Get Exam-Ready with our RE 5 Preparation Package.  Find out more 

Media Articles

Is your FICA compliance up to scratch? How legal practitioners can bolster their RMCPs

Posted on 11 Jun 2024

Accountable institutions, including legal practitioners, can expect an increase in Financial Intelligence Centre (FIC) inspections following South Africa’s greylisting by the Financial Action Task Force (FATF) in February last year.

However, few legal firms have proper, if any, Risk Management and Compliance Programmes (RMCPs) in place. In this article, we look at how legal practitioners can beef up their RMCPs to pass muster when the FIC comes knocking.

Why the greater focus on legal practitioners?

Our Compliance Officers have noticed an uptick in FIC inspections of legal practitioners since last year, and this is likely due to the Centre tightening the reins on Financial Intelligence Centre Act (FICA) compliance as they try to do their part in getting the country off the greylist.

Legal practitioners, due to their range of services like fund transfers and complex legal structuring, face elevated risks of money laundering, terrorist financing and proliferation financing (ML/TL/PF) misuse. Particularly in South Africa, the prevalence of cash transactions in the legal sector heightens its risk profile.

In addition, according to a 2024 FIC report, attorneys involved in conveyancing in high-priced property areas in South Africa are at increased risk of money laundering. The FIC has said that they are actively identifying attorney firms operating in these regions.

What is Directive 6?

Last year, the FIC issued Directive 6, requiring specified accountable institutions to submit a Risk and Compliance Return (RCR) to the Centre by 31 May 2023. The aim of this directive is to gather information on accountable institutions’ understanding of their ML/TF/PF risks, as well as their compliance with the FIC Act.

In February of this year, the FIC reported a disappointingly low RCR submission rate from the legal sector. The platform for submissions remains open, and there was a slight increase in submissions in March, but the submission rate of 60% of the total number of legal practitioners registered with the FIC remains insufficient.

It seems the Centre is holding true to its warning that failure to submit RCRs will result in accountable institutions being labelled as delinquent high-risk entities requiring an inspection. In March, it issued 264 notices of intention to sanction for non-compliance with Directive 6, focusing notably on legal practitioners and estate agents.

One of the documents a legal practice is expected to hand over during a FIC inspection is a copy of their RMCP, as specified in terms of Section 42 of FICA, as well as proof that it was approved by their board of directors or senior management. They must also name someone as the firm’s Compliance Officer. This individual is responsible for ensuring that the practice and its employees comply with FICA.

Yet, despite the greater focus on FICA compliance, numerous legal firms either lack an RMCP or possess a generic RMCP that’s not robust enough to pass a FIC inspection.

Identifying risks

As an accountable institution listed in Schedule 1 of FICA, legal practitioners are required to adopt a risk-based approach when establishing a business relationship or conducting a single transaction with a client. Furthermore, the implemented controls must be proportionate to the identified risk. Simply having a generic RMCP in place won’t do. It should be customised to address the ML/TF/PF risks specific to a particular legal practice and incorporate control measures that effectively mitigate those risks.

Before compiling their RMCP, legal practitioners should conduct a thorough identification and assessment of potential risks associated with their services, client types, delivery channels, geographic considerations and other relevant factors. This will enable them to assign risk ratings to their clients, and those with higher ratings need more rigorous controls and enhanced due diligence.

The FIC advises legal practitioners to reflect on the following:

  • When evaluating products and/or services, consider factors such as the level of client anonymity, the possibility of third-party payments, the ease of converting the product/service to cash, and any additional checks required, such as credit or regulatory approvals.
  • Legal practitioners must understand their customers and the risks they pose. In general, natural persons are less risky than legal persons, i.e. companies or trusts. Criminals can exploit the complex structures of entities for nefarious purposes. Identifying the beneficial owners of legal entities, including shareholders and beneficiaries, is crucial. They should also assess negative media coverage, sources of income and wealth, and the risk associated with the client’s occupation or sector in terms of ML/TF/PF.
  • How are clients onboarded? Is it face-to-face or via virtual onboarding methods? In general, the former holds less risk than the latter.
  • Certain geographical locations may pose higher risks due to perceived corruption or lower levels of anti-money laundering (AML), countering the financing of terrorism (CFT) and counter proliferation financing (CPF) regulations.
  • Other factors to consider include client sanctions, domestic and foreign politically exposed persons (DPEPs and FPEPs) and prominent influential persons (PIPs).

How legal practitioners can bolster their RMCPs

After identifying and assessing the risks specific to their business, the next step for legal practitioners is to implement the necessary risk-mitigating controls via policies, procedures, systems, training, reporting and so forth. All these controls should be integrated into the firm’s RMCP.

In addition, it is crucial to view an RMCP as a dynamic document that is reviewed and updated regularly. In the event of changing ML/TF/PF risks, such as the introduction of new services or the onboarding of a new type of client, or updates to AML/CFT/CPF legislation, the RMCP should be promptly revised to effectively address these new challenges.

An RMCP should cover all the aspects detailed in Section 42 of FICA and include the following:

  • Client profiling: Methods and factors used to determine a client’s overall risk rating and source of funds verification.
  • Customer due diligence: Effective implementation and monitoring of customer due diligence procedures which must include client verification, risk rating and source of fund verification.
  • Additional due diligence: Identify and reasonably verify beneficial owners and relevant individuals and source of fund verification.
  • Enhanced due diligence: When dealing with higher-risk clients, obtain senior management approval and implement enhanced measures.
  • Simplified due diligence: With lower-risk clients, legal practitioners can apply less stringent measures.
  • Client transaction profiling: Profile expected activity for products, services and client types.
  • Ongoing due diligence: Maintain up-to-date and accurate client information.
  • Account monitoring: Monitor client accounts for suspicious and unusual activity.
  • Client screening: Check these against the targeted financial sanctions list on the FIC website.
  • FIC reports: Submit suspicious and unusual transactions reports, terrorist property reports, and cash threshold reports to the Centre using their online system.
  • Senior management reports: The firm’s AML/CFT/CPF Compliance Officer must regularly report to the sole proprietor, director or partners of the law practice.
  • Record-keeping: Maintain records of customer information, transaction details and reports submitted to the FIC.
  • Ongoing updates: Maintain and review the firm’s RMCP and all ML/TF/PF related policies and procedures on a continuous basis.
  • FICA training: Provide ongoing training to new and current employees, keep records as evidence to prove that training took place and that the training enabled staff to understand and comply with FICA and the firm’s RMCP. The firm’s RMCP should also be available to all employees.
  • Relationship with the FIC: Consult with representatives of the FIC and register and maintain the legal practice’s information on the Centre’s website.

The price of non-compliance

With regulatory bodies working towards getting South Africa off the FATF’s greylist, legal practitioners can expect greater regulatory scrutiny and increased inspections.

It’s crucial that legal firms bolster their RMCPs to mitigate risks effectively. This involves customising RMCPs to address specific ML/TF/PF risks, implementing dynamic controls and maintaining ongoing updates to adapt to changing circumstances and legislation.

Failure to meet compliance standards could lead to severe penalties – imprisonment for up to 15 years or a fine of up to R100 million – emphasising the critical importance of proactive measures in ensuring adherence to regulatory requirements.

Do you need assistance with your FICA RMCP?

Our knowledgeable Compliance Officers possess extensive expertise in FICA regulations and have a proven track record of implementing FICA requirements within legal businesses. We are well-equipped to assist you in tailoring and implementing a FICA RMCP that aligns with your legal practice. Additionally, we can provide valuable guidance to help you prepare for a FIC inspection.

If you wish to arrange onsite training, please click here or reach out to your nearest Masthead Regional Office.

Our Learning Centre also offers an online course, FICA and AML Online Course for Legal Practitioners, and a webinar, How to Avoid FIC Sanctions as a Legal Practitioner, both of which are specifically designed for those in the legal sector.


By Adila Ballim, Masthead Compliance Officer, and Shanal Boodiram, Masthead Compliance Manager

MASTHEAD IS

A national supplier of risk management services to independent financial advisors and other licensed financial service providers (FSPs). Established in 2004, we help our clients overcome their risk management challenges so they can grow and thrive in an increasingly regulated industry. Providing professional guidance and practical support, our team of specialists is passionately committed to delivering tangible solutions.

Why Masthead?

CONTACT US

Phone:

021 686 3588

E-mail:

  Show Email

B-BBEE CERTIFICATE

Masthead is a level 1 B-BBEE contributor.

Read more and view certificate