The Financial Intelligence Centre (FIC) Amendment Act, 2017 was signed into law by the president on 26 April 2017. On 13 June 2017, the Minister of Finance, signed and gazetted different commencement dates for different sections of the FIC Amendment Act. The commencement dates are as follows:
- 13 June 2017 – The first set of provisions commenced
- 2 October 2017 – The second set of provisions commended
- Date to be determined after 2 October but expected to be no later than the end of 2018 – The two remaining set of provision.
As an independent financial advisor, you may need to review your current FICA framework to comply with the second of four sets of provisions of the FIC Amendment Act, 2017.
These provisions, which commenced on 2 October 2017, require you as an accountable institution to adopt a risk-based approach to money laundering and terrorist financing (ML/TF).
The FIC’s draft guidance on how to implement the new measures requires you to be able to demonstrate how you contextualise the ML/TF risk concept and the impact on your business. This includes identifying and assessing ML/TF risks, putting measures in place to manage and mitigate the risks, and including these measures in your Risk Management and Compliance Programme.
Shifting to a risk-based approach
Shifting from rules to a risk-based approach means compliance no longer just requires you to tick all the boxes and follow certain rules. Rather, this approach offers greater flexibility, which implies less regulation.
It means you now have a greater responsibility to identify and counter the risk associated with certain businesses and clients. You need to address the likelihood and impact of ML/TF activities materialising due to threats and/or vulnerabilities in your business using the current controls in your business, or amending them to do so.
How to assess ML/TF risks
To assess a ML/TF risk after identifying it, you need to understand how the risk affects you, the likelihood of the risk happening and the impact of such a risk. Your approach to assessment can be simple or sophisticated, depending on the size and complexity of your business and the nature and range of your products and services.
When looking at indicators that relate to ML/TF risks, and specifically regarding products and services, consider asking:
- What is the target market for the product?
- Under what specific conditions would clients have access to funds?
- Are prospective clients on-boarded through non face-to-face processes?
- Where is the client domiciled or does the client operate in another country?
Keep in mind that not all clients pose the same ML/TF risks. If you offer a wide range of products and services, consider how you engage with a client in relation to your products and services.
Other questions that can help assess risk include the nature of the client’s business activity, the tenure of the business relationship and if the client is a prominent public person.
How to manage ML/TF risks
The FIC proposes managing risk with the following mechanisms:
- Implementing systems, policies and procedures (to be included in your Risk Management and Compliance Programme)
- Training staff
- Establishing a process to exit from high risk relationships
- Providing adequate supervision for higher risk activities.
ML/TF risk management is a continuous cycle, as the risk associated with a client may change over time. It is therefore essential to re-evaluate risk factors. You should also satisfy yourself that the systems and controls are still adequate and reflect the emerging threats and vulnerabilities you face.
How to mitigate risk
Mitigating ML/TF risk refers to how you minimise the identified ML/TF risk using the systems and controls at your disposal.
One such way is through customer due diligences (CDD). These help you to determine with whom you are doing business, if anyone benefits from the business done with your client and when businesses should be considered suspicious or unusual.
If you identify a higher ML/TF risk, you can:
- Increase CDD measures
- Involve senior management in decisions to on-board customers
- Have specialist dedicated staff manage an enhanced due diligence for specific clients.
The systems and controls you implement to respond to an assessed risk must be able to respond effectively if a risk materialises. If you identify, rate and assess a higher risk, take enhanced measures to mitigate the risk, and the controls will be stronger. For a lower risk, simplified measurements can apply to CDDs and lighter controls will suffice.
A risk-based approach is not fool proof, as you might take all reasonable measures to identify, assess, manage and mitigate the ML/TF risk, but still be exploited for ML/TF purposes. However, it is important to have adequate processes in place, as the consequences of not doing so can be quite severe, considering the penalties that FIC issued against the banks.
For a comprehensive, up-to-date understanding of the FIC’s requirements and duties, book now to attend our FICA seminars.