The Financial Intelligence Centre (FIC) published a draft Public Compliance Communication (PCC) for comment during March 2020, which sought to clarify issues relating to the practical application of the requirements of the FIC Act by accountable institutions that offer life insurance products and/or who provide advice or intermediary services in relation to life insurance products only. The comments on the draft have since been considered and incorporated into the final PCC 48 which was published by the FIC on 31 March 2020.
Under the old ‘rules based’ FIC legislation there were certain exemptions in respect of long-term insurance policies. However, with the introduction of the risk-based approach which allows accountable institutions to determine which business relationships or transactions pose a lower money laundering or terrorist financing (ML/TF) risk and to apply appropriate customer due diligence processes as set out in their Risk Management and Compliance Programme (RMCP), these exemptions became redundant and were withdrawn. This mean that accountable institutions must assess the risk themselves and perform appropriate customer due diligence, even for those clients that only transact in respect of life insurance policies which were previously subject to the exemptions. In light of this, PCC 48 provides clarity on three separate issues concerning:
- The risk assessment of an accountable institution’s clients,
- The consequences of naming of beneficiaries to a life insurance product, and lastly
- An accountable institution’s reporting obligations relating to suspicious and unusual transactions.
Client Risk Assessment
The PCC provides guidance to accountable institutions about how they should identify the risks of clients particularly in the context of life insurance business, and the timing of assigning a risk rating to a client and performing the associated level of customer due diligence.
Client risk rating
The FIC warns accountable institutions not to limit their understanding of the risk that a client may pose to only one factor that they view as low risk, for example product risk. Accountable institutions cannot routinely assign the same level of risk to clients based on only one aspect relating to a client. Even if the accountable institution considers a life insurance policy to be a low risk product, the institution must also take into consideration all the other risk factors related to the client which include things like geographical risk, political association of the client or prominence in society, adverse media publicity of the client, distribution channels, etc. Guidelines relating to the various factors which accountable institutions should consider can be found in the FIC’s Guidance Note 7.
The accountable institution may assign a different weighting to each risk indicator, according to the degree of ML/TF risk to which the institution might be exposed. Where the institution applies a substantial weighting to one particular risk indicator, such as product risk, then it must be able show how it is used to decide on the overall ML/TF risk related to the customer.
When going into a business transaction with the client, it is vital that the institution has a thorough understanding of the risks related to the client as this will inform the client due diligence methods that must be applied as per the FIC Act and RMCP.
When must the risk rating and customer due diligence relating to a client be completed?
The FIC has clarified that accountable institutions may not receive any funds (such as premium payments or payments received via debit orders) or make any pay outs until both the risk of the client has been determined and the appropriate customer due diligence has been completed. This means that the risk rating and customer due diligence process set out in the institutions RMCP must be done before accepting the person as a client of the institution. It cannot be deferred to a later time.
Who is the client?
The FIC clarifies in this PCC that the accountable institution’s client is the person with whom the institution establishes a business relationship and/or enters into a single transaction.
Obligations Pursuant to the Naming of Beneficiaries of a Life Insurance Product
The second part of the PCC deals with the obligations relating to the beneficiary/ies of a life insurance product. As information about the beneficiary is part of the information relating to the client, the institution must have some knowledge about the beneficiary at any given time, for the institution to formulate its overall assessment of the client risk. If a beneficiary is a known criminal, a sanctioned person who the accountable institution is prohibited from dealing with, or a foreign prominent public official or domestic prominent influential person, amongst other things, this would need to be considered when establishing the overall risk of the client. The FIC cautions accountable institutions not to continue with any arrangement where the beneficiary is identified as a person that they are prohibited from dealing with as this will cause problems for the accountable institution down the line.
It is important to note that the FIC does not expect customer due diligence to be conducted on the beneficiary when nominated as the beneficiary is not a client of the accountable institution at this stage, but rather requires information about the beneficiary to be considered in the overall context of assessing the client’s risk. However, the beneficiary will become a client of the institution when their rights in the insurance benefit are claimed or become payable.
Reporting Information Relating to Suspicious and Unusual Transactions
The last part of the PCC reiterates that accountable institutions have an obligation to provide their supervisory body, such as the FSCA, with a copy of a report or related facts or information which was submitted to the FIC in terms of section 29 of the FIC Act, when formally requested to do so.
FSPs that provide financial services to clients in respect of long-term insurance policies should review their RMCP and ensure that they incorporate the guidance provided in PCC 48 into their risk rating and customer due diligence processes. FSPs are strongly urged to take their obligations under the FIC Act seriously and to continuously review their approach to the ML/TF risks which their business is exposed to, and to update and adjust the processes set out in their RMCP as may be required. Recent sanctions imposed on accountable institutions by the FIC and supervisory bodies should serve as a warning to accountable institutions that do not meet all the requirements.