Fraud and Corruption Risks: Key Lessons for AML Reporting Entities

The Anti-Corruption Task Force has released a study examining internal fraud and corruption risks across six New Zealand public sector agencies: Inland Revenue, Accident Compensation Corporation, Department of Corrections, Ministry of Social Development, Land Information New Zealand, and Sport New Zealand.

While New Zealand continues to rank among the least corrupt countries globally, the report arrives at a significant moment. New Zealand’s position in the Corruption Perceptions Index has slipped from equal first place in 2019 to fourth in 2024, a reminder that maintaining a strong reputation for integrity requires ongoing vigilance. Protecting public trust is far easier than rebuilding it once lost.

Understanding Fraud and Corruption

Fraud encompasses a wide range of financial crimes involving deception or misrepresentation for personal gain. Corruption sits within that broader category and refers specifically to the abuse — or attempted abuse — of entrusted power for improper benefit, such as bribery.

In the public sector, many fraudulent acts may also be considered corrupt conduct when committed by public officials.

Strong External Controls, Internal Risks Remain

The study found that participating agencies generally maintain robust frameworks to address external threats. However, controls designed to mitigate internal risks (those posed by employees and contractors) were not always as strong or consistent.

Internal misconduct presents unique challenges because it involves trusted individuals with access to systems, decision-making/delegation authority, or sensitive information.

Key Findings From the Study

The Task Force identified several areas of concern:

• 446 alleged cases of fraud and corruption were recorded during the 2024–2025 financial year, with indications that incidents may be underreported.

• Some agencies lacked clarity around what constitutes corrupt conduct. For example, some respondents were not clear on the fact that an attempted bribe remains a criminal offence even when refused.

• Basic preventative controls were inconsistent, including centralised monitoring of gifts and benefits breaches and ongoing due diligence on third-party suppliers.

• There is currently no consistent nationwide definition of fraud and corruption across the public sector. As a result, some matters may be handled as employment issues rather than referred to law enforcement, potentially obscuring systemic or organised criminal activity.

• Oversight structures were sometimes decentralised, leaving fraud detection and reporting to regional managers without central mechanisms to identify patterns, repeat behaviours, or high-risk roles.

Recommended Improvements

To strengthen resilience across the public sector, the Task Force recommended several structural changes, including:

• Developing a shared public sector definition of fraud and corruption.

• Expanding the study across additional agencies.

• Creating a dedicated corruption risk assessment tool.

• Strengthening capability-building and specialist expertise across agencies.

Practical Lessons for AML/CFT Reporting Entities

Although the study focuses on government agencies, some of its findings are directly relevant to AML/CFT reporting entities. Much like public sector organisations, AML/CFT programmes often focus heavily on external risks such as suspicious clients or transactions, while internal vulnerabilities might receive less attention.

Two practical lessons stand out.

1. Vetting Should Not Stop at Hiring

Staff vetting should not be treated as a one-time exercise. Enhanced due diligence may be appropriate when employees move into higher-risk roles or positions involving greater delegation or decision-making authority.

Role changes can significantly alter risk exposure.

2. Training Registers Matter

The study highlighted gaps in record-keeping around fraud and corruption training.

Maintaining a clear training register is essential. Organisations must be able to demonstrate not only that training exists, but also who completed it and when. This applies equally to large public sector agencies and small or medium AML/CFT reporting entities seeking to keep on top of compliance.

What’s Next?

Get in touch if you wish to have a complimentary call to discuss your AML/CFT requirements: