The FSCA paused their compliance reports last year due to them not being done with the new format compliance reports. Although we do not have written confirmation or any notice to this effect - we've heard from some of their staff that it also affects AUM reports and Handover reports (still to be confirmed). And it does not seem that we have any news on new compliance reports for this year. However, there is some other news.

They are busy though, with onsite inspections. Some of our clients were recently inspected and only on FICA. From discussions with people in the industry they are doing inspections on a broad number of FSP's so you should be ready in case they come to visit you.

You should focus on your FICA compliance ASAP. If you do not have the basics in place your are at risk of being fined. Yes, several FSP's have recently been fined for not complying with even the smallest aspects of FICA after the inspections were conducted (none of our clients though).

What do you need to have in place?

• Your RMCP(Risk Management and Compliance Programme) needs to be in place
• The RMCP must be adopted by senior management or directors
• Ensure you are registered as AML Compliance Officer with the FIC and that your FSP is registered
• You must have a list of active clients with details
• Training must be done on FICA compliance with a test for all staff on a refresher basis (contact us-we have an online solution)
• Your client files need to be complete
• It is very important that you must show that you risk rated all your ongoing clients according to your RMCP
• Very important that you know what your RMCP states and how to use it as they will ask you these questions.
• RMCP's need to be tailored to your business - your logo and name must be reflected and it must reflect the processes you actually use

How will the inspection happen?
They will usually contact the Key Individual and inform them of the impending inspection. They will ask for certain documentation beforehand to peruse it before they visit you. They then provide you with a date on which they will arrive and state what you need to have ready on the day. You will likely not have a fun time during the inspection, but with our help we can make it a little less daunting.

This is a quick summary of what to look out for. If you need assistance please let us know - we are here to help.

Seeing your country being pulled down by corruption is hard for anyone. As compliance officers, it's even more difficult as we are often faced with situations where clients and other businesses are actually involved in this to some degree. I can tell you, from experience, that it is not something that one should take lightly. Let's take a look at the risks one faces with PEP's and what to do with them.

The FIC Amendment Act of 2017 still includes the concept of PEPs, however, the naming conventions have now changed to distinguish between foreign and domestic PEPs as follows:

• Foreign prominent public officials (FPPO) which equates to the currently used term of Foreign PEP and
• Domestic prominent influential persons (DPIP) which equates to currently accepted term of Domestic PEP however includes people in the private sector who do business with government, traditional leaders etc. 

 
What is the risk?
We must be able to identify PEPs because their prominent public position may increase the risk of their involvement in bribery and corruption and consequently of laundering the proceeds of any such activity (as one can see from the recent corruption scourge that plagued our country).
 
Example
A high ranking South African government official opened a number of accounts with an overseas bank. However, his activity raised a number of concerns that the account was being used to launder the proceeds of corruption. The value of cash deposits into these accounts was inconsistent with the stated purpose of the accounts and the customer’s income. In addition, the official opened an offshore company in a “tax friendly” jurisdiction with himself as sole director and sole shareholder. The deposits paid into the company accounts were considerably more than expected and, contrary to what is expected of a functioning business, there were no outgoing payments. After a Suspicious Transaction Report (STR) was submitted, the individual was investigated and charged with money laundering offences and subsequently sentenced to prison.

What are the proposed controls? 
Due to the susceptibility of bribery and corruption associated with PEPs, businesses often don’t want to do business with them, however this is an unintended consequence of the associated risk. Processes and procedures need to be in place to identify customers who are PEPs and when you identify a PEP you must follow your business procedures and compliance policies.
 
When looking at guidance from international bodies such as the Wolfsberg Group and the Financial Action Task Force, PEP relationships are considered higher risk and should ideally be subject to Enhanced Due Diligence (EDD) such as verifying their source of wealth, regular CDD/KYC reviews and the requirement for Senior Management to give their approval prior to entering into or maintaining the customer relationship. It can also happen that a PEP is not a customer of the accountable institution, but rather a related party such as a beneficial owner. The accountable institution needs to decide what its approach will be in these instances as well. This will usually be contained in the internal rules/policy/processes.
 
It is important to remember that categorising a customer as a PEP does not mean that they are, or have been, involved in any criminal activity. The can also be risk rated in terms of the accountable institution’s Risk Based Approach (RBA).
 
The FIC Amendment Act also requires that the following requirements be met for higher risk Foreign Prominent Public Officials and Domestic Prominent Influential Persons:

• Obtain senior management approval for establishing the business relationship;
• Take reasonable measures to establish the source of wealth and source of funds of the client; and
• Conduct enhanced on-going monitoring of the business relationship.

Risk rating your customers are very important in the new improved version of FICA and PEP's are certainly no exception. Do not take any chances and report any instances of proven or suspected criminal activity via the right channels. You would be doing yourself and everyone, for that matter, a great service. 

The new amendments of FICA changes the compliance framework for accountable institutions to a great extent and we'll discuss some of the more pertinent items in this blog post.

According to the new requirements of FICA, accountable institutions now need to take a risk based approach to FICA and the implementation thereof. This includes:
 

• The nature, scale and complexity of the accountable institution’s business; 
• The diversity of its operations, including geographical diversity; 
• Its client, product or services profile; 
• Its distribution channels; 
• The volume and size of its transactions; and 
• The degree of risk associated with each area of its operation. 

 
One must also now be able to risk rate clients according to the risk that they pose with regards to being used for money laundering or to channel the proceeds of any crime. Certain customers and businesses are a lower risk than others and some are a higher risk. Some of the aspects that one can look at to determine the risk a client poses are:
 

• Does the client operate in a sector or industry that is subject to specific standards, market entry or market conduct requirements, other regulatory requirements (especially AML/CFT measures)? 
• Has the client been in a business relationship with the institution for a period of time? 
• What has been the patterns of transaction behaviour (e.g. speed, frequency, size, volume, etc.) of a client who has a history of a business relationship with an institution? 
• Has the institution previously observed suspicious or unusual activities or transactions on the part of the client? 
• If the client is a corporate vehicle, is it part of a complex or multi layered structure of ownership or control? 
• What information does the client provide concerning their source(s) of income? 
• What is the nature of the client’s business activity, e.g. does the activity involve transacting in large amounts of cash, cross-border movements of funds, trading in sensitive, controlled or sanctioned commodities, etc? 
• What is the nature of the type of the products and services offered by the client? 
• Does the client operate solely within the country or do they have cross-border operations? 
• Is the client’s product selection rational with a view to support their business or personal needs? 
• Does the client occupy a prominent public position or perform a public function at a senior level or does it have such individuals within its ownership and control structure? 
• Is there adverse information about the client available from public or commercial sources? 
• Is the client known to be subject to financial sanctions? 

 

When and if you see that a customer is a medium to higher risk we always advise in taking extra measures with software such as:
PEP (Politically Exposed Person) checks 
Sanctions checks
Adverse news checks (i.e. that shows allegations or actual proven criminal activity)
Understanding the sources of funds better and the transaction aims
Asking any other questions that would comply with your risk based approach and set you mind at ease or that would prover your concerns with the client

We can assist you with any policy drafting requirements, risk measurements, training and software checks for PEPs, Sanctions and Adverse news screening. Contact us today for assistance to ensure your business is safe!

Schedule 1 and 3 to the Financial Intelligence Centre Act lists who should register with the FIC as Accountable and Reporting Institutions respectively. A failure to register with the FIC carries maximum penalties of up to R10m (R50m for entities) and 5 years in prison. Yikes!

It is also quite important to note that each branch of a business must register with the FIC separately, not just the head office.

The difference between Accountable and Reporting institutions are that Reporting Institutions merely report certain transactions on a continual basis, whereas Accountable institutions need to have policies and procedures to identify clients, to risk rate them according to a risk management control program and ultimately report certain transactions to the FIC such as Cash Threshold Reports (CTR's) and Suspicious Transaction Reports (STR's), among other things.

At the time this is published the list of Accountable and Reporting institutions are as follows:

Now it is also interesting to note that these lists are under review by the FIC and they will likely be expanded to include other service and product companies such as credit providers and auctioneers.

If you or your company needs any advice or services that with regards to FICA and Anti-Money Laundering please give us a call!

Accountable institutions such as lawyers, financial services providers and estate agents (among others) are required by the Financial Intelligence Centre Act 38 of 2001 (FICA) to provide training to staff on FICA in terms of section 43. The training must enable staff to comply with FICA and the internal rules of the company itself and it is not a requirement that this particular training puts them to sleep (although some compliance training providers can readily be regarded as sleep training experts).

A recent "Public Compliance Communication No. 18" by the FIC stated that the training must educate the employees on a range of different factors. Different training levels can be implemented at different levels of the organisation. We believe one can have a General Awareness for all staff in the company and then a more in-depth Specific Awareness training course. However, as always, it depends on the organisation to conduct training commensurate to the risks it is facing.

"The training can take place in any manner that the company deems fit. I.e. online or in person."

The training can take place in any manner that the company deems fit. I.e. online or in person. Tests must also be done to assess the knowledge gained and record must be kept of the training given and attendance. The FIC stated that the training must be "ongoing" and "refresher" training must be conducted. We believe that a good rule of thumb is to do any AML/FICA/KYC training once a year and as soon as any new joiners start with a company.

Any non-compliance with the Act in relation to the above-mentioned can result in a fine of R10 million and 5 years in prison.

So, if you don't want to be a jailbird, ensure your training procedures are in place or give us a shout to provide you with training at: hello@horizoncompliance.co.za.