websites)

  • Companies Office website to confirm shareholding, directorships

Insurance Claim or Payout

  • Letter from payer

  • Bank statement evidencing payment

Redundancy

  • Letter from payer

  • Bank statement evidencing payment

  • Tax return

Compensation payment

  • Letter from payer

  • Bank statement evidencing payment

Sale of assets

  • Sale agreement

  • External listing from website

  • Property Ownership database

Inheritance

  • Letter from executor of estate

  • Proof of payment from lawyer’s trust account

  • Copy of probate/will

Loan

  • Loan statement or agreement

  • Letter from loan provider

Winnings (e.g. casino, lottery)

  • Prize confirmation (e.g. letter from Lotteries Commission)

  • Evidence that payment has come from winning – e.g. payment into account from TAB, Lotteries Commission

  • Cheque marked ‘winnings’

Government Income

  • Letter from Government agency – e.g. benefit letter

  • Evidence from bank account showing receipt of such a payment

Rental Income

  • Rental Agreement

  • Property Ownership documents

  • Financial Statements

  • Tax return

  • Letter from accountant

Did this answer your question?