The Financial Intelligence Centre (FIC) recently published Draft Public Compliance Communication (PCC) 109 which provides guidance on the commencement and enforcement of the FIC Act as amended and which took effect on 2 October 2017. Draft PCC 109 states that accountable institutions must demonstrate full compliance with their obligations as set out in the FIC Act as amended in respect of its entire client base, including all existing high-risk clients as at 2 October 2017 and all new clients onboarded from 2 October 2017. Draft PCC 109 is currently open for public comment until 20 March 2020. Comments can be e-mailed to the FIC at Consult@fic.gov.za
Risk-based approach and Risk Management and Compliance Programme
The draft PCC 109 states that an accountable institution must have:
- fully implemented a risk-based approach to money laundering and terrorist financing risks within their organisations;
- documented and implemented the accountable institution’s Risk Management and Compliance Programme (RMCP);
- conducted customer due diligence (CDD), including enhanced due diligence on high risk clients in terms of both FICA and the accountable institution’s RMCP in respect of their entire client base;
- determined the manner in which the requirements of the FIC Amendment Act relating to customer due diligence which were not in force prior to 2 October 2017, will be met by the accountable institution for the remaining of its clients who are deemed not to be high risk, through the ongoing due diligence processes as set out in the accountable institution’s RMCP.
The draft PCC further states that accountable institutions that cannot demonstrate compliance with the obligations set out in the FIC Act as amended are non-compliant and may be subject to administrative sanctions. This is evident in the recent publications of notices of administrative sanctions by the FSCA addressed to those accountable institutions that do not fully meet the requirements.
These notices of administrative sanctions set out the nature of non-compliance and reasons for imposing the administrative sanctions which range between R10 000 and R20 000 for each accountable institution.
Some common trends of non-compliance which resulted in financial penalties are that the accountable institution:
- did not develop and implement an RMCP that incorporates the requirements of FICA that is applicable to its business entity;
- did not provide ongoing training to its employees on the FIC Act and on the institution’s RMCP;
- where it had an RMCP, the RMCP did not adequately address certain requirements, for example:
– processes and procedures to establish a business relationship or conclude a single transaction with anonymous clients or a client with a fictitious name;
– processes to conduct additional due diligence measures relating to legal persons, trusts and partnerships;
– how it will examine complex or unusually large transactions and unusual patterns of transactions which have no apparent business or lawful purpose and how it will keep a record of the findings;
– how it will deal with a situation where it has doubts about the veracity of previously obtained information;
– the manner in which an existing business relationship will be terminated;
– processes for reporting cash transactions and terrorist property reports to the FIC.
In addition to imposing financial penalties for non-compliance, accountable institutions are also directed to perform certain activities, such as:
- review their RMCP at regular intervals to ensure it remains relevant to its operations and the requirements of FICA;
- make the RMCP available to each employee involved in transactions to which FICA applies and to ensure that it is implemented accordingly;
- provide ongoing training to employees to enable them to comply with the provisions of FICA and the institution’s RMCP which are applicable to them.
Given that accountable institutions had an 18 month grace period to comply with the provisions of FICA as amended from 2 October 2017 until 1 April 2019, supervisory bodies such as the FSCA are no longer lenient with any form of FICA related non-compliance as clearly evidenced by the sanctions meted out and the objectives of draft PCC 109. Accountable institutions are therefore advised to adopt and implement a personalised RMCP and to review it regularly considering all the requirements emanating from the FIC Act. It is also not enough to simply put an RMCP in place – the processes set out in the RMCP must be applied in the day to day operations of the business. Therefore, ensuring that staff understand what is expected of them and know how to apply the RMCP processes that the business has decided on, is key to demonstrating compliance with the requirements.
Speak to your Masthead Compliance Officer or get in touch with us for more information on how Masthead can assist you to be compliant in terms of the FICA requirements.