It’s easy to read a headline about a bank paying a multi-million-dollar penalty and assume it has nothing to do with you. But the ASB enforcement action, the largest AML/CFT penalty in New Zealand’s history, is worth paying attention to regardless of the size or sector of your business.
ASB Bank has been ordered to pay $6.731 million for AML/CFT breaches spanning six years. The size of the penalty sent a clear message from regulators. Here’s what happened, and what businesses need to keep in mind.
The Reserve Bank found that ASB’s transaction monitoring systems and AML/CFT programme were inadequate for approximately six years. ASB admitted to seven breaches of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009. The High Court ordered a civil penalty of $6.731 million.
Six years is a long time for a problem to go unaddressed. And that’s the part of the story that matters most for businesses operating under AML/CFT obligations.
What ASB admitted to
The seven breaches covered a range of failures across the AML/CFT programme, including:
- Failing to establish, implement, or maintain an adequate AML/CFT programme around customer due diligence
- Failing to adequately manage and mitigate the risks of money laundering and terrorism financing
- Failing to properly monitor and manage compliance with its own procedures, policies, and controls
- Failing to conduct adequate ongoing customer due diligence on foreign trust customers
- Failing to report suspicious activities within the required timeframes
- Failing to conduct enhanced customer due diligence where required
- Failing to terminate business relationships when required to do so
Taken individually, each of these is a serious lapse. Taken together across six years, they represent a systemic failure in compliance infrastructure, not a one-off oversight.
The Reserve Bank didn’t find a single mistake. It found a programme that wasn’t working and hadn’t been for years.
What this means if you have AML/CFT Obligations
New Zealand’s AML/CFT regime covers a wide range of businesses beyond banks, including accountants, lawyers, real estate agents, and other reporting entities. If your business falls within scope, the ASB case is a useful prompt to ask some honest questions about your own programme.
The failures identified in the ASB case follow a recognisable pattern: systems and processes that exist on paper but aren’t functioning effectively in practice, monitoring that isn’t catching what it should, and gaps in how risk is being identified and managed over time.
A robust AML/CFT programme isn’t a document you file once and revisit occasionally. It’s an active system that needs regular review, staff training, and oversight. Regulators should be paying close attention to whether programmes are working in practice, not just whether they technically exist.
The practical checklist
If you’re a reporting entity under the AML/CFT Act, now is a reasonable time to check the following:
- Is your AML/CFT programme current and reflective of how your business operates today?
- Are customer due diligence processes being applied consistently, including for higher-risk customers?
- Is ongoing monitoring happening, and are suspicious activities being reported within required timeframes?
- Do your staff understand their obligations, and has training been updated recently?
- Are there any business relationships that should have been reviewed or exited but haven’t been?
Questions about your AML/CFT obligations?
Get in touch, and we’ll walk through where your programme stands and what, if anything, needs attention. You can also reach out to the author, Eshil Singh, via email at eshil.singh@uhyhn.co.nz for more information.










