Mongolian fintech pioneer chooses ThirdEye to power its Australian compliance operations.
If you work in financial crime compliance across Australia or New Zealand, 1 July is more than just the start of a new financial year. It marks two significant structural changes — the launch of Australia’s tranche 2 AML/CFT regime and New Zealand’s move to a single supervisor model — alongside a landmark enforcement action that is a timely reminder of what’s at stake when programmes fall short.
In this month’s ThirdEye View, Colin Dixon and Jing Zhang unpack all three stories and what they mean for your compliance programme.
New Zealand's largest ever AML/CFT penalty — ASB Bank fined $6.7 million
ASB Bank has been ordered to pay $6.7 million for seven breaches of New Zealand’s AML/CFT Act — the highest penalty ever imposed under that legislation. The Reserve Bank found that ASB’s transaction monitoring system and AML/CFT programme were inadequate for around six years.
Read the full RBNZ announcement here
What can you take from this?
The seven high-level breach descriptions are telling — and worth reading with your own programme in mind.
Establish, implement, maintain. Those three words run through several of the findings. Having a programme isn’t enough. Implementing it is where many organisations fall short — and it’s also the most visible gap when an auditor or supervisor visits. As Colin puts it: “Don’t tell me, show me.” If your programme commits you to doing something, you need to be able to evidence it.
Customer due diligence. CDD features in three of the seven findings. It needs to be central to your programme, with a genuine risk-based approach that identifies which customers require enhanced due diligence — and then actually delivers it.
SAR timeliness. You have three days from forming reasonable grounds for suspicion to submit a SAR. That’s clear-cut on the surface, but Colin notes the grey area: sometimes a suspicion only crystallises later, when new information prompts a look back at a customer’s history. That’s understandable. But consistent late reporting — especially with a growing backlog of unprocessed alerts — signals a process problem. Timely SARs give the FIU and law enforcement the best chance to act on that intelligence.
The broader lesson isn’t about what ASB did wrong. It’s about whether your programme would hold up under the same scrutiny. This is the question worth sitting with.
New Zealand moves to a single AML/CFT supervisor
From 1 July, the Department of Internal Affairs (DIA) becomes New Zealand’s sole AML/CFT supervisor, taking over supervisory responsibility that was previously shared with the Reserve Bank and the Financial Markets Authority.
For businesses such as banks and wealth managers, this means a change of supervisor. Understanding how the DIA’s approach may differ — and adjusting your programme accordingly — is essential preparation.
But as Colin emphasises, this isn’t only relevant to businesses making the switch. Even organisations that have always been supervised by the DIA should treat this as a reset. Go back to basics. Ask yourself: will your programme hold up when the DIA comes to visit?
Key resources
- Ministry of Justice AML/CFT homepage — includes the new National Strategy and Work Programme
The Ministry of Justice site is particularly useful for staying across the strategic direction of New Zealand’s AML/CFT framework going forward.
Australia's tranche 2 goes live
1 July also marks the go-live date for Australia’s tranche 2 AML/CTF regime, which significantly expands the range of entities required to comply with AML/CTF obligations — including lawyers, accountants, real estate agents and others who have not previously been in scope.
Tranche 2 entities should have registered with AUSTRAC before this date.
For those newly in scope, the focus now is on programmes, policies and procedures, and beginning implementation. Colin notes that based on what he’s seeing across the industry, organisations that are on the front foot have their programmes largely in hand — but implementation takes time.
The parallel with New Zealand’s experience is instructive. When New Zealand expanded its AML/CFT regime to phase 2 entities, most made a solid start by day one or shortly after, then refined their programmes as the reality of running them became clear. AUSTRAC has consistently said it doesn’t expect perfection on day one — but it does expect progress, and the ability to demonstrate that progress.
For existing tranche 1 reporting entities, the situation is similar. Programmes and policies are largely updated. The focus now is implementing the components that need system support to bring online — and evidencing that implementation is moving forward.
As Colin observes: putting something into practice is rarely as straightforward as the theory suggests.
What this means for your programme
Three stories, one clear thread: the compliance environment in both Australia and New Zealand is shifting, and standing still isn’t an option. Whether you’re navigating a change of supervisor, preparing for tranche 2, or simply asking whether your current programme would survive a visit from your regulator, now is the time to take stock.
If you have questions about what any of these changes mean for your organisation, get in touch with our team.
This post accompanies the ThirdEye View episode for June 2026, presented by Jing Zhang and Colin Dixon.
