The Financial Intelligence Centre Act, No 38 of 2001 (FICA) is a piece of legislation introduced in South Africa to combat money laundering and the financing of terrorism (MLFT).
The most recent FICA Amendments, most of the provisions of which came into effect on 2 October 2017, have occasioned some misgivings within the various affected industries (referred to as ‘Accountable Institutions’). Many of these reservations are based on a lack of appreciation of FICA’s international provenance.
International perspectives on money laundering
Money laundering is the practice of taking money that is tainted with unlawfulness and manipulating it until it resembles legitimate money. Exploring the connection between money laundering and FICA will require a little time travelling.
In 1989, drug lords such as Pablo Escobar were at the pinnacle of their power and wealth. At this time, 16 Ministers of Finance formed the Financial Action Task Force (FATF), an inter-governmental organisation headquartered in Paris. The FATF now boasts 37 members, including South Africa.
The FATF sets international standards, comprising 49 recommendations around various aspects of money laundering. Member countries are expected to adopt the recommendations by tailoring them to their unique domestic circumstances, and ultimately giving them the force of law as legislation. The enactment of FICA in 2001 flows directly from South Africa’s FATF obligations.
Every five years, each member state undergoes a peer review process, culminating in what is known as a Mutual Evaluation Report. This report assesses each member state’s level of compliance with the recommendations. A negative report can hamper the ability of the country concerned to attract foreign investment from its compliant counterparts, who represent some of the largest economies in the world. The recent FICA Amendments were informed by the report on South Africa in 2014, which, amongst other things, criticised certain aspects of FICA and the underlying machinery used to implement it.
The Risk-Based Approach
A fundamental feature of the Amendments is the migration to a risk-based approach, which is best understood when described in relation to its predecessor, the rules-based approach.
When the FATF Force first began combatting money laundering, the best practice at the time was to prescribe a formulaic set of rules to deal with specific situations. The FATF later realised that this sort of dogmatism was untenable, and substituted the rules-based approach with the risk-based approach. It adjusted its recommendations accordingly, leading to the recent FICA Amendments.
A core tenet of the risk-based approach is that Accountable Institutions’ treatment of their clients must vary according to each client’s risk profile.
The FATF’s migration to the rules-based approach was, on the whole, a positive development.
This is because it entails:
- A more optimal allocation of resources, a disproportionate amount of which were being wasted on low-risk clients.
- Accountable Institutions taking ownership of the crucial roles they play in protecting the integrity of the global financial system.
The drawcard of the risk-based approach is that it affords Accountable Institutions the discretion to design bespoke anti-money laundering procedures, within certain bounds.
Key aspects of the amendments
Two noteworthy FICA amendments are:
- The introduction of the risk management and compliance programme (RMCP)
- The extension of the so-called know-your-customer (KYC) obligations
The RMCP is an articulation of the procedures that an Accountable Institution will employ to satisfy its FICA obligations.
The discretion that Accountable Institutions now enjoy when designing their RMCPs is accompanied by an equal measure of responsibility and burden. Under the old dispensation, FICA compliance was simply a matter of passive compliance with the inflexible rules then in place; now, FICA compliance has two dimensions to it:
- An Accountable Institution must adhere to the RMCP of its own design.
- The RMCP, in turn, must be in harmony with FICA.
Both dimensions must be understood thoroughly against the backdrop of the Accountable Institution’s risk exposure.
Know-Your-Customer (KYC) Obligations
The Amendments have substantially extended the KYC obligations, particularly where trusts, partnerships and juristic persons are concerned.
Whereas previously the KYC duty was confined to the identification of the client and the confirmation that it exists, Accountable Institutions must now go a great distance further and enquire into matters such as the nature of the client’s business operations, and the identity of its ultimate beneficial owner, being the natural person who ultimately benefits from the client’s assets and profits.
There is no doubt around the importance and necessity of the additional KYC procedures, but one cannot help but wonder about the practical realities of how they might be carried out in South Africa.
For example, consider these controversial additional KYC duties:
- The duty to establish and verify the nature of the business of a juristic person. Such information can be established quite readily. Verifying it, however, is a task fraught with difficulty. The details of what a company does are often buried in the depths of a shareholders’ agreement, a document that is usually confidential, and that many shareholders would not be amenable to disclosing.
- The duty to establish and verify the ultimate beneficial holders of a company or a close corporation. This poses no problem for close corporations, whose ultimately beneficial are its members (who are almost always natural persons). Tracing a company’s ownership to natural persons, on the other hand, is often impractical. Company ownership structures can be very convoluted, sometimes by design.
Designing an RMCP
The success or failure of an RMCP hinges on how well it draws the risk model and the documentary requirements together.
In the wake of the Amendments, nearly everything about an Accountable Institution’s FICA compliance strategy is centred in the question of risk. The Accountable Institution itself must select and apply its own risk model, taking into consideration the factors that influence risk, such as size, sophistication and diversity of products and services, and customer profile.
Once the risk model is in place, the Accountable Institution can attend to the documentary requirements. This is an area in which the Accountable Institution will enjoy considerable latitude, because nowhere does the literature mention a particular document by name – in stark contrast to the previous legal position. What the literature does say is that the higher the level of risk, the more exacting the documentary requirements must be. For example, the RMCP might require a copy of a document from a low-risk client, but an original from a high-risk client.
The Amendments are, overall, well-intended.
Once Accountable Institutions grasp the fundamentals of the risk-based approach and overcome the initial challenge of migrating from the Internal Rules to the RMCP, they should find that doing business is easier.
FICA is not simply the government’s way of outsourcing the policing function to the citizenry. Rather, it is a consequence of South Africa’s membership of an international community, whose stance against money laundering is becoming progressively robust. If South Africa’s stance was perceived as any less robust, economic hardships would surely ensue.