Custom Portals for NZ Mortgage Brokers and Financial Advisors: AML, Compliance, and Client Management

NZ mortgage brokers and financial advisors operate in one of the most compliance-dense environments in the country. In the space of a single client relationship, you're dealing with AML/CFT obligations, FMA licence requirements, CCCFA responsible lending rules, Privacy Act obligations for sensitive financial data, and the general expectation that you can produce auditable records of everything you did and why.

Most advisers manage this across a combination of tools that were designed for different purposes: a CRM built for sales teams, a spreadsheet for AML records, email for document collection, a shared drive for compliance files, and a separate system for commission tracking. The result is that compliance becomes a manual overlay on top of the work rather than being built into how the work gets done.

A custom portal purpose-built for NZ mortgage brokers and financial advisors changes that. This article covers what it should actually handle: AML/KYC workflows, FMA compliance, CCCFA documentation, client onboarding, deal pipeline management, commission tracking, and the client portal that sits at the centre of the client relationship.

AML/KYC: Phase 2 Obligations and Why Spreadsheets Fail

Mortgage brokers and financial advisors became reporting entities under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 as part of the Phase 2 expansion. The FMA is your AML/CFT supervisor. This means your obligations are substantive — not a light-touch disclosure requirement, but a full customer due diligence regime.

For every new client, you must verify their identity, understand the nature and purpose of the relationship, and assess the money laundering and terrorism financing risk they represent. For companies and trusts, that extends to identifying beneficial owners — the natural persons who ultimately own or control the entity. For high-risk clients, enhanced due diligence applies: deeper verification, senior sign-off, and more frequent monitoring.

In practice, most advisers handle this with a combination of manual ID checks, a spreadsheet that tracks who's been verified, and a folder full of scanned documents. The problems are predictable: inconsistent application across different staff members, records that are difficult to retrieve quickly, monitoring obligations that get forgotten, and risk ratings that vary depending on who did the assessment.

A custom AML/KYC workflow addresses each of these:

Document upload and ID verification tracking. Clients upload their identity documents directly to the portal — passport, driver licence, proof of address. The system tracks what's been received, what's outstanding, and when documents were uploaded. For document verification against government databases (such as the NZTA driver licence register or DIA passport records), the portal can integrate with third-party identity verification services that support automated checks, reducing the manual verification burden while creating a timestamped record of the verification outcome.

Beneficial ownership mapping. For trust and company clients — common in NZ given the prevalence of family trusts and investment structures — the portal prompts the adviser to identify and verify all beneficial owners above the applicable threshold. Each person in the ownership chain is linked to their own verification records, so the full beneficial ownership picture is documented in one place.

Risk scoring. The system applies a configurable risk score based on entity type, business activity, country of origin, PEP status, and relationship type. The risk score determines which CDD tier applies — standard, enhanced, or simplified — and automatically surfaces the additional requirements for enhanced due diligence clients. The scoring criteria are documented, so the risk rating is defensible and consistent.

Ongoing monitoring. CDD isn't a one-time event. The Act requires ongoing monitoring of the business relationship, including periodic refresh of CDD information and monitoring for unusual transaction patterns. The portal tracks when each client's CDD was last refreshed and triggers review tasks at configurable intervals — typically annually for standard-risk clients, more frequently for high-risk relationships. If a client's circumstances change materially (they acquire a new company, change business activity, or a PEP connection emerges), the system flags a triggered review.

Record retention and audit trail. All CDD records, risk assessments, and monitoring actions are retained for 7 years as required by the Act. The system maintains a complete audit trail — who did what, when, and based on what information. When the FMA requests records, you produce them from a report, not from a filing cabinet.

Suspicious transaction reporting. The Act requires advisers to report suspicious transactions to the Police Financial Intelligence Unit. The portal includes a structured process for internally flagging and documenting suspicious activity, with the documentation needed to support a formal SAR if required. Internal escalation workflows ensure the right person sees the flag and a decision is recorded.

FMA Compliance: Advice Records, Disclosure, and the FAP Licence

Financial Advice Providers operating under an FMA licence have record-keeping obligations that are separate from, and additional to, the AML/CFT requirements. Under the Financial Markets Conduct Act 2013 and associated regulations, you must be able to demonstrate — to an FMA auditor — that every piece of financial advice you gave was appropriate for the client at the time, was based on adequate inquiry into their circumstances, and was properly disclosed.

A custom portal creates this audit trail automatically rather than requiring advisers to maintain it manually:

Disclosure statement management. Every client must receive the required disclosure information before advice is given. The portal delivers your current disclosure statement (covering the nature and scope of your advice, your fees and commissions, any conflicts of interest) through the client portal, records when it was delivered, and records when the client acknowledged receipt. If your disclosure statement is updated — because your fees change, you add or remove a service, or lender panel changes — the system tracks which version each client has received.

Advice records and suitability documentation. For each piece of advice given, the system captures the key details: the client's circumstances at the time (based on the fact find), the options considered, the recommendation made and the basis for it, and any alternatives that were discussed but not recommended. This isn't just a compliance exercise — it protects you if a client later questions a recommendation, and it makes annual reviews significantly easier because the advice history is readily accessible.

Needs analysis and suitability assessment. Financial advice regulations require that advice be suitable for the client. A custom portal embeds the needs analysis into the advice workflow — the client's goals, risk tolerance, time horizon, existing assets and liabilities, and insurance coverage are captured as part of the fact find. The adviser's recommendation is linked to this information, so the suitability basis is documented at the point of advice.

Complaint handling log. The FMA requires FAPs to have a complaint handling process and to keep records of complaints received and how they were resolved. The portal includes a structured complaint log — date received, nature of complaint, steps taken, resolution, and any remediation provided. This is often an afterthought in manually managed systems but is specifically examined in FMA reviews.

Conflicts of interest register. If you receive commissions or other benefits from product providers, these are potential conflicts of interest that must be disclosed. The portal maintains a conflicts register that feeds directly into the disclosure statements delivered to clients. When a new commission arrangement is added, the system prompts a disclosure statement review.

CCCFA: Responsible Lending in the Mortgage Workflow

The Credit Contracts and Consumer Finance Act and the associated Responsible Lending Code place specific obligations on anyone providing credit advice, including mortgage advisers. The core requirement is that you make reasonable inquiries into the borrower's financial situation before recommending a loan — inquiries that are sufficient to establish that the loan is affordable and suitable.

Following the 2021–2022 CCCFA changes (some of which were subsequently wound back in 2022), lenders significantly tightened their own serviceability assessments. Mortgage advisers who submit well-documented applications — with clearly evidenced affordability calculations and supporting documents already organised — consistently get faster decisions and fewer requests for additional information.

A custom portal builds the CCCFA workflow into the application process:

Income and expense verification. The fact find captures the client's income (salary, self-employment income, rental income, other) and committed expenses (existing mortgage or rent, vehicle payments, other loan commitments, regular discretionary spending). The system prompts for supporting documents for each income source — payslips for salary, financial statements for self-employed clients, rental agreements for rental income. Documents upload directly to the application record.

Affordability calculation. The system calculates serviceability based on the proposed loan amount, interest rate (at a stress-tested rate), and loan term, set against the verified income and committed expenses. The calculation is documented and locked to the application at the point it's run, so there's a clear record that the affordability assessment was conducted before the application was submitted.

Suitability documentation. Beyond affordability, the system captures the adviser's assessment of why the recommended loan structure — lender, product type, repayment type, term — is appropriate for this client's specific situation. This is stored against the application record, not just in the adviser's head or a note in a separate system.

Client Onboarding: From Enquiry to Application

The onboarding process for a new mortgage or insurance client involves collecting a significant volume of information and documents. Done manually — via email, phone calls, and chasing — it's time-consuming for both the adviser and the client, and it's prone to things falling through the gaps.

A structured digital onboarding workflow changes the experience:

Initial enquiry capture. New enquiries — whether from your website, a referral, or a direct contact — enter the system at a structured intake stage. Basic details are captured, the source is recorded (useful for referrer tracking and commission calculations), and an automated response acknowledges the enquiry and sets expectations about next steps.

Fact find completion. The client receives a portal invitation and is guided through a fact find — their personal details, property intentions, income, assets, liabilities, and financial goals. The fact find is structured around the information you actually need to provide advice, not a generic template. Incomplete sections are flagged, and the client can save their progress and return to it.

Document collection checklist. Based on the fact find responses, the system generates a tailored document checklist: if the client is self-employed, the checklist includes financial statements; if they have rental income, it includes rental agreements and tenancy records. The checklist is presented to the client in the portal, with a clear upload interface for each item. Status is tracked — received, outstanding, under review — and automated reminders are sent when items remain outstanding after a specified period.

AML/KYC integration. The onboarding flow incorporates the AML/KYC requirements described earlier — ID verification is part of the onboarding checklist, and the CDD workflow runs in parallel with the document collection process. The client completes both in the same portal experience, and the adviser sees a single status view across all requirements.

Automated reminders. A configurable reminder schedule — 3 days, 7 days, 14 days after initial invitation — prompts clients who haven't completed their fact find or uploaded required documents. Reminders are professional and specific ("We're still waiting for your last 3 months' payslips") rather than generic, which consistently produces higher response rates than chasing by phone.

Deal Pipeline: From Lead to Settlement

Managing multiple deals simultaneously — each at a different stage, with different lenders, different conditional approval timelines, and different settlement dates — is genuinely complex. Most advisers manage this in a CRM with custom stages, or (more commonly) in a spreadsheet that starts organised and gradually becomes unwieldy.

A custom pipeline module designed for the mortgage and financial advice workflow tracks what actually matters:

Stage tracking. Each deal moves through defined stages: enquiry, fact find, assessment, application preparation, submitted to lender, conditional approval, unconditional approval, settlement preparation, settled. Each stage transition is timestamped. The adviser can see the full pipeline at a glance — what's moving, what's stalled, and what needs attention today.

Lender application status. When an application is submitted to a lender, the system tracks the submission date and expected response time. If a lender hasn't responded within their typical turnaround window, the deal is flagged for follow-up. Conditional approval details — conditions, their due dates, whether they've been satisfied — are tracked explicitly so nothing slips through during the critical period between conditional and unconditional approval.

Settlement date tracking. Settlement dates, once confirmed, anchor a timeline of tasks: insurance confirmation, solicitor instructions, final loan documents, KiwiSaver withdrawal processing. The system generates a settlement checklist and tracks completion, reducing the risk of a last-minute scramble.

Client communication log. All significant client communications — calls, emails, portal messages — are logged against the deal record. This is both a practical tool for picking up where you left off and a compliance record that demonstrates the client was kept informed throughout the process.

Referrer tracking. For practices that work with referral networks — real estate agents, accountants, lawyers — the deal record captures the referral source. This feeds into referrer reports that show how much business each referrer is generating, which is useful for relationship management and, where applicable, referral fee calculations.

Commission Tracking: Upfront, Trail, and Clawback

Commission management is one of the most underserved areas of financial adviser business management. Most advisers have a rough idea of what they're owed, a better idea of what they've received, and a very incomplete picture of what's been clawed back and why. The reconciliation between expected commission and received commission — across multiple lenders, each with their own payment schedules and statement formats — is genuinely tedious.

A custom commission tracking module addresses this:

Upfront commission logging. When a deal settles, the expected upfront commission is calculated based on the loan amount and the lender's commission schedule. The expected payment date and amount are logged. When the lender's commission statement arrives, received amounts are reconciled against expected amounts, and discrepancies are flagged for follow-up.

Trail commission tracking. Trail commissions are paid monthly or quarterly as long as the loan remains on the lender's books. The system tracks each loan's trail entitlement — start date, commission rate, expected monthly amount — and reconciles received trail against expected trail. When a client refinances (and trail stops), the system updates automatically if connected to the pipeline, or the adviser updates it manually.

Clawback monitoring. Most lender commission agreements include clawback provisions — if a loan is repaid within a specified period (typically 18–27 months), part of the upfront commission must be returned. The system tracks every settled loan's clawback window and outstanding clawback exposure. This is both a financial management tool and a risk management tool — advisers who understand their clawback exposure can make better decisions about business development priorities.

Lender reconciliation reports. Monthly lender-by-lender commission reports show what was expected, what was received, and what discrepancies remain unresolved. This turns the commission reconciliation from a multi-hour manual task into a review exercise that takes minutes.

Client Portal: The Client's View of Their Application

From the client's perspective, the mortgage process is often opaque. They submit documents, wait, and hope for news. Phone calls produce vague updates. The anxiety of not knowing what's happening — particularly for first home buyers navigating the process for the first time — is real and it generates calls and emails that the adviser has to field.

A client portal gives clients visibility into their own application:

Application status. The client can see where their application is in the process — whether it's been submitted, what conditions are outstanding, and whether there's anything they need to do. Not a generic status bar, but a clear description of the current stage and what comes next.

Document upload and checklist. The portal shows clients exactly what documents are still outstanding and lets them upload directly from their phone or computer. No emailing documents to the adviser, no uncertainty about whether an attachment arrived.

Electronic disclosure statement delivery and signature.Disclosure statements are delivered through the portal and the client can acknowledge receipt electronically. This is faster than printing and signing, and the delivery record is automatic.

Post-settlement view. Once the loan settles, the client can see their loan details — lender, loan amount, interest rate, repayment amount, next review date — through the portal. This creates a natural touchpoint for the adviser's annual review process: the client is already used to logging in, and their data is already there.

Privacy Act 2020 and the Data You Hold

Financial advisers and mortgage brokers hold some of the most sensitive personal information that exists: income, assets, debts, credit history, tax records, and in some cases, detailed information about family structures, relationship property, and health status (for life and income protection advice). The Privacy Act 2020 applies in full.

A custom portal built with privacy by design helps meet these obligations: data stored in NZ or in approved jurisdictions, access controls that ensure staff only see what they need to see, encryption at rest and in transit, audit logs of who accessed what and when, and a structured process for responding to access requests. Financial Advice NZ provides member guidance on privacy obligations, and the Privacy Commissioner's guidance on cloud services is relevant to any system that stores client financial data.

When you're evaluating whether to build a custom system or adapt an off-the-shelf tool, the privacy architecture question is worth examining carefully. Where is the data stored? Who has access to it? What happens if you stop paying the subscription? A custom system built around your specific requirements can be designed to answer all of these questions clearly and in your favour.

Building a System That Grows With Your Business

The NZ financial advice and mortgage broking market is continuing to consolidate, with larger FAP groups acquiring smaller practices. A custom system built for a solo adviser is different from one built for a team of ten advisers operating under a shared FAP licence — but the underlying architecture can be designed to scale. Multi-adviser workflows, access controls by role and team, consolidated reporting across advisers, and the ability to segregate client data by adviser within a shared system are all design decisions made at the beginning, not retrofitted later.

If you're a NZ mortgage broker or financial advisor spending significant time on compliance administration, document chasing, or manual commission reconciliation, a custom portal could change how your practice operates. Every practice is different — the right starting point is a conversation about where the friction actually is for you.