Anti-Money Laundering and Countering Financing of Terrorism Act 2009

AML/CFT requirements and compliance - Customer due diligence - Standard customer due diligence

16: Standard customer due diligence: verification of identity requirements

You could also call this:

"Companies must check your identity before doing business with you"

Illustration for Anti-Money Laundering and Countering Financing of Terrorism Act 2009

When you deal with a company, they must check your identity. They need to make sure the information they have about you is correct. They must also check who the real owner is, if someone else is acting on their behalf. You can start doing business with a company before they finish checking your identity. But they must do the checks as soon as possible. They can only do this if it won't interrupt their normal business and if they have ways to manage money laundering risks. The company must follow the rules to check your identity before they start doing business with you. They must verify your identity and make sure they know who you are and who you are acting for, if applicable.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on 4 December 2025

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=DLM2140854.

Topics:

Money and consumer rights > Consumer protectionBusiness > Industry rules

15: Standard customer due diligence: identity requirements, or

"Knowing Who You Are: Checking Identities to Stop Money Laundering"

17: Standard customer due diligence: other requirements, or

"Checking customers to prevent money laundering and terrorism"

Part 2AML/CFT requirements and compliance
Customer due diligence: Standard customer due diligence

16Standard customer due diligence: verification of identity requirements

A reporting entity must—
take reasonable steps to satisfy itself that the information obtained under section 15 (other than the information obtained under section 15(d)) is correct; and
according to the level of risk involved, take reasonable steps to verify any beneficial owner's identity so that the reporting entity is satisfied that it knows who the beneficial owner is; and
if a person is acting on behalf of the customer, according to the level of risk involved, take reasonable steps to verify the person's identity and authority to act on behalf of the customer so that the reporting entity is satisfied it knows who the person is and that the person has authority to act on behalf of the customer; and
verify any other information prescribed by regulations.

Except as provided in subsection (3), a reporting entity must carry out verification of identity before establishing a business relationship or conducting an occasional transaction or activity.
Verification of identity may be completed after the business relationship has been established if—
it is essential not to interrupt normal business practice; and
money laundering and financing of terrorism risks are effectively managed through procedures of transaction limitations and account monitoring or (if the reporting entity is not a financial institution) through other appropriate risk management procedures; and
verification of identity is completed as soon as is practicable once the business relationship has been established.

Notes

Section 16(1)(a): amended, on 27 November 2025, by section 10 of the Statutes Amendment Act 2025 (2025 No 74).
Section 16(1)(a): amended, on 5 December 2013, by section 5 of the Anti-Money Laundering and Countering Financing of Terrorism Amendment Act 2013 (2013 No 106).
Section 16(2): amended, on 11 August 2017, by section 68 of the Anti-Money Laundering and Countering Financing of Terrorism Amendment Act 2017 (2017 No 35).
Section 16(3)(b): amended, on 11 August 2017, by section 11 of the Anti-Money Laundering and Countering Financing of Terrorism Amendment Act 2017 (2017 No 35).