The Financial Intelligence Centre Act 38 of 2001
Spending time on FICA compliance can be intense, lengthy and taxing, but not being ready when the FIC requests an inspection can be costly, and incur penalties. Proper preparation is essential. This article explains everything you, as an accountable institution, need to know in order to be FICA compliant and thrive in an ever increasingly regulated industry.
This article seeks to explore relevant provisions of the Financial Intelligence Centre Act 38 of 2001, and the importance of preparing and maintaining proper procedures that are tailored specifically to your business, to ensure adequate, ongoing compliance with the applicable legislation.
Of practical importance, the reader is drawn to the specific headings of this article:
- Time Period for Reporting Suspicious Transactions
- Obligations of Legal Practitioner’s in terms of section 43B of the FIC Act: who is responsible for reporting to the FIC?
- Obligations of Legal Practitioner’s in terms of section 43B of the FIC Act
- A Compliant Risk Management and Compliance Programme
- Customer Due Diligence
- Cash Threshold Reporting
- Consequences of Non-Compliance: administrative sanctions and penalties
The Rules of the Legal Practice Council Rules in respect of Trust Funds
The LPC Rules requires a legal practice to implement of suitable internal controls for safeguarding of trust funds. Internal controls are the mechanisms, rules, policies, and procedures management use to ensure the integrity of financial and accounting information and records, safeguard assets, identify and assess risks, and promote accountability and prevent fraud. Internal controls can assist in improving the operational efficiency by refining the accuracy of financial reporting, and ensure compliance.
The Financial Intelligence Centre Act
The Financial Intelligence Centre Act 38 of 2001 (“the FIC Act”) came into effect on 1 July 2003. The Act was introduced to combat financial crimes such as money laundering, tax evasion, terrorist financing activities, and other criminal activities. The FICA brings South Africa in line with similar legislative provisions in other countries designed to detect the movement of monies derived from illegal activities.
The Purpose of FICA
The purpose of the FIC Act is to introduce transparency into South Africa’s financial system. The FIC Act was designed to assist in the identification of the proceeds of unlawful activities, combat money laundering, and combat the financing of terrorist and related activities. This is done through the creation of a legal framework for the effective identification and verification of clients; record keeping; reporting processes; staff training; compliance requirements, as well as the establishment of the Financial Intelligence Centre (FIC) and the Counter-Money Laundering Advisory Council. As South Africa’s financial intelligence unit, the FIC plays a key role in safeguarding the integrity of the country’s financial system and its institutions.
The FIC Act places compliance obligations on businesses and sectors that are vulnerable to money laundering, and the financing of terrorist and related activities.
Time period for Reporting a Suspicious Transaction
In terms of Regulation 24, a report made under section 29 of the FIC Act for suspicious and unusual transactions must be sent to the FIC as soon as possible but not later than fifteen days, excluding Saturdays, Sundays and public holidays, after a natural person or any employee, or any of the employees or officers of a legal entity, has become aware of a fact concerning a transaction on the basis of which knowledge or a suspicion concerning the transaction must be reported. In exceptional cases the FIC may approve of the report being sent after the expiry of this period.
Obligations of Legal Practitioner’s in terms of section 43B of the FIC Act
All entities that are included in the description of “accountable institutions” in Schedule 1 or “reporting institutions” in Schedule 3 of the FIC Act, are required to register. This article focuses on the obligations of accountable institutions, particularly legal practitioners.
It is compulsory for accountable institutions to register with the FIC and submit reports via the FIC’s electronic registration and supporting system, goAML. Registration must be done within the prescribed period and in the prescribed manner.
The term “accountable institution” is defined as a person or organization referred to in Schedule 1 of the FIC Act, that carries out business activities of any of the entities listed therein. These institutions must comply with specific obligations. The schedule lists legal practitioners as accountable institutions: “A legal practitioner who practices as defined in section 1 of the Attorneys Act 53 of 1979 is an Accountable Institution.” The Attorneys Act has since been repealed and replaced by the Legal Practice Act 28 of 2014, which was fully promulgated in November 2018. The FIC Act applies to all services rendered by legal practitioners. All legal service providers are thus required to comply with the obligations that are set out in the FIC Act. Upon registration with the FIC, using the online registration and reporting platform, the legal practice is issued with a unique registration number.
In addition to the listed accountable institutions, the FIC Act also affects all clients or consumers who enter into, either a single transaction, or a business relationship with an accountable institution.
The obligations of accountable institutions include, amongst others:
- Applying a Risk Based Approach (RBA) to identifying and verifying customers
- Implementing and maintaining a Risk Management and Compliance Programme (RMCP)
- Customer due diligence (CDD)
- Record keeping
- Appointing persons responsible for compliance
Some of these obligations are set out below.
Risk Based Approach
The FIC Act provides for a risk-based approach to customer due diligence, which assists accountable institutions in understanding their exposure to these types of risks. Risks are measured in terms of likelihood and impact. Risks for an accountable institution are events that effect the strategic objectives of an accountable institution. Events with a positive effect are opportunities that can be channeled back to the strategic objectives of the accountable institution, whereas events with a negative effect need to be managed.
An accountable institution relies on different money laundering, terrorist financing, and proliferation indicators to determine the risk that a business relationship or transaction may pose to an accountable institution. There is no specific list that an accountable institution can rely on to determine these risks – this determination is made taking into account applicable criteria.
At a minimum, the FIC considers the listings as issued by the Financial Action Task Force (an independent inter-governmental body) regarding money laundering, terrorist financing and proliferation financing (ML/TF/PF) risks as a core data source that has certain implications for South Africa for non-consideration of these risks. The Financial Intelligence Centre’s Public Compliance Communication no. 49 provides guidance on certain ML/TF/PF risk considerations and provides resources that can be consulted in determining the risks.
A Compliant Risk Management and Compliance Programme
Section 42(1) of the FIC Act, read with guidance note 7 issued by the FIC, provides that an accountable institution must develop, maintain, and implement a program for Anti-Money Laundering and Counter-terrorist Financing Risk Management and Compliance.
The programme is essentially a document which sets out practical working methods and procedures that have been implemented to ensure Anti-money Laundering and Counter-terrorism Financing compliance. In most instances, the RMCP is drafted and customized by external Compliance Officers.
The RMCP is tailored to the specific business, and identifies the roles and responsibilities of key individuals who will be responsible for ensuring that the institution fulfils its compliance obligations under the FIC Act. Important to note is that simply having an RMCP drafted is inadequate. Accountable institutions must be able to provide evidence of implementation of the RMCP in their day-to-day operations.
Customer Due Diligence
Section 21 of the FIC Act deals with knowing your client and developing an understanding of their client’s business. It places an obligation on accountable institutions to establish and verify the identity of their prospective clients and other persons. This is because the requirements of section 29 regarding the identification and reporting of suspicious and unusual transactions and activity can only be adequately met if the accountable institution knows their client, understands the type of business their client is involved in, and has an understanding of the type of products and services they render, and how their source of income is generated. This can only be achieved through customer due diligence performed on the client.
In essence, customer due diligence is a risk mitigation measure, as it puts an accountable institution in a better position to identify instances where a potential or existing client may attempt to exploit the accountable institution’s products or services for illegal purposes. It is important to note is that clients bring their own risks to an accountable institution, and different clients pose different types of risks.
A due diligence on both prospective and existing clients is required to be conducted. This ensures that the accountable institution is onboard when dealing with a client known to the accountable institution.
If the client fails to disclose requested information, the accountable institution must decline to enter the business relationship with the prospective client as required by section 21E of the FIC Act. This is accordingly why the requirements of section 42 regarding the RMCP becomes imperative, not just for prospective clients, but even more so for existing clients in respect of ongoing due diligence.
Records are required to be kept, of both the client identification and verification information as well as all transactional information. These records must be kept for five years, from the date that the transaction and/or business relationship was concluded.
Reporting to the FIC
As accountable institutions, legal practitioners are required to file the following reports, regularly, with the FIC: cash threshold reports in terms of section 28, terrorist property in terms of section 28A, and suspicious and unusual transactions in terms of section 29.
Cash Threshold Reporting
Section 28 of the FIC Act imposes a duty on accountable institutions to report to the FIC within a prescribed time period. The threshold for cash transactions reporting is currently set at R 24 999,99 with the requirement that cash transactions in the amount of R 25 000 and above is reportable to the FIC in terms of the FIC Act. This includes cash paid by or received by an accountable institution. It is not limited to cash transactions concluded at the legal practice, but includes cash transactions where the cash is paid directly into their respective bank account. In this instance, both the accountable institution and its specific banking financial institution have a duty to report the cash transaction to FIC.
It is thus important to have procedures in place to detect, monitor and report cash transactions above the specified limit.
Property Associated with Terrorist and Related Activities
The Act also deals with reporting property associated with terrorist and related activities and financial sanctions pursuant to Resolutions of United Nations Security Council.
Reporting of Suspicious or Unusual Transactions and Activities
Section 29 of the FIC Act imposes a duty on accountable institutions to report suspicious or unusual transactions and activities to the FIC within the prescribed time period. Suspicious or unusual activity involves instances where a transaction has not been concluded, but an attempted transaction had taken place; whereas a suspicious or unusual transaction deals with instances where a transaction has been concluded and is traceable.
Appointment of a Compliance Officer
A compliance officer or functionary with appropriate competencies is required to be appointed to assist in the discharging of the legal practitioner’s obligations under the FIC Act.
Section 43 of the FIC Act provides that accountable institutions must provide ongoing training to all of its employees who are involved in transactions to which the FICA applies, to enable them to comply with the provisions of FICA and the RMCP which is applicable to them. Training should be in line with the specific responsibilities, activities, and skills of staff members. Some staff may for instance require only basic training, whereas those staff members who interact with clients may be required to undergo more intensive training.
Training can either be face to face or online. It is interesting to note that there is no direction regarding the requirement or manner of assessment to determine the level of understanding, to actually serve as proof that staff in fact demonstrate sufficient knowledge of FICA.
From a practical perspective, periodic training allows for staff to be up to date with legislative developments, but also keeps them up to date with evolving risks and trends. Regular training must therefore be provided to all employees, and accountable institutions are required to ensure that adequate training records are kept.
FIC Inspections in terms of section 45B of the FIC Act: Requirements and Preparation
A key component of the supervisory plan of the FIC is conducting on site reviews. These inspections are conducted by the Financial Sector Conduct Authority (“the FSCA”) on behalf of the FIC. With the advent of COVID, however, reviews can also be conducted off site, in the form of an Inspection Questionnaire. Inspections are conducted to determine the level of compliance with the FIC Act.
The areas which accountable institutions will need to demonstrate compliance, have been covered above. They include FIC Registration; governance of and training relating to AML and terrorist financing; the thoroughness and effectiveness of the RMCP, the customer due diligence process, the record keeping process, the cash threshold process and reporting processes, your process to deal with terrorist property and financial sanctions, suspicious transaction reports, etc.
Consequences of Non-Compliance
Accountable institutions that fail to demonstrate compliance with the requisite obligations are non-compliant with the FIC Act, and is guilty of an offence. The institution may be subject to administrative sanctions in terms of section 45C of the FIC Act. Financial penalties are imposed where there has been a failure to comply with, amongst others, the requirements contained in section 42 and 43, regarding the RMCP and training.
Further Information and Resources
Guidance provided by the FIC is the only formally recognized form of guidance in terms of the FIC Act and the Regulations issued under the FIC Act. Guidance provided by FIC is thus authoritative in nature.
The FIC publishes, in addition to guidance notes, user guides to assist legal practitioners in the preparation of the reports that are required to be submitted. These guides are available on the FIC website.
The FIC has a Compliance Call Centre which accountable institutions may contact for assistance in registering and understanding their obligations in terms of the FIC Act. The call centre can be contacted on 021641600. In addition, queries can be submitted online, through the Centre’s website.
Accountable institutions are advised to develop their own risk-based methodology. A client relationship or transaction should not automatically be classified as a high ML/TF/PF risk just because there is a high risk. It is not considered effective risk management if accountable institutions de-risk clients and/or transactions simply because the risk is high. It is therefore important for accountable institutions to determine the type of risks it has an appetite for, so that it knows what kind of risks it has the capability to effectively deal with.
Legal practitioners are cautioned to be alert to the ways in which they may find themselves being party to money laundering activities, so that they can protect themselves from such activities. It is thus of utmost importance for legal practices to develop a RMCP, as an effectively drafted RMCP would protect the practice from falling victim to potential corruption.
Fulfilling these compliance obligations will also ensure that accountable institutions protect their reputation, and meaningfully contribute to the global fight against money laundering and terrorist financing, thus helping to create a safer business, economic and social environment, encouraging domestic and foreign investor confidence, and growing the economy. Institutions can vary their approach to customer identification and verification. This allows legal practitioners to work more efficiently in complying with the obligations imposed under the FIC Act. It is important to always be alert to the time periods within which reporting must be done.
If in doubt regarding a particular business relationship, err on the side of caution by terminating the relationship and reporting your suspicions to the FIC.
 Money laundering is the process by which money that is obtained from illegal sources is disguised as having come from a legitimate source.