Accountable institutions, such as Financial Service Providers (FSPs), legal practitioners, and estate agents to name a few, are at risk for being targets for Money Laundering and/or Terrorist Financing (ML/TF). By knowing your clients and regularly assessing them and their transactions for the duration of your business relationship, you can prevent ML/TF from occurring in your business.
Customer due diligence in terms of the Financial Intelligence Centre Act (FICA) refers to knowing your clients and understanding their business. Customer due diligence measures that are properly implemented can help you to better manage your client relationships. You can then more easily identify any possible attempts by clients to exploit your products and services for ML/TF purposes.
Each client should be given a risk rating during the onboarding process to determine their risk for ML/TF. Based on your rating, you can apply either a simplified or more enhanced process of customer due diligence.
However, that is not where it ends. Section 21C of FICA requires accountable institutions to conduct customer due diligence on an ongoing basis. In various guidance publications on the risk-based approach, the Financial Action Task Force (FATF) also mentions that businesses must conduct ongoing due diligence of their clients during the business relationship.
Ongoing customer due diligence is necessary, as clients’ risk profiles and/or their business activities may change over time. For example, they may become prominent influential persons or high net worth individuals, which will impact their objective. Alternatively, they may form business relationships or transact in countries known for weak ML/TF legislation. They may even take up another product that was not in line with your expectations during onboarding, or is more desirable for money laundering.
Consider the following scenario in which your client is a teacher and you are aware of their monthly earnings. This helps you form an understanding of the types of transactions that would fit with the client’s income pattern and portfolio. If the client approached you for products that are not in line with their income pattern – for example, a R10 million investment – without proper identifiable sources of those funds, ongoing monitoring obligations should prompt a possible report to the FIC.
Requirements of ongoing due diligence
Ongoing customer due diligence is the process of monitoring clients for ML/TF risks on an ongoing basis. It involves reviewing and scrutinising client transactions undertaken throughout the business relationship.
It also entails determining the background and purpose of all complex, unusual and large transactions, and any unusual patterns of transactions that have no apparent business or legal purpose. Where necessary, you should check the source of funds used for transactions.
Furthermore, you should check that the information you have about each client is still accurate and relevant. To do this, compare the information gathered at client onboarding with the client’s current information and update their information if necessary. This is also a good opportunity to conduct a fresh screening of the client against any sanction lists.
By reviewing existing records, particularly of higher-risk clients, you can also ensure your documents, data or information collected in the ongoing due diligence process are kept up to date and relevant.
Monitoring can be manual, automated or a combination of both. It extends across all products held by the client, as well as any changes to the client’s risk profile such as behaviour, use of products and the amount of money involved. All the information you gather should be verified against information contained by reliable and third-party sources and, as far as possible, the original source of the information.
The aim of these ongoing checks is to identify if any client activities are out of the ordinary, given your knowledge of the client or the intended nature of the business relationship.
A client’s transactions conducted during the business relationship should be consistent with your knowledge of that client, their business and risk profile. You should always be able to say, “Yes, this transaction makes sense, given what I know about the client.” If not, you may have grounds to report suspicious or unusual activity.
How to conduct ongoing due diligence
The processes of your ongoing customer due diligence should be documented in your Risk Management and Compliance Programme (RMCP). It should specify how you will examine complex or unusually large transactions and unusual patterns of transactions that have no apparent business or lawful purpose, as well as how you will keep the written findings of such transactions. You must also be able to demonstrate that the process in your RMCP is being followed closely.
To help you document your ongoing customer due diligence, you could develop and incorporate a questionnaire in your ongoing due diligence process.
Some of the questions you could include are:
- Has the client’s information been verified against the information on record?
- Has any of the client’s circumstances or information changed?
- If the client transacted more than once during the business relationship, were the transactions consistent with your knowledge of the client and the client’s business? Were any of the transactions complex, unusual or unusually large, or without any apparent business or legal purposes?
- Has there been any change to the client’s status as a domestic prominent influential person?
- Were the sources of the funds or income easily identifiable and traceable? If not, are there grounds to report a suspicion of ML/TF?
Frequency of ongoing customer due diligence
It is important to make provision for how and when to conduct ongoing customer due diligence checks when you establish a business relationship with a client. The level, intensity and frequency of ongoing due diligence should be appropriate for the level of the client’s risk profile. A low-risk client may only need to be reviewed every three years, whereas a high-risk client may require an annual review.
It is not necessary for a client to be called into your office, you can review the information independently, looking at the information gathered at client take-on as well as all the transactions concluded during the course of the business relationship.
To ensure your ongoing customer due diligences are conducted at the intervals prescribed in your RMCP, you can diarise the dates. Alternately, you can have a system in place that automates the due diligence process.
Penalties for non-compliance
Supervisory bodies such as the FSCA impose administrative sanctions on accountable institutions (such as FSPs) that do not comply with the FICA requirements. Non-compliance is generally identified during an inspection.
In an administrative sanction published by the FSCA in 2021, an FSP did not conduct ongoing customer due diligence, amongst other things. Looking specifically at the due diligence aspect of the inspection, the FSP did not conduct ongoing due diligence on four sampled clients. This resulted in a financial penalty of R40 000. The total administrative sanction, taking into account all areas of the FSP’s contravention, amounted to R50 000.
As any accountable institution can be a possible target of money laundering, proper ongoing monitoring of your client relationships, especially higher risk client relationships, is necessary. This will mitigate your business exposure to ML/TF risks. The bottom line is that you should confidently know who you are dealing with, considering your risk assessment analysis of each client.
If you need assistance in implementing an ongoing customer due diligence process that makes sense for your business, we can assist. Please contact your Masthead Compliance Officer for more information.