The Identity Verification Code of Practice (IVCOP) provides suggested best practice for all reporting entities conducting name and date of birth identity verification on customers (that are natural persons) assessed as low to medium risk. IVCOP can be found on the Department’s website: Amended Identity Verification Code of Practice 2013 (PDF, 131KB)
Identification involves obtaining information from the customer about their identity. Verification involves confirming this information using documents, data or information from reliable and independent sources. The IVCOP provides for two ways of conducting identity verification; via documentary verification and via electronic verification (under Parts 1 or 3). Part 2 of the Code provides for the certification of documents. This allows for non-face-to-face documentary verification.
If fully complied with, a code of practice such as IVCOP operates as a ‘safe harbour’ as described in section 67 of the AML/CFT Act.
However, complying with a code of practice such as IVCOP is not mandatory. The AML/CFT regime allows for flexibility and scope for innovation because reporting entities can opt out of a code of practice.
Please note that if a reporting entity opts out of a code of practice it does not receive the benefit of the safe harbour. In these circumstances, the reporting entity must comply with the relevant statutory obligation by some other equally effective means. In order for this to be a defence to any act or omission by the reporting entity, the reporting entity must have provided written notification to its AML/CFT supervisor that it has opted out of compliance with IVCOP and intends to satisfy its obligations by some other equally effective means.
You might find the New Zealand Law Society practice briefing helpful in relation to certification and verification under the AML/CFT Act: Certification and Verification under the AML/CFT Act 2009 (NZ Law Society website).