The Financial Intelligence Centre (FIC), in collaboration with the National Treasury, South African Reserve Bank and the Financial Sector Conduct Authority (FSCA), recently published Guidance Note 7A (GN 7A). This guidance replaces the previous FIC Guidance Note 7 and emphasises a risk-based approach to compliance. Effective from 13 February 2025, GN 7A introduces significant updates focusing on the Risk Management and Compliance Programme (RMCP) requirements.
Key Updates in GN 7A
Strengthened RMCP Requirements
Accountable institutions are required to develop, document, maintain and implement a comprehensive RMCP that addresses money laundering (ML), terrorist financing (TF), and proliferation financing (PF) risks. The RMCP must record all elements as set out in section 42 of the FIC Act.
GN 7A requires comprehensive RMCP documentation, enabling the board to assess its adequacy. The RMCP documentation must be readily accessible. It should cover the institution’s risk management policies, risk assessment methodologies, and risk profile in relation to ML, TF, and PF. Additionally, it should include training on ML, TF and PF to ensure employees understand their legal and regulatory responsibilities.
The RMCP must be suitable and effective for the institution, with consistent monitoring and periodic audits to ensure its effectiveness.
Elements of an effective RMCP
The RMCP should include:
- Risk Identification: Institutions must conduct an entity-wide risk assessment to identify ML, TF and PF risks. This assessment should consider various factors such as the nature, size, products, service offerings, industry, client base, geographic locations and complexity of the business.
- Risk Mitigation and Management: Implement appropriate controls to manage identified risks, including customer due diligence (CDD), reporting and record-keeping.
- Monitoring: The effectiveness of risk controls should be continuously evaluated and updated as needed.
Board and Senior Management Responsibilities
The board of directors or senior management must approve the RMCP and ensure compliance. This responsibility cannot be delegated. Institutions that are legal persons must have a compliance function with sufficient competence and seniority to assist with compliance.
The RMCP must be detailed enough to enable the board to understand and manage ML, TF and PF risks. The board or senior management is accountable for the adequacy of the RMCP and will be held responsible if it is found inadequate.
The board or senior management must also ensure a culture of compliance within the institution. Policies, procedures and processes must be designed to identify, assess, monitor, mitigate and control ML, TF and PF risks.
Group-wide RMCPs
Institutions operating within a group structure may implement group-wide RMCPs tailored to address the specific risks of each entity within the group. Separate entity risk assessments should be conducted by each accountable institution, feeding into the group’s entity-wide ML, TF and PF risk assessment.
Compliance with Local and International Obligations
Institutions must comply with the necessary measures to counter ML, TF and PF in all jurisdictions where they operate. If foreign regulatory standards are lower than South African standards, the institution must meet South African requirements unless prevented by specific reasons, in which case supervisory bodies must be informed.
Review and Updates
The RMCP must be reviewed regularly to ensure it remains relevant. Any amendments must be documented and formally approved.
Conclusion
GN 7A underscores the importance of a proactive and well-documented risk management approach. By enhancing board accountability, risk identification and ongoing compliance measures, the updated guidance aims to strengthen South Africa’s financial sector resilience against money laundering, terrorist financing and proliferation financing threats.
Do you need assistance with your FICA RMCP?
Masthead has been helping businesses implement and comply with FICA requirements since 2004. Our knowledgeable Compliance Officers possess extensive expertise in FICA regulations. We are well-equipped to assist you in tailoring and implementing a FICA RMCP in your business.
For more information and assistance, get in touch with us or contact the Masthead Regional Office closest to you.