A number of administrative sanctions were published during the past year which related to non-compliance with the provisions of the Financial Intelligence Centre Act (FICA). These administrative sanctions were meted out by supervisory bodies such as the Financial Sector Conduct Authority (FSCA) and the South African Reserve Bank (SARB).
Accountable and reporting institutions are required to comply with the provisions of FICA. The Financial Intelligence Centre, as well as any supervisory body may impose administrative sanctions on accountable or reporting institutions, where the institution is in contravention of the FIC Act, any order, determination, or directive made in terms of FICA.
An administrative sanction could be in the form of a caution not to repeat the conduct which led to the non-compliance, a reprimand, a directive to take remedial action, a restriction or suspension of certain specified business activities, to a financial penalty of up to R10 million for natural persons, and up to R50 million for any legal person.
The administrative sanctions imposed over the past year are a result of accountable institutions failing to comply with certain provisions of FICA, which the supervisory body identified during inspections conducted. The administrative sanctions imposed by the various supervisory bodies over the past year for non-compliance with FICA resulted in financial penalties ranging between R5000 to R20 million. Accountable institutions are therefore urged to ensure that they are FICA compliant.
Below, we look at some of the areas of non-compliance that were identified during April 2020 – April 2021 and offer guidance to avoid such:
Risk Management and Compliance Programme (RMCP)
Over the past year, 87% of all FICA administrative sanctions were as a result of non-compliance with the requirement to develop, document, maintain and implement an RMCP. During inspections, there were either instances where no RMCP was implemented at all, or where there was an RMCP, it was a generic document which was not customised to the institution’s business operations.
It is important to understand that the RMCP should not be treated as a “copy and paste” exercise and can therefore not be a generic document which is filed and forgotten about.
Accountable institutions must ensure that its RMCP incorporates the requirements of FICA which are applicable to the business entity and must be customised, as well as reviewed and maintained regularly, to ensure that it is relevant to its business operations.
Training
There were 60% of instances in all FICA administrative sanctions where there was non-compliance with the requirement of training. The training requirements include the following elements:
1) Training must be ongoing
2) Training must be done on the FIC Act
3) Training must be done on the institutions RMCP
It is recommended that accountable institutions regularly train staff members in accordance with these requirements to enable them to comply with the provisions that are applicable to them, and to keep adequate records of such.
Customer Due Diligence (CDD)
Accountable institutions were found to be non-compliant with the CDD requirements in 53% of all administrative sanctions.
Accountable institutions are required to establish and verify the identity of a client in accordance with the processes and procedures as set out in its RMCP, and to keep records of same. Accountable institutions should use the findings from its risk rating assessment to decide on the appropriate level and type of CDD it will apply to a client.
Accountable institutions are required to keep CDD and transaction records for a period of at least five years from the date the business relationship was terminated, or a single transaction concluded.
Reporting Duties
In 13% of administrative sanctions, accountable institutions failed to submit Cash Threshold Reports to the Financial Intelligence Centre.
Where an accountable institution receives or pays out a cash amount in excess or R24 999.99, it is required to submit a report to the Financial Intelligence Centre as soon as possible, but no later than two days of becoming aware of the transaction, or series of transactions. It is recommended that accountable institutions do daily checks on bank statements in order to detect these transactions and file the necessary report as soon as possible.
GoAML log in credentials
In terms of Directive 02/2014 issued by the Financial Intelligence Centre on 9 April 2014, no person may share their goAML login credentials. In 20% of administrative sanctions, there were instances where the accountable institution’s goAML login credentials were shared with either members of the accountable institution such as personal assistants, or to external parties such as the external compliance officer.
Masthead can assist you with FICA compliance, preparation for FIC inspections and FICA training
We offer a wide range of services to all Accountable and Reporting Institutions including FICA training for your employees, hands-on assistance with the implementation of FICA requirements in your business and support services when preparing for a FIC Inspection.
Speak to your Masthead Compliance Officer or get in touch with us for more information on how Masthead can assist you to be compliant in terms of the FICA requirements.