Mai Chen was counsel for Quan Duo Duo in this case
The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 regulates the financial services sector, and other businesses or professions which handle money or financial transactions on behalf of their clients (such as real estate agents and lawyers). Its purpose is to detect and deter money laundering in New Zealand, to maintain and enhance confidence in our international reputation and to promote confidence in the integrity of our financial system. The Act received Royal assent in 2011 and has been coming into force in stages since then. Overall, the Act creates a range of compliance obligations for the businesses to which it applies – known as “reporting entities”. Amongst other things, reporting entities must adopt compliance programmes, undertake assessments of the risk of money laundering in their business activities, conduct due diligence on their customers, monitor customer accounts for suspicious transactions or activity and maintain records.
These compliance obligations, enforced by the Department of Internal Affairs, are complex and onerous in terms of time and expense. The consequences of a breach are serious, including criminal penalties up to and including terms of imprisonment of up to 2 years, fines of up to $5 million for reporting entities and civil penalties of up to $2 million per breach.
Faced with this burden, many businesses have determined that the best approach is simply to forego any of the activities covered by the Act. But for those who cannot or do not, compliance has become part of the reality of doing business and an entire industry has now arisen to provide businesses with advice and support in managing those compliance obligations.
A recent High Court decision, the first defended hearing and only the second to be delivered since the Act came into force, has shed light on the challenge of compliance and the inherent risks in relying on external advisers, or indeed the DIA, to do so. Qian Duoduo Ltd is a financial services business in Auckland specialising in foreign currency transactions and international money transfers. QDD was a small business with a single shareholder and director who also acted as its compliance officer for the purposes of the Act. After conducting an investigation, DIA alleged that QDD had breached its compliance obligations under the Act by failing to undertake risk assessments, client due diligence checks, account monitoring requirements and keeping adequate records of its transactions. The DIA applied to the High Court for civil penalties, requesting an overall penalty of $2,496,000 out of a maximum potential penalty of $7 million.
QDD admitted the charges, but argued that the final penalty should be no more than $500,000.
It was common ground that the breaches of the Act were not deliberate and that QDD had endeavoured, albeit unsuccessfully, to comply with its obligations in respect of all of the breaches. However, QDD argued that a lower penalty was appropriate having regard to three factors:
QDD had relied on advice from an external consultant on its compliance obligations, as well as feedback from the DIA, neither of which had alerted it to the breaches of the Act;
The Act is complicated and unclear in places, making compliance difficult. There was one other undefended case, so there is little court guidance on the Act’s interpretation;
QDD’s owner and compliance officer had poor English language skills which further complicated matters.
The Court accepted all of these arguments to varying degrees, imposing a penalty of $356,000 – far less than DIA had sought, and much less than the only other case decided under the Act, involving Ping An Finance Group New Zealand Co Ltd. In reaching that determination, the Court made a number of observations that will be helpful for other businesses struggling with their compliance obligations under the Act.
First, the Court accepted that QDD could not reasonably have been expected to comply with the requirements of the Act without the advice and support of external consultants, particularly having regard to the owner’s limited command of English. QDD was entitled to seek and rely on the advice it received. The Court also noted that the complexity and ambiguity of the Act “did not and does not lend itself to stock solutions”. However, none of the consultants engaged to advise on compliance “appeared to have any real understanding of QDD’s business model, how the business actually worked, how records were kept and, in particular, the roles of… money remitters, in terms of QDD’s obligations within the AML framework”. On this basis, the Judge ruled that it was reasonable for QDD to rely on the incorrect advice of its consultants that it was compliant with the Act, and that it was entitled to a substantial reduction in the civil penalty as a consequence of their failure to identify and correct QDD’s non-compliance with the Act. QDD’s mistaken belief that it was compliant with the Act was reinforced by DIA, which conducted a review and inspection in 2014.
Secondly, the Court agreed that QDD’s liability should be reduced due to the “latent ambiguity” in the Act. Amongst other things, the Act adopted very broad and counter-intuitive descriptions of some transactions and also creates uncertainty as to who bears liability for conducting due diligence checks on clients in some circumstances. The fact that some of these ambiguities were subsequently rectified by way of statutory exemptions which came into effect in July 2015 was helpful to QDD in this respect.
Overall, the decision clearly demonstrates some potential pitfalls both for businesses which are reporting entities under the Act, and for those who advise them.
For reporting entities, the main lesson is that while it may be reasonable, or even essential, to take external advice on compliance obligations, it is not sufficient. Reliance on the advice of a consultant, or even from the DIA itself, is not a defence. If the advice is wrong, and the reporting entity has breached the Act, then the reporting entity bears the liability under the Act. Reporting entities cannot outsource their liability under the Act, and while that liability may be reduced if advisers make mistakes, it will not be eliminated.
The second lesson is that compliance is really difficult. The outcome of this case shows that even expert advisers can and do make mistakes, partly caused by the complexity of the Act itself. It follows that reporting entities need to be vigilant about their obligations, and extremely cautious about the advice they take.
For advisers, the main lesson is that “stock solutions” are simply not good enough. Compliance with the Act cannot be reduced to a simple formula and there is no substitute for having a proper understanding of the reporting entity.