Businesses that are considered as vulnerable to being abused for money laundering and terrorist financing purposes by criminals are listed as accountable institutions in terms of the Financial Intelligence Centre Act, 38 of 2001 (FIC Act). And, as such, these institutions must meet certain regulatory obligations that are designed to help combat financial crime.
These obligations are to assist in identifying the proceeds of crime, combating money laundering (ML), terrorist financing (TF) and proliferation financing (PF).
Registration and reporting
As part of their obligations, accountable institutions must register with the Financial Intelligence Centre (FIC) and file various regulatory reports.
The FIC analyses these reports to compile financial intelligence, which if necessary, may be shared with law enforcement, prosecutorial and other competent authorities for their investigations and applications for asset forfeiture.
There are three primary regulatory reporting streams for accountable institutions:
- Cash threshold reports – on cash transactions (receipt or issuing) exceeding R24 999.99.
- Suspicious and unusual transaction reports – transactions that are unusual or arouse suspicion in terms of money laundering or terrorist financing activities.
- Terrorist property reports – property associated with terrorist and related activities.
All businesses must play their part
The FIC Act requires any person associated with a commercial undertaking as an owner, manager or employee of that undertaking, to report suspicious or unusual transactions to the FIC.
A suspicious or unusual transaction report (STR) or suspicious activity report (SAR) must be submitted when a person or an entity encounters a transaction or activity that “does not feel right”.
An STR is simply to alert the FIC of a suspicion that a client may be abusing the entity for purposes of money laundering or terrorist financing.
These reports must be submitted as soon as possible, no later than 15 days of forming a suspicion concerning a transaction or activity. A report does not prevent one from continuing with the transaction.
Adopting a risk-based approach
It is important that an accountable institution has a good understanding of its clients and the risks they pose from a money laundering and terrorist financing point of view.
As part of the risk-based approach they must assess the risks their services, products, client types, geographical areas, transactions or delivery channels hold, in relation to their clients, when entering into a business relationship, or single transaction with a client.
Accountable institutions must develop controls which mitigate and manage these risks, and which fulfil the FIC’s compliance requirements. Businesses must develop controls which include, but are not limited to, policies, procedures, systems, training, and reporting among other aspects. All controls implemented must be monitored for adequacy and effectiveness.
Risk management compliance programme (RMCP)
An RMCP is the accountable institution’s plan that sets out how they will deal with ML/TF/PF risk management and compliance.
The RMCP can contain policy documents, and must detail all the processes, systems and controls used for risk management such as customer due diligence, record keeping, reporting and how a risk-based approach will be applied. The RMCP must be kept up to date and approved by the accountable institution’s senior management.
Records of both the client identification and verification information, and the transactional information must be kept for five years from date of the transaction and/or business relationship being concluded.
Client identification and verification
All accountable institutions must know their clients and are not permitted to do business with anonymous clients. They must identify and verify clients, whether a natural person or a legal entity, when establishing a new business relationship or conducting a single once-off transaction.
It is important that the business has a good understanding of its client, the source of funds for transactions, the nature of the client’s business and its beneficial owners.
Training of employees
All employees who deal with client transactions or activities must be trained on both the FIC Act, and the business’s obligations as set in its own RMCP.
Governance of AML/CFT compliance
The board of directors, or most senior management of an accountable institution is responsible to ensure that the accountable institution and its employees comply with the provisions of the FIC Act and the entities RMCP.
The accountable institution, that is a business, must have a compliance function to assist the board with this obligation, this will include a person with sufficient competence and seniority, such as a compliance officer.
Proposed amendments to Schedule 1 of the FIC Act
As part of South Africa’s objectives to improve the legislative framework against money laundering and terrorist financing, the FIC has proposed amendments to Schedule 1 to the FIC Act.
The proposed amendments will widen the application of the FIC Act by including additional categories of institutions and businesses under its scope as accountable institutions.
It is proposed that the following institutions will be included:
- Legal practitioners, including advocates required to hold trust accounts
- Trust and company service providers
- Authorised users of an exchange
- Co-operative banks
- Credit providers
- High-value goods dealers
- South African Mint Company
- Crypto asset service providers
- Clearing system participant that facilitates or enables the origination or receipt of any electronic funds transfer.
For additional information please visit our website www.fic.gov.za.
Current list of accountable institutions:
- Legal practitioners
- Estate agents
- Gambling institutions
- Banks and mutual banks
- Trust companies
- Foreign exchange providers, issuers, sellers and redeemers of travellers’ cheques
- Financial services providers, long-term insurance businesses, authorised user of an exchange, collective investment schemes manager, lenders against security of securities
- Ithala, The Postbank