On 23 March 2016 the FIC issued a Public Compliance Communication (PCC35) setting out a guideline for Accountable Institutions to assist them in implementing proper controls, processes and internal rules in terms of the FIC Act.
In terms of the FIC Act, Accountable Institutions (AIs) are required to implement procedures and processes that will regulate the way in which AIs comply with their obligations set out in the Act. A part of this process is the AI’s Internal Rules which should comply with the requirements set out in the Regulations.
If an AI fails to implement working controls and processes as contained in their Internal Rules, the FIC may find that the AI failed to formulate and implement their Internal Rules as prescribed by the FIC Act, and this may lead to an administrative sanction being issued by FIC against the AI.
Section 42 of the FIC Act sets out that an AI must formulate and implement Internal Rules which provide for the processes and controls followed by the AI in order to comply with the requirements of the FIC Act. In terms of the FIC Regulations, the Internal Rules should at a minimum include the following:
- Processes, procedures and control measures relating to client acceptance processes and procedures;
- Client and transaction monitoring;
- Record-keeping function;
- Reporting requirements; and
- Responsibilities of management with regards to compliance by the institution with the FIC Act, Regulations and Internal Rules.
This notice by the FIC indicates that it is important for management of AIs to ensure that their Internal Rules include practical working methods in identifying the parties to a business relationship or even when a single transaction is concluded with the institution. In FAIS Newsletter 19 the FSB highlighted that the Internal Rules must be customised, updated and approved by the senior management of the AI. Internal rules should be tailored and aligned to the business of the FSP or AI and should be simple and easy to understand. It is expected that the key individuals and senior management of the FSP have in-depth knowledge of the AML/CFT (Anti-Money Laundering and Countering Financing of Terrorism) risks as this will improve the culture of compliance in the business and enable them to raise awareness of these risks in the business. The necessary processes must be in place for staff to be able to correctly identify parties who transact with the business and to conduct verification procedures of the identities of such parties.
It is also important that all staff are sufficiently trained on the processes and controls contained in the Internal Rules so that they will be adequate in handling FICA related transactions. Staff must have knowledge of how to handle suspicious and unusual transactions and be able to follow the processes as set out in the Internal Rules. This was emphasised during a recent FIC on-site visit whereby staff were questioned about their understanding of the Internal Rules and the training which they had received. The actual processes followed by the business were also tested against the Internal Rules to establish whether there was alignment between the stated and implemented procedures.
AIs should review their Internal Rules in order to ensure that it is a practical working document relevant to the type of business of the AI. Staff should also be able to use the Internal Rules as a guide when dealing with FICA transactions. Failure to do so could result in an administrative sanction.