Regulatory changes by the state and the agencies acting on their behalf have become a status quo for financial institutions, adding to their already onerous compliance requirements. The Mutual Evaluation Report is one measure which seeks to analyse the implementation and effectiveness of measures to combat money laundering and terrorist financing. Compiled by the Financial Action Task Force (FATF), International Monetary Fund (IMF) and the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG), in 2009 South Africa’s then systems for combating money laundering and terrorist finance were raised as an issue of concern, with regards to their effectiveness at a local level.
As a result, South Africa had to report fully to the FATF on progress made in addressing these deficiencies, such as determining beneficial owners, holding adequate records, identifying Politically Exposed Persons and Customer Due Diligence. This reporting at a legislative level led to the 2017 FICA Amendment Act (the Act) being developed, which sought to alter the 2001 Financial Intelligence Centre Act (FICA Act). The effect of the Amendment Act was that in November 2017, the FATF removed South Africa from its targeted follow-up process.
While the Act sought to fix problematic clauses within the FICA Act, it has real world consequences for accountable institutions, having come into effect on 1 April, 2019.
Practically speaking, the Act has placed several additional procedures and checks upon accountable institutions that need completing.
These additional procedures and checks find expression in the following:
Customer Due Diligence (CDD)
Previously, Customer Due Diligence (CDD) was focused on attaining customers’ proof of identity and address. The focus has now turned to understanding customers rather than simply identifying and verifying their identities.
This means that, possibly, more documentation could be required on a case-by-case basis in order to better understand who the customer is. It further requires that customers classified as “high risk” need to provide information about their source of wealth and income.
In addition to this, senior management are required to approve any high-risk customers prior to entering into or continuing any business relationship with them.
Rules- Based Approach
Previously, the Rules-Based Approach was considered more of a tick box exercise. Under the Act, the Rules- Based Approach today seeks to make compliance with this legislation much easier because it is considered to be more flexible.
This is evidenced through the old system, which dictated what documents should be obtained, with these being more or less the same for every customer. By comparison, the new system states that any institution can decide for itself what further documentation they require, if any, in addition to the standard proof of identity and address. This new approach gives accountable institutions discretion in terms of which methods they use to conduct CDD, versus a mandated and inflexible criterion.
Accountable institutions are required to know and understand which natural persons ultimately own or exercise control over legal entities or structures. An accountable institution is now required to identify the individuals who exercise effective control over such entities and/or structures, and who receives benefits – financial or otherwise – from such entities.
Risk Management and Compliance Programme
Accountable institutions are now obliged to develop, document, implement and maintain a Risk Management and Compliance Programme (RMCP). The Act dictates that the RMCP replaces the formerly required FICA Internal Rules of the Organisation.
The RMCP is an all-encompassing document which sets out how accountable institutions must comply with its obligations in terms of the Act. The RMCP must be approved by an organisation’s Board of Directors and needs to be reviewed on a regular basis so that it remains relevant to the organisation’s operations and risks identified.
Approach and Classification of PPOs and PIPs
Another significant concept included in the Act is the introduction of foreign Prominent Public Officials (PPO) and local Prominent Influential Persons (PIPs), previously referred to as Politically Exposed Persons (PEPs). The Act provides that business relationships with PPOs are automatically deemed high risk, whereas business relationships with PIPs are not automatically deemed high risk.
As such, it is not a requirement that a business relationship with a PIP undergo stringent CDD when it is conducted, unless red flags are discovered during a standard CDD process. If such a situation arises, these stringent measures will come into effect post fact.
In South Africa, this part of the Act has led to the increased scrutiny of family members and close associates of PPOs and PIPs by authorities including the SA Revenue Service and other accounting institutions.
In order to ensure that client information is accurate, and that actions taken throughout the business relationship are consistent with the information provided by the customer, Transactional Monitoring requires accountable institutions to sufficiently understand every transaction taken throughout that relationship. The concept of Ongoing Due Monitoring has also met expression within the Act.
Accountable institutions have a duty to keep CDD records, including documentation relating to transactions, for five years from the date on which the business relationship was terminated.
Through introducing and/or clarifying these procedures and checks, South Africa has avoided being in breach of its commitments to the FATC. Non-compliance with the FATC signals to the global financial and banking system that there are heightened risks associated with transactions in a specific country.
If a country is blacklisted under FATF – such as North Korea, Iran, and Cuba – companies may not receive or send money to or from blacklisted countries. This may result in adverse consequences, such as sizable fines or the specter of imprisonment for those working within accountable institutions.
If an accountable institution is found to be guilty of an offence regarding their responsibilities, harsh penalties may be handed down. These include but are not limited to the maximum penalties for offences relating to CDD violations, record keeping and reporting requirements, which are 15 years imprisonment or a R10 million fine. The penalties for money laundering are even more punitive, though not exceeding R100 million or 30 years imprisonment.
The Act ensures that South Africa’s financial system is seen as a trusted party by its peers and business around the world. It’s greater emphasis on monitoring and evaluation, especially of PPOs and PIPs further adds another quiver to the bow of local and international law enforcement.