New Zealand -- Licensing Requirements Regulatory Overview

**Department of Internal Affairs (DIA):** The primary supervisor for most VASPs under the AML/CFT Act 2009. This includes businesses involved in exchanging, transferring, holding, or safekeeping virtual assets.

**Financial Markets Authority (FMA):** Regulates financial markets, financial service providers (FSPs), and financial products. If a VA business offers services that fall under existing financial product definitions (e.g., derivatives, managed investment schemes, investment advice related to VAs), the FMA's licensing and oversight may be triggered.

**Reserve Bank of New Zealand (RBNZ):** Regulates banks, non-bank deposit takers (NBDTs), and insurers. Less direct oversight for pure crypto businesses unless they also engage in traditional banking or deposit-taking activities.

**New Zealand Companies Office:** Administers company registration.

**AML/CFT Registration (DIA):** Most crypto businesses, including exchanges, custody providers, and payment processors dealing with VAs, are categorised as "reporting entities" under the AML/CFT Act. This requires them to **register** with the DIA as a reporting entity and comply with comprehensive AML/CFT obligations. This is *not* a "license" in the traditional sense of permitting operation, but a mandatory registration for AML/CFT compliance.

**Financial Service Provider (FSP) Licensing (FMA):** If a VASP provides services that meet the definition of a "financial service" under the Financial Service Providers (Registration and Dispute Resolution) Act 2008 (FSP Act) – for example, giving financial advice, operating a managed investment scheme involving VAs, or dealing in financial products like VA derivatives – then they will need to **license** with the FMA. This involves more stringent requirements than just AML/CFT registration.

**Primary Requirement: AML/CFT Reporting Entity Registration (DIA)**

Businesses that exchange virtual assets for fiat currency, other virtual assets, or facilitate such exchanges are deemed "reporting entities" under the AML/CFT Act. This includes operating a trading platform.

DIA's guidance on who is a reporting entity: https://www.dia.govt.nz/AML-CFT-Reporting-Entities-Overview-Who-is-a-reporting-entity (specifically, look at DNFBPs and money or value transfer services).

**Potential Secondary Requirement: FSP Registration/Licensing (FMA)**

If the exchange offers derivatives (e.g., futures, options on VAs), manages client funds in a structured investment product, or provides regulated financial advice, then FSP registration and potentially an FMA license (e.g., a Market Services Licence or a Financial Advice Provider (FAP) Licence) would be required.

Financial Service Providers (Registration and Dispute Resolution) Act 2008: https://www.legislation.govt.nz/act/public/2008/0097/latest/DLM1514704.html

FMA guidance on FSP registration: https://www.fma.govt.nz/financial-service-providers/

Businesses that offer safekeeping services for virtual assets on behalf of customers (i.e., holding private keys or managing custodial wallets) are considered "reporting entities" under the AML/CFT Act.

**Regulatory Reference:** As above, AML/CFT Act 2009 and DIA guidance.

If the custody service is part of a broader investment scheme (e.g., a managed investment scheme where the provider also makes investment decisions or offers investment products), then FMA licensing would be necessary. Merely providing technical custody without any active management or investment component is less likely to trigger FMA licensing, but full AML/CFT compliance remains critical.

**Regulatory Reference:** As above, FSP Act 2008 and FMA guidance on managed investment schemes.

Businesses that transmit money or value using virtual assets, or facilitate payments in VAs, are typically classified as "money or value transfer services" under the AML/CFT Act and must register with the DIA.

**Potential Secondary Requirement: Non-Bank Deposit Taker (NBDT) Registration (RBNZ) / FSP Licensing (FMA)**

If the payment processor also accepts deposits of fiat currency from the public or issues e-money that is redeemable for fiat, they *might* fall under the RBNZ's NBDT regime. This is less common for pure crypto payment processors but important to consider if they bridge significantly with traditional fiat payment systems. Similarly, if they offer payment-related financial products, FMA oversight might be triggered.

Reserve Bank of New Zealand guidance on NBDTs: https://www.rbnz.govt.nz/regulation-and-supervision/nbdts

There are **no specific minimum capital requirements** under the AML/CFT Act for VASPs solely registered as reporting entities.

However, if an FMA license is triggered (e.g., Financial Advice Provider, Market Services Licence), then specific capital and solvency requirements will apply, often based on the nature and scale of the financial services provided. For example, FAPs must demonstrate adequate financial resources.

RBNZ NBDT licensing has significant capital requirements.

**Mandatory and comprehensive** for all reporting entities under the AML/CFT Act. This includes:

**Risk Assessment:** Developing a comprehensive risk assessment for money laundering and terrorism financing.

**AML/CFT Programme:** Establishing and maintaining an AML/CFT programme to detect, deter, and mitigate these risks.

**Customer Due Diligence (CDD):** Verifying identity for all customers, including beneficial owners. This ranges from standard CDD to enhanced CDD for high-risk customers or transactions.

**Ongoing Monitoring:** Continuously monitoring customer transactions and relationships.

**Record Keeping:** Maintaining records for 5 years.

**Suspicious Activity Reports (SARs):** Reporting suspicious activities to the Financial Intelligence Unit (FIU) of the NZ Police.

**Appointing an AML/CFT Compliance Officer:** An individual responsible for the AML/CFT programme.

**Independent Audit:** An independent audit of the AML/CFT programme must be conducted every two years.

DIA's AML/CFT guidance material: https://www.dia.govt.nz/AML-CFT-Reporting-Entities-Overview-Guidance

**Required for AML/CFT reporting entities.** A VASP must have a physical presence in New Zealand or be incorporated in New Zealand.

The AML/CFT Compliance Officer must be an individual residing in New Zealand.

For companies incorporated in NZ, at least one director must reside in New Zealand or Australia.

**Company Registration:** Register your business with the New Zealand Companies Office.

**Develop AML/CFT Programme & Risk Assessment:** Before applying for AML/CFT registration, you must have your comprehensive risk assessment and AML/CFT programme in place.

**AML/CFT Reporting Entity Registration (DIA):**

Submit your application to the DIA. This includes providing details of your business, ownership, and confirming you have a compliant risk assessment and AML/CFT programme.

**URL:** DIA's "How to register as a reporting entity": https://www.dia.govt.nz/AML-CFT-Reporting-Entities-Overview-How-to-register

**FSP Registration (FMA, if applicable):**

If your services meet the definition of a financial service, register as an FSP on the FSPR (Financial Service Providers Register).

If your FSP registration requires a specific license (e.g., FAP license, Market Services License), you will need to apply to the FMA through their online portal. This involves a detailed application, demonstrating capability, financial soundness, and compliance with specific regulatory requirements.

**URL:** FMA licensing information: https://www.fma.govt.nz/financial-service-providers/fap-licensing/ (for FAPs, similar processes for other licenses)

**Ongoing Compliance:** Maintain robust internal controls, comply with all reporting obligations, conduct regular independent audits (for AML/CFT), and stay updated with regulatory changes.

**Managed Investment Products (MIPs):** This is the most common classification for ICOs/tokens that resemble an investment contract. A product is an MIP if:

It involves contributions from people (investors) pooling their money.

The money is used to acquire, hold, or manage property (e.g., a project's assets, other cryptocurrencies).

The property is managed by a third party (the token issuer or project team) on behalf of the contributors.

The contributors derive a benefit from the management of that property (e.g., profits, returns, appreciation in value).

**Connection to Howey:** This definition strongly aligns with the "investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others" aspect of the Howey test. The key is the expectation of passive returns from the efforts of others.

**Debt Securities:** A token could be a debt security if it represents a debt owed by the issuer to the token holder, promising to repay a sum of money or yield a return (e.g., a bond-like token).

**Equity Securities:** Less common for typical crypto tokens unless it clearly represents an ownership interest in a company or venture, granting rights similar to shares (e.g., voting rights, share of profits/dividends).

**Derivatives:** A token could be a derivative if its value is derived from an underlying asset, index, or rate (e.g., futures contracts, options, swaps represented by tokens).

**Other Financial Products:** Less commonly, tokens might fall under other categories like Future Interests or Payment Instruments, though these are typically not classified as "securities" in the traditional sense but still fall under FMA oversight for other reasons (e.g., anti-money laundering).

**Investment Tokens (Security Tokens):** These are tokens explicitly designed to provide an investment return. Examples include:

Tokens that promise a share of future profits or revenue from a project.

Tokens that grant ownership stakes in a company or asset.

Tokens that function like a loan, promising interest payments or principal repayment.

Tokens that provide holders with a passive income stream derived from the management efforts of others.

Tokens that represent fractional ownership in real-world assets (e.g., real estate, art) where the value is managed by a third party.

**Utility Tokens (with an investment motive):** While a true utility token, whose sole purpose is to provide access to a product or service, is generally *not* considered a security, many tokens marketed as "utility" tokens at their initial offering stage are often found to have an investment motive. If investors purchase the token primarily with the expectation that its value will increase due to the issuer's efforts and they can later sell it for a profit, it's likely to be treated as a security, especially a Managed Investment Product. The FMA looks at the *initial marketing and investor expectations*.

**Stablecoins (potentially):** Depending on their structure, stablecoins can be classified in various ways. If they are managed by a third party with a view to generating returns for holders, or involve pooling of assets, they might be considered Managed Investment Products. If they offer a return or are debt-backed, they might be debt securities. The FMA is increasingly looking at stablecoins from a wider financial regulation perspective, not just securities law, due to their potential impact on financial stability and payment systems.

**Offer Disclosure (Product Disclosure Statement - PDS):**

Issuers must prepare and register a comprehensive **Product Disclosure Statement (PDS)** with the FMA. The PDS must contain all material information that a prudent investor would reasonably require to make an informed investment decision.

This includes details about the token, the project, risks, financial information, and the rights and obligations of token holders.

The PDS is a demanding document to produce and keep updated.

**Governance Requirements (for Managed Investment Products):**

If the token is an MIP, the issuer must appoint a **licensed manager** for the scheme.

The scheme itself must comply with strict governance rules regarding managing assets, reporting, and investor rights.

**Fair Dealing:** Issuers must comply with fair dealing provisions, prohibiting misleading or deceptive conduct.

**Continuous Disclosure:** For publicly offered securities, ongoing disclosure of material information may be required.

**Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT):** Token issuers might be considered "reporting entities" under the AML/CFT Act 2009, requiring them to implement robust AML/CFT programmes, conduct customer due diligence, report suspicious transactions, and maintain records.

**Small Offers:** Offers to a limited number of investors (e.g., generally up to 20 retail investors in any 12-month period for a total of up to NZD $2 million, subject to specific conditions under Schedule 1, Clause 19 of the FMCA).

**Wholesale Investors:** Offers made exclusively to "wholesale investors" (e.g., institutional investors, high net worth individuals, or large entities meeting specific financial thresholds under Schedule 1, Clause 3 of the FMCA). These investors are presumed to be sophisticated enough to not require a PDS.

**Excluded Offers:** Certain specific types of offers (e.g., offers to employees, certain overseas offers) are exempt.

**Market Operation:** Any platform facilitating the trading of these tokens to the public in New Zealand may be considered a **financial product market**. Operating such a market requires a license from the FMA under the FMCA. This is a high bar, typically met by traditional stock exchanges.

**Financial Service Provider (FSP) Registration:** Businesses facilitating secondary trading (e.g., crypto exchanges) must generally be registered as a **Financial Service Provider (FSP)** under the Financial Service Providers (Registration and Dispute Resolution) Act 2008.

**AML/CFT Compliance:** Crucially, any business facilitating the exchange, transfer, or holding of convertible virtual assets (including most cryptocurrencies) for customers in New Zealand is deemed a "reporting entity" under the **Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act)**. This requires them to implement comprehensive AML/CFT programmes, conduct customer due diligence, monitor transactions, and report suspicious activities to the Financial Intelligence Unit (FIU) of the NZ Police. This applies regardless of whether the token is classified as a security.

**Fair Dealing and Market Conduct:** FMCA's fair dealing provisions (prohibiting misleading or deceptive conduct) and market manipulation rules would apply to trading activities involving security tokens.

**AML/CFT Breaches:** The FMA (and the Department of Internal Affairs, which regulates many crypto FSPs for AML/CFT) has taken enforcement action against crypto service providers for failing to comply with AML/CFT obligations. For instance, the Department of Internal Affairs has issued formal warnings, imposed fines, and even sought civil penalties against crypto exchanges for inadequate AML/CFT systems. These actions underscore the regulator's expectation of robust compliance from anyone dealing in crypto.

**Warnings and Public Statements:** The FMA frequently issues public warnings about the risks of investing in speculative crypto-assets and reminds consumers and businesses of their legal obligations. They have issued specific warnings regarding "ICO" type offerings and unregistered financial service providers operating in the crypto space.

**Unregistered Financial Service Providers:** The FMA has investigated and taken action against entities providing financial services (including some crypto-related services) in NZ without being registered as an FSP. While not always directly related to an "unregistered security offering," it highlights the FMA's broad oversight.

**Guidance and Education:** A significant part of the FMA's "enforcement" in the crypto space has been through proactive guidance and education, making it clear that existing laws apply. This proactive stance aims to ensure compliance *before* breaches occur.

**Financial Markets Conduct Act 2013 (FMCA):**

**FMA Guidance for businesses involved in Initial Coin Offerings (ICOs):**

**Financial Service Providers (Registration and Dispute Resolution) Act 2008:**