For many businesses, know your client provisions (“KYC”) and anti-money laundering provisions can be complex and confusing. The Financial Intelligence Act No. 38 of 2001 (the “FIC Act”) was enacted to combat money laundering and financing of terrorist and related activities in South Africa. This article will briefly discuss the duties of an accountable institution in terms of the FIC Act, with regards to (1) verifying and establishing a client’s identity and (2) ensuring that unlawful and suspicious transactions relating to money laundering and terrorism are easily identified and reported.
Section 21 of the FIC Act places an obligation on all accountable and/or reporting institutions to, prior to establishing a business relationship or concluding a transaction with a potential client, establish and verify the identity of the client, the identity of the third party acting on behalf of the client, the nature of the client’s business and to take reasonable steps to verify the identity of the beneficial owners. KYC procedures are integral to the management of an accountable institution’s risks when dealing with a new client. KYC provisions in terms of the FIC Act extend beyond the procuring of a client’s identity book and proof of residence. It requires accountable institutions to formulate a client acceptance and identification programme which sets out procedures to identify different clients and involves a more extensive due-diligence for higher risk clients.
The amended section 42 in terms of the FIC Amendment Act No. 1 of 2017 (“FIC Amendment Act”) requires every accountable institution to implement internal rules and policies in the form of a risk management and compliance programme document (“RMCP”) in replacement of the current internal rules of such accountable institutions, governing the processes and procedures when entering into a transaction and/or conducting business with a new client. In terms of section 42A of the FIC Amendment Act, the board of directors (in the event that the accountable institution is a company) or senior management of a specific accountable institution must also ensure compliance by the accountable institution and its employees with its RMCP.
Sections 21F, 21G and 21H of the FIC Act deal with persons in prominent positions. The starting point for the effective implementation of measures relating to persons who are entrusted in prominent public or private sector positions, is for accountable institutions to have effective measures in place to know who their clients are and to understand their clients’ business. Accountable institutions must provide, in its RMCP, how it will determine whether a prospective client is a foreign prominent public official or a domestic prominent influential person and how it will assess and mitigate the money laundering and terrorist financing risks associated with business relationships with such officials and persons. Business relationships with foreign prominent public officials must always be considered high-risk. If an accountable institution finds out that it is dealing with a foreign prominent public official, senior management approval must be obtained to establish the business relationship.
The implementation, compliance and enforcement of the new FIC Amendment Act adopts a compulsory risk-based approach which provides for the strengthening of customer due-diligence measures and providing for the RMCPs, governance and training relating to anti-money laundering and counter terrorist financing. The FIC Amendment Act requires extensive engagement between supervisory bodies and their respective supervised accountable institutions. Supervisory bodies should be mindful of the fact that a transitional period is required to achieve full compliance with the new requirements of the FIC Amendment Act.
The changes brought about by the FIC Amendment Act lead to the withdrawal of many exemptions under the FIC Act by the Minister of Finance in addition to substantial amendments to the money laundering and terrorist financing regulations. The exemptions under the FIC Act were intended to simplify compliance requirements, however the adoption of the risk-based approach serves as an integral concept in directing compliance with customer due-diligence and as a result, thereof many exemptions of the FIC Act has now become redundant as they are implicitly included under the new FIC Amendment Act.
Accountable institutions should apply the guidelines of the RMCP document setting out the methods on how information of clients will be collected, the manner in which records will be kept of transaction(s) and the steps to be taken when reporting information to the relevant authorities in certain circumstances. Regulation 25, 26 and 27 of the FIC Act also provides further details that must be contained in the internal rules and procedures of the accountable institution and the RMCP documents and programs, and which should at a minimum set out the following:
- processes, procedures and control measures relating to client acceptance;
- client and transaction monitoring;
- the record keeping function;
- reporting requirements; and
- the responsibility of the management of the institution in respect of compliance with the FIC Act, the regulations, and the internal rules.
Due to the fact that the RMCP document is built on a risk-based approach, accountable institutions are afforded the discretion to evaluate, each of its client’s risk profile. In terms of the RMCP, it is advisable for accountable institutions to appoint a supervisory body in the form of a risk officer (“RO”) who will bear the responsibility to draft a comprehensive RMCP document and to ensure that all employees of the relevant accountable institution receives adequate training in respect thereof, so as to familiarise themselves with their respective duties under the FIC Act and more specifically under the RMCP document in particular.
Although accountable institutions remain liable to comply with the provisions of the FIC Amendment Act, the latest adoption of a risk-based approach, and the discretion awarded to the appointed supervisory bodies in terms of section 42 of the FIC Amendment Act, allows for a somewhat relaxation of the KYC provisions established by the FIC Act by making the approach more client-specific and recognising that risk vary amongst different sectors and/or clients. Accountable institutions’ adherence to the provisions are dependent on the potential risks of each individual client as identified prior to conducting business and/or entering into a transaction with such a client and in accordance with its developed RMCP.
06 August 2018