The deadline for accountable institutions to meet the amendments of the Financial Intelligence Centre Act, No. 38 of 2001, as amended by the Financial Intelligence Centre Amendment Act, Act 1 of 2017 (FICA) legislation, which was introduced to counteract money laundering and the financing of terrorism, is fast approaching on April 2, 2019.
These amendments, which were primed by a Mutual Evaluation Report, sought to clarify those aspects of FICA which were not being implemented correctly and which did not prevent certain acts of financial misconduct, resulting in wasted resources.
One of these amendments stemmed from non-compliance to a rules-based approach, which then prompted FICA to lead companies into taking a risk-based approach, which is outlined in Section 42 of the Act.
The Risk Management and Compliance Programme (RMCP) amendment was first introduced in October 2017, this has allowed approximately a year and a half for companies to meet its requirements. However, as this new amendment now touches on every aspect of a business, including how a business deals with their clients, to how they are dealing with their client’s money, it is an immense task and a big step for companies to take.
Although accountable institutions have been given some time to comply with these amendments, it is often left to the last minute, not being implemented until some concrete examples of non-compliance have been made, with many companies choosing not to adhere to this important amendment.
The Act has the ability to enforce massive administrative sanctions if a company is found non-compliant.
While rules can only apply to concrete aspects of a business, risks can touch on areas that are abstract, and unforeseen especially if you approach risk to be the uncertainty on objectives.
Consumers are encouraged to embrace FICA, as it offers security to all parties involved in a transaction by having a ‘watch dog’, represented by the accountable institution monitoring the transaction by identifying and managing any risks that may arise as a result of identity or any suspicious behaviour of a party to the transaction.
Know your customer
Due to the rising risks of identity theft and fraud, the Act has also brought about extended Know-Your-Customer (KYC) obligations, which now forces accountable institutions to go beyond confirming the identity of a client to give effect to the Act.
Consequently, your business is protected, all stakeholders involved. KYC also prompts these institutions to not only delve into the client’s business operations, but to also establish the identity of the beneficial owner.
While it is easy to have a name and face by which companies can do business, verifying a juristic person is challenging and it also ventures into the Protection of Personal Information Act (POPI) territory, which is an area that law firms are ideally positioned to deal with.
The new amendment forces accountable institutions to now actively be involved in the day-to-day risks that they, as well as their clients may face, and forces companies to be constantly aware of developments in transactions.
When you do not have buy-in from all the stakeholders involved, you will not see any efficiency in your RMCP.
Stakeholders especially internal stakeholders in your company, like your HR, Sales and IT are critical control points and accountability needs to be assigned to each and every internal stakeholder.
This needs to be managed into the RMCP program. Externally, accountable institutions need to comply with FIC’s (Financial Intelligence Centre) demands and also balance the interaction with its clients with an effective risk approach while treating the client fairly especially, if the client falls within the jurisdiction of the Consumer Protection Act.