Customer Due Diligence, commonly referred to as CDD, is a core requirement under New Zealand’s Anti Money Laundering and Countering Financing of Terrorism framework. It plays a central role in how reporting entities identify customers, assess risk, and prevent the misuse of financial systems.
For financial service providers, compliance teams, and risk professionals operating in or dealing with New Zealand, CDD is not optional. It is a legal obligation under the AML CFT Act 2009 and a key control used by supervisors to assess compliance maturity.
This guide explains what Customer Due Diligence means in the New Zealand context, how it is applied, and what businesses need to do to meet regulatory expectations.+
What is Customer Due Diligence in New Zealand?
Customer Due Diligence is the process of identifying and verifying a customer, understanding the purpose of the business relationship, and assessing the level of money laundering or terrorism financing risk they present.
In New Zealand, CDD requirements are defined by the AML CFT Act 2009 and overseen by supervisors such as the Financial Markets Authority, the Reserve Bank of New Zealand, and the Department of Internal Affairs.
CDD is designed to ensure that reporting entities:
- Know who they are dealing with
- Understand how and why services are being used
- Can detect activity that falls outside expected behaviour
Rather than a one-off check, CDD is an ongoing obligation that evolves with the customer relationship.
Why Customer Due Diligence Matters for New Zealand Businesses
New Zealand’s open economy and strong international connections expose businesses to both domestic and cross-border financial crime risks. Weak CDD controls increase the likelihood of regulatory breaches, enforcement action, and reputational harm.
Effective CDD supports organisations by helping them:
- Identify suspicious or unusual activity earlier
- Meet AML CFT compliance obligations
- Reduce exposure to fines and remediation programmes
- Demonstrate a defensible risk-based approach to regulators
For compliance teams, strong CDD improves decision-making throughout onboarding, monitoring, and review processes.
Types of Customer Due Diligence in New Zealand
Standard Customer Due Diligence
Standard CDD applies to most customers. It typically involves:
- Verifying the customer’s identity
- Understanding the nature and purpose of the relationship
- Identifying beneficial owners where relevant
This level of CDD forms the baseline for most customer relationships.
Simplified Customer Due Diligence
Simplified CDD may be applied where a customer presents a lower risk and meets specific criteria under the AML CFT Act.
Although simplified, this approach still requires documented justification and must be supported by a clear risk assessment.
Enhanced Customer Due Diligence
Enhanced CDD is required when a customer or transaction presents a higher risk. This may include:
- Politically exposed persons
- Complex or high-value transactions
- Customers connected to higher-risk jurisdictions
Enhanced CDD often involves additional verification, deeper analysis of the source of funds or wealth, and increased monitoring frequency.
Core CDD Requirements Under New Zealand AML Law
Identity Verification
Reporting entities must verify a customer’s identity using reliable and independent sources. This may include government-issued documents and approved electronic verification methods.
Purpose and Intended Nature
Understanding why a customer is engaging with a service helps establish expected behaviour and supports effective risk assessment.
Beneficial Ownership
Where customers are legal entities, businesses must identify individuals who ultimately own or control the entity. This reduces the ability to hide behind complex ownership structures.
Ongoing Monitoring
CDD does not stop after onboarding. Reporting entities must monitor transactions and behaviour on an ongoing basis, adjusting controls as risk changes.
Record Keeping
CDD records must be accurate, accessible, and retained in line with statutory requirements. These records support audits, investigations, and regulatory reviews.
The Risk Based Approach to CDD in New Zealand
New Zealand’s AML framework is built around a risk-based approach. This means businesses are expected to allocate resources proportionately, focusing enhanced controls on higher risk customers and activity.
A strong risk based CDD framework typically includes:
- Risk profiling at onboarding
- Periodic reassessment of customer risk
- Clear escalation and review processes
- Integration with wider AML and fraud controls
This approach allows organisations to respond to emerging risks without applying unnecessary friction across all customers.
Common Customer Due Diligence Challenges
Implementing CDD effectively can be complex, particularly for businesses operating at scale or across multiple jurisdictions.
Common challenges include:
- Verifying customers without standard identity documents
- Managing ongoing monitoring volumes
- Keeping pace with regulatory change
- Ensuring internal processes remain consistent and defensible
Technology, clear internal policies, and regular training play an important role in addressing these challenges.
Frequently Asked Questions About Customer Due Diligence in New Zealand
What is Customer Due Diligence?
Customer Due Diligence is the process of identifying and verifying customers, understanding their activities, and assessing their AML and terrorism financing risk.
Who must carry out CDD in New Zealand?
Reporting entities under the AML CFT Act 2009, including financial institutions, designated non-financial businesses, and certain professionals.
When is Enhanced CDD required?
Enhanced CDD is required for higher-risk customers, including politically exposed persons, complex transactions, and higher-risk jurisdictions.
Is ongoing monitoring mandatory?
Yes. Ongoing monitoring is a core requirement and must reflect the customer’s risk profile.
Why is beneficial ownership important?
Identifying beneficial owners reduces anonymity and helps prevent the misuse of corporate structures for financial crime.
