Privileged Communications and Suspicious Activity Reporting: A Practical Summary for Law Firms

The Department of Internal Affairs (DIA) has released guidance on privileged communications and suspicious activity reporting under New Zealand’s AML/CFT regime. This article summarises the main points for law firms.

 

Why this guidance matters

Law firms are required to report suspicious activities to the Financial Intelligence Unit. At the same time, they are bound by legal professional privilege, which restricts what information can be disclosed. The DIA guidance focuses on how to strike a balance between these.

 

What is legal professional privilege?

Privilege protects confidential communications made for the purpose of giving or receiving legal advice. This typically includes:

• communications between a lawyer and their client
• communications between lawyers acting in a professional capacity

However, privilege is not a blanket protection. Each situation must be assessed on its own facts. Law firms need to actively consider whether privilege applies, rather than assuming it does.

 

When privilege does not apply

There are clear situations where privilege will not apply:

• where there is evidence that the communication was made for a dishonest purpose or to assist in committing an offence
• where the information relates to trust account records, including transactions, receipts, and balances

These categories are specifically excluded and should be treated as non-privileged.

 

Suspicious activity reporting obligations

Law firms must submit a suspicious activity report when they have reasonable grounds to suspect that a transaction, service, or enquiry may be linked to money laundering or terrorism financing.

Reports must be filed promptly, and no later than five working days after suspicion arises.

Privilege does not remove the obligation to report. Instead, it limits the information that can be included. If a report can be submitted without disclosing privileged material, it should still be filed.

 

Working through the decision

Before submitting a report, firms should consider and document the following:

• whether the information is privileged
• whether the report can be completed without including that information
• whether any exceptions apply, such as dishonesty or criminal purpose
• whether privilege has been waived or no longer applies

 

What goes into a report

A suspicious activity report must include all relevant non-privileged information and clearly explain why the activity is considered suspicious.

If information is withheld due to privilege, the reasons must be recorded. This forms part of the firm’s AML/CFT compliance framework.

 

Record-keeping and documentation

The guidance places strong emphasis on record-keeping. Law firms are expected to retain copies of suspicious activity reports for at least five years; document decisions about whether to report; record assessments of privilege; and keep written findings on unusual or high-risk transactions.

These records should demonstrate that decisions are reasoned and consistent with a risk-based approach.

 

Embedding this into your AML/CFT programme

Your AML/CFT programme should clearly outline how your firm identifies and assesses suspicious activity; determines whether information is privileged; documents decisions and reasoning; and ensures reports are submitted within required timeframes.

Clear internal processes will support consistent decision-making and reduce compliance risk.

 

Bringing it together

The DIA guidance reinforces that law firms must carefully balance privilege with their reporting obligations. Both are fundamental, and neither can be ignored.

By breaking down the guidance into practical steps, firms can approach these obligations with greater clarity and confidence.

 

—————-

Shane Cox, Senior Consultant, CAMS, MSc

Shane is a Certified Anti-Money Laundering Specialist (CAMS) with extensive experience in compliance, risk management and financial technology. He has worked across the payments and finance sectors in roles that have developed his expertise in the practical implementation of AML/CFT obligations.

Shane holds a Master of Science degree in Strategic Management and Innovation. He undertakes audits as well as the development and enhancement of compliance documentation, with a focus on pragmatic solutions that balance regulatory requirements with business needs.