I am a fan of regulations and compliance that have reasons and make sense. I am also a fan of "less is more" when it comes to regulation. In that vein I do believe much of our current financial services regulation in South Africa over-corrects to protect investors at the expense of economic activity and innovation. I've written a previous blog post about it that you can find here.

It seems like Crypto is heading the same way if some voices of reason do not speak up. It is not new that a country wants to control or outright ban Crypto. China has banned, un-banned and re-banned it many times over. Other countries have seen the light and provided enabling regulations for Crypto to flourish and grow. Mainstream adoption is growing exponentially in the form of ETF's being issued and even card issuers like Visa joining the party. Some Crypto Exchanges have even listed on major stock exchanges.

So, what have our regulators done so far? They have issued zero final regulations. To their  credit, there was a draft regulation on the advice and intermediary services on Cryptocurrencies issued in November of last year. But nothing has been said of that since a year ago. All that happened in the meantime is that the FSCA issued another draft regulation barring Pension Funds from holding Crypto assets. I would assume this includes NFT's (non-fungible tokens) in the form of Art which had sales of $10.7 billion in Q3 of 2021. The Reserve Bank has also reportedly pushed banks to prevent customers from buying Crypto with their cards and from buying Crypto from any company domiciled overseas. 

So basically we only have confusion and frustrated businesses. I can't begin to tell you how many Crypto businesses approached us in the last two years to find out how they can comply and get licensed. Unfortunately you can't yet.

I understand that many people have been taken for a ride by Crypto scammers. But, many people have also been taken for a ride by money scammers. Does declaring investing in normal fiat money a crime, solve the problem? No, you but can rather provide trust by licensing exchanges and funds at best. One cannot eliminate all crime by force over-regulation as the criminals will still find ways to do the crime (rather beef up the criminal justice system). What you will accomplish with this heavy handed regulatory approach is overburden those that want to comply en ensure that less people are economically active in this space.

Instead, enable the industry through a measured approach with limited regulation that is both practical and that encourages new entrants to the market.

Blockchain technology is already changing the world and offering better use cases, privacy and trust for all involved. Cryptocurrency is just one use case of  blockchain technology and we are at risk of getting left behind if do not create a better space for it to grow.

This blog is about the recently imposed administrative sanctions on Momentum Wealth (Pty) Ltd and Momentum Collective Investments RF (Pty) Ltd by the FSCA.

The broad reason for the sanctions was the ineffective money laundering/terrorist financing control measures of both accountable institutions, as required by the FIC Act. The total financial penalty imposed by the regulator on these institutions amounted to R11,100,000.00 (excluding an amount of R100,000.00 which is suspended for three years).

The breaches identified by the FSCA were the following:

1. Non-compliance with cash threshold reporting (CTR) requirements on historic transactions (2010-2017).
2. Risk-rating failures:

• Momentum Wealth failed to identify, verify and risk rate a beneficiary of one trust in terms of s 21B of the FIC Act.
• Momentum CIS failed to risk rate 38 clients in line with their own RMCP.

 
These cases serve as a reminder to accountable institutions to regularly submit cash threshold reports, risk-rate clients(and potential clients) and comply with your own RMCP.

​For more information click here

In this post we tell you all about how financial services companies can operate lawfully and safely during the lockdown. We are all aware of the lockdown currently implemented in South Africa due to the COVID-19, and even though we are in a lockdown, we should not confuse this period for a complete shutdown for financial services. Businesses that produce, distribute and deliver essential services are allowed to continue operations if necessary, whilst adhering to the correct health and hygiene procedures during this time.

There was a release of a third amendment which brings greater clarity to what is regarded as essential services in the financial sector. This amendment is the third amendment to the Regulations to the Disaster Management Act 2002, published by Government Notice No 318 of 18 March 2020, as amended by Government Notice No 398 of 25 March 2020 and Government Gazette Notice No 419 of 26 March 2020 (Regulations).

What is regarded as essential services in the financial market?
Essential Services in the financial market includes the following services necessary to maintain the functioning of a financial system as defined in section 1(1) of the Financial Sector Regulation Act, only when the operation of a place of business or entity is necessary to continue to perform those services:
​

• the banking environment (including the operations of mutual banks, cooperative banks, co-operative financial institutions and the Postbank);
• the payments environment;
• the financial markets (including market infrastructures licensed under the Financial Markets Act, 2012 (Act No. 19 of 2012);
• the insurance environment;
• the savings and investment environment;
• pension fund administration;
• outsourced administration;
• medical schemes administration; and
• additional services designated in terms of regulation 11B(4A)(c)(i)'.

What is our interpretation of FSP's rendering services during lockdown period?
We would argue the services that FSP's render fall under the essential services definition as mentioned above and can therefore continue operations if necessary to service current clients. This does not mean you should go out and canvass for new clients face to face. The essential services exemption is there to assist current clients in need that have no other option but to see you in person - i.e. vulnerable persons and those of little means. The FSP needs to have a CIPC certificate to continue operations and the staff need a permit issued by the FSP itself if they are traveling to and from clients.

Important information for FSP's during this lockdown period:

• If your FSP can continue servicing and acquiring clients in a non-face to face manner, great! Please continue business.
• Avoid seeing clients face to face at all costs. If you cannot, then operate under the following rules below.
• FSP's need to have a permit issued by the CIPC to render essential services in person to clients when doing so face to face.
• All the staff of the FSP need to have a permit to perform essential service Regulation 11B (3) issued by the FSP if they are travelling.
• FSP's need to adhere to health and hygiene protocols during this period, and therefore rather make use of video conferencing to communicate with clients where possible, such as Skype, Google Hangouts, Zoom or MS Teams. Phone calls are also an option if it is not necessary to see a client in person. 
• FSP's should remind clients of the potential consequences that could result in canceling their financial products. This reminder should be in written format to keep it as proof of informing clients of the potential consequences of termination. (This can be done via email.)

Where do I request a permit issued by the CIPC for my FSP?
The permit for an FSP to render essential services can be requested online, and is issued by the CIPC. Follow this link to request a permit or click on the "Request a CIPC permit" button below: bizportal.gov.za/essential_service.aspx

Where do I get a permit for the staff of my FSP if they are traveling to clients?
The permit to render essential services for staff of an FSP can be issued by the FSP. Use the form in this link, or click on the "Issue a Permit for my staff" button below: guideline_permit_essential_services.pdf

Are there any exemptions to provide relief to my FSP during the pandemic?
Annual Financial Statement submission dates are usually 4 months after the financial year end, it has now been extended by 4 months, therefore submissions are due 8 months after your FSP's financial year end.

An exemption for compliance with Financial Soundness Requirements was also issued and can be summarised as follows:

GENERAL SOLVENCY REQUIREMENT (Assets must exceed Liabilities) 
Exemption: Liabilities may exceed Assets by no more than 20%
Applies to: All Cat 1’s / Cat 2 / Cat 4

WORKING CAPITAL REQUIREMENT (Current Assets must exceed Current Liabilities) 
Exemption: Current Liabilities may exceed Current Assets by no more than 20%
Applies to: Cat 1 Holding Funds / Cat 2 / Cat 4

LIQUIDITY REQUIREMENT (Maintain Liquid Assets equal or greater than X/52 weeks of Annual Expenditure) 
Exemption: The Liquid Assets may not be less than 50% of the specified Liquidity Requirement:
Applies to:

• Cat 1 Holding Funds (where X = 4)
• Cat 2 (where X = 8)
• Cat 4 (where X = 4)

If you decide to rely on the exemption for Financial Soundness Requirements, there are certain conditions to be met. For more details, please refer to FAIS Notice 21/2020 on the FSCA website.

Note that there are also no Compliance Reports due for 2020.

The FSCA paused their compliance reports last year due to them not being done with the new format compliance reports. Although we do not have written confirmation or any notice to this effect - we've heard from some of their staff that it also affects AUM reports and Handover reports (still to be confirmed). And it does not seem that we have any news on new compliance reports for this year. However, there is some other news.

They are busy though, with onsite inspections. Some of our clients were recently inspected and only on FICA. From discussions with people in the industry they are doing inspections on a broad number of FSP's so you should be ready in case they come to visit you.

You should focus on your FICA compliance ASAP. If you do not have the basics in place your are at risk of being fined. Yes, several FSP's have recently been fined for not complying with even the smallest aspects of FICA after the inspections were conducted (none of our clients though).

What do you need to have in place?

• Your RMCP(Risk Management and Compliance Programme) needs to be in place
• The RMCP must be adopted by senior management or directors
• Ensure you are registered as AML Compliance Officer with the FIC and that your FSP is registered
• You must have a list of active clients with details
• Training must be done on FICA compliance with a test for all staff on a refresher basis (contact us-we have an online solution)
• Your client files need to be complete
• It is very important that you must show that you risk rated all your ongoing clients according to your RMCP
• Very important that you know what your RMCP states and how to use it as they will ask you these questions.
• RMCP's need to be tailored to your business - your logo and name must be reflected and it must reflect the processes you actually use

How will the inspection happen?
They will usually contact the Key Individual and inform them of the impending inspection. They will ask for certain documentation beforehand to peruse it before they visit you. They then provide you with a date on which they will arrive and state what you need to have ready on the day. You will likely not have a fun time during the inspection, but with our help we can make it a little less daunting.

This is a quick summary of what to look out for. If you need assistance please let us know - we are here to help.

Seeing your country being pulled down by corruption is hard for anyone. As compliance officers, it's even more difficult as we are often faced with situations where clients and other businesses are actually involved in this to some degree. I can tell you, from experience, that it is not something that one should take lightly. Let's take a look at the risks one faces with PEP's and what to do with them.

The FIC Amendment Act of 2017 still includes the concept of PEPs, however, the naming conventions have now changed to distinguish between foreign and domestic PEPs as follows:

• Foreign prominent public officials (FPPO) which equates to the currently used term of Foreign PEP and
• Domestic prominent influential persons (DPIP) which equates to currently accepted term of Domestic PEP however includes people in the private sector who do business with government, traditional leaders etc. 

 
What is the risk?
We must be able to identify PEPs because their prominent public position may increase the risk of their involvement in bribery and corruption and consequently of laundering the proceeds of any such activity (as one can see from the recent corruption scourge that plagued our country).
 
Example
A high ranking South African government official opened a number of accounts with an overseas bank. However, his activity raised a number of concerns that the account was being used to launder the proceeds of corruption. The value of cash deposits into these accounts was inconsistent with the stated purpose of the accounts and the customer’s income. In addition, the official opened an offshore company in a “tax friendly” jurisdiction with himself as sole director and sole shareholder. The deposits paid into the company accounts were considerably more than expected and, contrary to what is expected of a functioning business, there were no outgoing payments. After a Suspicious Transaction Report (STR) was submitted, the individual was investigated and charged with money laundering offences and subsequently sentenced to prison.

What are the proposed controls? 
Due to the susceptibility of bribery and corruption associated with PEPs, businesses often don’t want to do business with them, however this is an unintended consequence of the associated risk. Processes and procedures need to be in place to identify customers who are PEPs and when you identify a PEP you must follow your business procedures and compliance policies.
 
When looking at guidance from international bodies such as the Wolfsberg Group and the Financial Action Task Force, PEP relationships are considered higher risk and should ideally be subject to Enhanced Due Diligence (EDD) such as verifying their source of wealth, regular CDD/KYC reviews and the requirement for Senior Management to give their approval prior to entering into or maintaining the customer relationship. It can also happen that a PEP is not a customer of the accountable institution, but rather a related party such as a beneficial owner. The accountable institution needs to decide what its approach will be in these instances as well. This will usually be contained in the internal rules/policy/processes.
 
It is important to remember that categorising a customer as a PEP does not mean that they are, or have been, involved in any criminal activity. The can also be risk rated in terms of the accountable institution’s Risk Based Approach (RBA).
 
The FIC Amendment Act also requires that the following requirements be met for higher risk Foreign Prominent Public Officials and Domestic Prominent Influential Persons:

• Obtain senior management approval for establishing the business relationship;
• Take reasonable measures to establish the source of wealth and source of funds of the client; and
• Conduct enhanced on-going monitoring of the business relationship.

Risk rating your customers are very important in the new improved version of FICA and PEP's are certainly no exception. Do not take any chances and report any instances of proven or suspected criminal activity via the right channels. You would be doing yourself and everyone, for that matter, a great service. 

The new amendments of FICA changes the compliance framework for accountable institutions to a great extent and we'll discuss some of the more pertinent items in this blog post.

According to the new requirements of FICA, accountable institutions now need to take a risk based approach to FICA and the implementation thereof. This includes:
 

• The nature, scale and complexity of the accountable institution’s business; 
• The diversity of its operations, including geographical diversity; 
• Its client, product or services profile; 
• Its distribution channels; 
• The volume and size of its transactions; and 
• The degree of risk associated with each area of its operation. 

 
One must also now be able to risk rate clients according to the risk that they pose with regards to being used for money laundering or to channel the proceeds of any crime. Certain customers and businesses are a lower risk than others and some are a higher risk. Some of the aspects that one can look at to determine the risk a client poses are:
 

• Does the client operate in a sector or industry that is subject to specific standards, market entry or market conduct requirements, other regulatory requirements (especially AML/CFT measures)? 
• Has the client been in a business relationship with the institution for a period of time? 
• What has been the patterns of transaction behaviour (e.g. speed, frequency, size, volume, etc.) of a client who has a history of a business relationship with an institution? 
• Has the institution previously observed suspicious or unusual activities or transactions on the part of the client? 
• If the client is a corporate vehicle, is it part of a complex or multi layered structure of ownership or control? 
• What information does the client provide concerning their source(s) of income? 
• What is the nature of the client’s business activity, e.g. does the activity involve transacting in large amounts of cash, cross-border movements of funds, trading in sensitive, controlled or sanctioned commodities, etc? 
• What is the nature of the type of the products and services offered by the client? 
• Does the client operate solely within the country or do they have cross-border operations? 
• Is the client’s product selection rational with a view to support their business or personal needs? 
• Does the client occupy a prominent public position or perform a public function at a senior level or does it have such individuals within its ownership and control structure? 
• Is there adverse information about the client available from public or commercial sources? 
• Is the client known to be subject to financial sanctions? 

 

When and if you see that a customer is a medium to higher risk we always advise in taking extra measures with software such as:
PEP (Politically Exposed Person) checks 
Sanctions checks
Adverse news checks (i.e. that shows allegations or actual proven criminal activity)
Understanding the sources of funds better and the transaction aims
Asking any other questions that would comply with your risk based approach and set you mind at ease or that would prover your concerns with the client

We can assist you with any policy drafting requirements, risk measurements, training and software checks for PEPs, Sanctions and Adverse news screening. Contact us today for assistance to ensure your business is safe!

Schedule 1 and 3 to the Financial Intelligence Centre Act lists who should register with the FIC as Accountable and Reporting Institutions respectively. A failure to register with the FIC carries maximum penalties of up to R10m (R50m for entities) and 5 years in prison. Yikes!

It is also quite important to note that each branch of a business must register with the FIC separately, not just the head office.

The difference between Accountable and Reporting institutions are that Reporting Institutions merely report certain transactions on a continual basis, whereas Accountable institutions need to have policies and procedures to identify clients, to risk rate them according to a risk management control program and ultimately report certain transactions to the FIC such as Cash Threshold Reports (CTR's) and Suspicious Transaction Reports (STR's), among other things.

At the time this is published the list of Accountable and Reporting institutions are as follows:

Now it is also interesting to note that these lists are under review by the FIC and they will likely be expanded to include other service and product companies such as credit providers and auctioneers.

If you or your company needs any advice or services that with regards to FICA and Anti-Money Laundering please give us a call!

Accountable institutions such as lawyers, financial services providers and estate agents (among others) are required by the Financial Intelligence Centre Act 38 of 2001 (FICA) to provide training to staff on FICA in terms of section 43. The training must enable staff to comply with FICA and the internal rules of the company itself and it is not a requirement that this particular training puts them to sleep (although some compliance training providers can readily be regarded as sleep training experts).

A recent "Public Compliance Communication No. 18" by the FIC stated that the training must educate the employees on a range of different factors. Different training levels can be implemented at different levels of the organisation. We believe one can have a General Awareness for all staff in the company and then a more in-depth Specific Awareness training course. However, as always, it depends on the organisation to conduct training commensurate to the risks it is facing.

"The training can take place in any manner that the company deems fit. I.e. online or in person."

The training can take place in any manner that the company deems fit. I.e. online or in person. Tests must also be done to assess the knowledge gained and record must be kept of the training given and attendance. The FIC stated that the training must be "ongoing" and "refresher" training must be conducted. We believe that a good rule of thumb is to do any AML/FICA/KYC training once a year and as soon as any new joiners start with a company.

Any non-compliance with the Act in relation to the above-mentioned can result in a fine of R10 million and 5 years in prison.

So, if you don't want to be a jailbird, ensure your training procedures are in place or give us a shout to provide you with training at: hello@horizoncompliance.co.za.