The Financial Intelligence Centre (FIC) recently published draft Public Compliance Communication 105 (draft PCC 105) for public comment. The draft PCC 105 provides guidance on the use of reliance agreements by accountable institutions for customer due diligence (CDD) on shared clients.
Accountable institutions are required to implement a Risk Management and Compliance Programme (RMCP) that, inter alia, must provide for the manner and processes in which the accountable institution will conduct CDD (establish and verify the identity of a client). In terms of draft PCC 105, an accountable institution may include in its RMCP the reliance on another accountable institution for the collection of CDD information where the client is the client of both accountable institutions, however the “relying accountable institution” as defined in draft PCC 105 remains responsible for the complete CDD process, including the risk rating of their clients. It is important to note that reliance agreements form part of the manner in which an accountable institution conducts CDD and does not impact or exempt the accountable institution’s obligation to conduct CDD.
In Recommendation 17, the Financial Action Task Force (FATF) states that an accountable institution may rely on a third party to assist with customer identification and verification on the following conditions:
- The relying institution should immediately obtain information to identify and verify the customers, their beneficial owners – including the ownership and control structures of legal entities, understanding the purpose and nature of the business relationship and should conduct ongoing due diligence on the business relationships and transactions to ensure it is consistent with the relying institution’s understanding of the business;
- Client information and other relevant data must be made available to the relying institution upon request without delay;
- The relying institution must be satisfied that the third party is regulated, supervised or monitored and that it has the measures in place for compliance with customer due diligence and record keeping requirements; and
- Country risks must be considered when relying on businesses from other jurisdictions.
Draft PCC 105 also sets out guidance on principles that should be included in a reliance agreement and states that if an accountable institution makes use of a reliance agreement for the purposes of conducting CDD, its RMCP must clearly set out the practice of relying on another accountable institution to conduct CDD. Other requirements that would need to be considered and addressed in the RMCP, if the accountable institution makes use of a reliance agreement for the purposes of conducting CDD, would include (but not be limited to) risk rating and record keeping requirements.
Importantly, draft PCC 105 makes it clear that an accountable institution cannot place reliance on the AML/CFT risk, and associated rating assigned to the client by the third-party accountable institution or the screening performed on the client by the third-party accountable institution.
Comments on the draft PCC 105 are invited to reach the FIC by no later than 19 November 2019 via e-mail on Consult@fic.gov.za.