New Zealand's Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT) sets identity-verification and reporting obligations on financial institutions — including life insurers when issuing investment-style policies. The regime is supervised by three agencies depending on the sector. For life insurers offering investment-linked or savings products, the supervisor is the Financial Markets Authority. Pure risk-only life insurance (term life, trauma, IP, TPD) is generally outside the AML/CFT scope, but the Department of Internal Affairs (DIA) supervises advisers and intermediaries who may distribute multiple products.
What AML/CFT requires
A reporting entity (typically an insurer with in-scope products, or an adviser arranging them) must:
- Conduct customer due diligence (CDD) at on-boarding — verify the customer's identity using government-issued ID and proof of address.
- Conduct enhanced due diligence (EDD) for higher-risk customers, source-of-wealth verification, politically-exposed persons (PEPs), and large transactions.
- Monitor transactions over the life of the relationship and report any that meet defined suspicious-activity criteria to the NZ Police Financial Intelligence Unit.
- Maintain an AML/CFT programme with documented risk assessment, written policies and procedures, staff training, independent audit, and annual reporting to the supervisor.
What this means at application
- ID requirements. Most insurers and advisers will ask for a passport or NZ driver licence plus proof-of-address documentation. Some accept electronic identity verification through providers like Cloudcheck, First AML, or RealMe.
- Source-of-funds questions. Higher-value investment-linked cover may trigger source-of-funds verification. Pure-risk life cover generally doesn't — premium payments come from a verified personal bank account.
- Time to bind. AML/CFT checks may add a small delay to cover activation, particularly when manual verification is required. For standard term life this is typically resolved within a day or two.
- Privacy. Documents collected for AML/CFT purposes are held under the Privacy Act 2020 framework and are not shared beyond what the AML/CFT Act requires (which can include reporting suspicious activity to the Police).
Pure-risk life cover is usually out of scope
Term life, trauma, income protection, and TPD policies are pure risk-protection — they pay a defined benefit on a defined event and don't accumulate investment value. These products are generally outside the AML/CFT definition of "designated business activity" because they don't allow money to be moved or stored. However:
- The adviser arranging the policy may be a reporting entity for their broader business, and so will still carry out ID checks as a matter of process.
- Investment-linked life products (whole-of-life with cash-value, certain savings products) are in scope.
- Large premium payments or unusual payment routes may trigger transaction-monitoring obligations even on out-of-scope products.
If you're asked for ID — what to expect
- The insurer/adviser will ask for the documents and either keep certified copies or run an electronic verification.
- You should expect a clear explanation of why the documents are being collected — AML/CFT compliance, Privacy-Act-compliant data handling, and retention period.
- You have the right to ask which AML/CFT supervisor regulates the entity (FMA / DIA / RBNZ) and to lodge a complaint via that supervisor if you believe the request is excessive.
Sources
- Legislation: Anti-Money Laundering and Countering Financing of Terrorism Act 2009
- DIA — AML/CFT for financial-service providers: dia.govt.nz/AML-CFT
- FMA — AML/CFT guidance: fma.govt.nz/business/services/aml-cft
- NZ Police Financial Intelligence Unit: police.govt.nz/advice-services/businesses-and-organisations/financial-intelligence-unit