Setting the stage for financial integrity
Credit providers in South Africa are identified as susceptible to money laundering (ML), terrorist financing (TF), and proliferation financing (PF). To mitigate these risks, they must comply with the Financial Intelligence Centre Act (FIC Act), which outlines regulatory requirements for accountable institutions and includes several distinct obligations.
Understanding credit providers in the scope of the FIC Act
The FIC Act defines credit providers in terms of item 11 of Schedule 1, as a person who carries on the business of a credit provider as defined in the National Credit Act (NCA) and are required to register as a credit provider with the National Credit Regulator (NCR). The second category are those offering to carry on the business of providing credit in terms of any credit agreement that is excluded from the application of the NCA by section 4(1)(a) or (b).
Credit providers who are registered with the NCR are accountable institutions, they must therefore comply with several obligations, including registering with the Financial Intelligence Centre (FIC), developing a Risk Management and Compliance Programme (RMCP), implementing a risk-based approach, conducting customer due diligence, beneficial ownership identification, screening clients against financial sanctions lists and monitoring transactions.
Registration with the FIC (goAML)
To fulfil their compliance duties, credit providers must first register with the FIC via the goAML system. Credit providers must register with the FIC to access its reporting platform, goAML. If an institution falls under multiple Schedule 1 items, such as a credit provider and a high-value goods dealer, it must register separately for each item. Registration is free and must be submitted electronically, accompanied by supporting documents such as certified identity documents and an authorisation letter from the compliance officer.
The Risk Management and Compliance Programme (RMCP)
A critical requirement of the FIC Act is the implementation of a Risk Management and Compliance Programme (RMCP). Section 42 mandates that RMCPs document governance controls, risk-rating frameworks, customer due diligence procedures, targeted financial sanctions (TFS) measures, and transaction monitoring. Additionally, RMCPs must ensure group-wide compliance across branches and subsidiaries, facilitating information-sharing while safeguarding confidentiality.
The General Laws Amendment Act (GLA Act) expands RMCP requirements, compelling institutions to establish systematic risk assessments and mitigation frameworks. Public compliance communication 53 (PCC 53) and Guidance note 7A (GN7A) provides guidelines on drafting comprehensive RMCPs and refining risk management strategies.
Credit providers must also appoint a FIC Act compliance officer, train employees on FIC Act requirements, maintain transaction records, and submit regulatory reports to the FIC.
Reporting
Credit providers also have reporting obligations. These reports include suspicious and unusual transaction reports (STRs) for completed transactions and suspicious activity reports (SARs) for abandoned transactions. Reports must be submitted as soon as possible but no later than 15 days of identifying suspicious activity of facts which give rise to the suspicion. If a transaction involves a designated person on the United Nations Security Council’s sanctions list, a terrorist property report (TPR) must be filed, and associated assets must be frozen.
Credit providers specific money laundering (ML), terrorist financing (TF), and proliferation financing (PF) risks
Credit providers face varying levels of exposure to money laundering (ML), terrorist financing (TF), and proliferation financing (PF) risks, depending on the nature of their products, clients, and transactions. It is the responsibility of each Credit provider to assess and understand its specific risk profile. For instance, illicit funds may be laundered through early loan repayments or by using loans to facilitate criminal activities.
The Financial Intelligence Centre’s (FIC) 2022 sectoral risk assessment highlighted that cash remains a common method for loan repayments—either directly or via deposits into credit providers’ bank accounts. This reliance on cash significantly heightens the risk of money laundering, underscoring the need for credit providers to exercise heightened vigilance when handling cash transactions. Credit providers must apply enhanced monitoring and due diligence to mitigate these threats.
By assessing their ML, TF, and PF risks, credit providers can implement appropriate and proportionate controls to safeguard their operations.
By following a risk-based approach, credit providers can assess vulnerabilities and implement proportionate controls to enhance financial integrity. Compliance with FIC regulations not only strengthens the sector’s security but also contributes to broader efforts in preventing financial crimes.
The FIC provides further guidance through compliance communications and resources on its website, supporting credit providers in fulfilling their regulatory duties.
Masthead has been helping businesses implement and comply with FICA requirements since 2004. Our knowledgeable Compliance Officers possess extensive expertise in FICA regulations. Get in touch with us for more information and assistance or contact your nearest Masthead Regional Office.