Understanding AML/CFT Risk Rating Requirements: What Businesses Need to Know for 2025

From 1 June 2025, new AML/CFT requirements will apply to all New Zealand reporting entities. These changes affect how businesses conduct risk assessments and apply customer due diligence as part of their AML/CFT compliance programme.

This blog outlines the upcoming changes, the importance of risk ratings, and how businesses can prepare with support from AML services providers like Seamless AML.

What is a customer risk rating in AML/CFT?

A customer risk rating is a formal assessment that assigns each new customer a risk level of low, medium, or high. This risk level helps determine the extent of monitoring and due diligence required.

Under the revised AML/CFT regulations, this step is mandatory for all new customers and must be integrated into your risk assessment process and compliance programme.

Why are risk ratings important?

Risk ratings help ensure that your compliance programme is proportionate to the level of risk a customer presents. A proper risk assessment and rating can reduce exposure to financial crime and support your AML audit readiness.

Failing to apply or document a risk rating may be viewed as non-compliance during an AML/CFT audit.

Key factors in assigning a risk rating

When determining a customer’s risk level, consider the following criteria:

• Customer type – individual, company, trust or partnership

• Service type – such as financial services, real estate transactions, or account management

• Onboarding method – face-to-face or remote

• Jurisdiction – local or international customer, and whether the country is considered high risk

• Source of funds and wealth – especially if funds are foreign or not easily verified

  
  

These elements should be detailed in your risk assessment methodology and referenced in your AML/CFT compliance programme. Feel free to contact Seamless AML to further discuss this requirement.

Example: risk assessment in practice

Let’s say a trust with a company trustee and overseas beneficiaries signs up for property investment. The trust is onboarded fully online, and the source of wealth is claimed to be the sale of international property.

Based on your AML/CFT risk assessment framework, this customer may be rated high risk due to:

• Complex ownership structure

• Cross-border elements

• Remote onboarding

• Unverified foreign wealth

  
  

As a result, you would apply enhanced due diligence, collect more detailed information, and schedule more frequent account monitoring.

Your compliance programme must reflect these changes

Every reporting entity must update its AML/CFT compliance programme to:

• Include a documented customer risk rating process

• Capture the basis for each rating

• Link risk ratings to transaction monitoring, due diligence, and file reviews

• Schedule regular reviews of customer risk levels

  
  

This information must be kept up to date and available for review during any AML audit.

How to prepare for the 2025 AML risk rating requirements

To meet your obligations under the updated AML/CFT regulations, you should:

• Review your current risk assessment framework

• Update your compliance programme to include risk ratings

• Create simple, standardised risk rating tools

• Train staff in applying and documenting risk levels

• Conduct internal audits to assess readiness

  
  

Get professional AML services and audit support

If you are unsure how to apply the new rules or need help updating your AML/CFT documentation, Seamless AML can help.

We provide:

• Customised risk assessments

• AML/CFT compliance programme development

• Staff training

• Pre-audit reviews and full AML audit preparation

• Ongoing AML services tailored to your business

  
  

Visit our Services page to learn how we can support your compliance journey. Whether you need a full compliance programme overhaul or help applying new customer risk ratings, we are here to help.

Ensure your AML/CFT compliance is seamless, reliable and audit-ready.