Criminals may try to exploit the vulnerabilities of financial services providers (FSPs) and abuse their products and service offerings for purposes of laundering proceeds of crime. The providers of these services must therefore remain vigilant and consider factors including clients, product or service features, delivery channels, and geographic areas regarding their clients.
Adopting a risk-based approach
As a business sector identified in the Financial Intelligence Centre Act (FIC Act), FSPs are required to fulfil compliance obligations that are geared to protect the financial system.
FSPs must apply a risk-based approach when establishing a business relationship and/or conducting a single transaction with a client.
The application of a risk-based approach when implementing controls allows FSPs to understand and mitigate money laundering and terrorist financing risks. Controls put in place by the accountable institution must be in proportion to the identified risks their clients pose.
Different clients present different levels of risk. Authorised users should consider what money laundering/terrorist financing/proliferation financing (ML/TF/PF) risk the client presents as a result of the type of clients the client provides products and services to, that is the “client’s client”.
Risk management compliance programme
FSPs must develop, document, maintain and implement a risk management and compliance programme (RMCP) setting out how the institution will manage their money laundering, terrorist and proliferation financing risks, as set out in Section 42 of the FIC Act.
FSPs must keep records of client identification and verification information, transactional information and regulatory reports submitted to the FIC. These records must be kept for five years from the date of the business relationship being established and/or transaction being concluded.
Customer due diligence
FSPs must conduct due diligence (CDD) on their clients, persons on whose behalf of the client is acting, and the client’s beneficial owners. CDD includes identifying and verifying clients, obtaining information about the nature and intended purposes of the business relationship, as well as the client’s source of funds.
Where there are heightened risks of money laundering, terrorist and proliferation financing, the accountable institution must conduct enhanced due diligence and monitoring on the business relationship or single transaction.
Training of employees
The accountable institution must provide training for its employees on the FIC Act and the institution’s RMCP.
An FSP must register as an accountable institution under item 12 of Schedule 1 to the FIC Act on the FIC’s online system called goAML.
The accountable institution must file various reports with the FIC on the goAML system. There are three primary reporting streams for accountable institutions which include cash threshold reporting – on cash received or paid by the accountable institution exceeding R24 999.99, suspicious and unusual transaction reporting – where a person becomes aware that a transaction is unusual or arouses suspicion in terms of money laundering, terrorist financing activities or proliferation financing, and terrorist property reporting – property associated with terrorism, proliferation financing and related activities.
The FIC analyses the reports it receives to compile financial intelligence. If necessary, this financial intelligence is shared with law enforcement, prosecutorial and other competent authorities for their investigations and applications for asset forfeiture.
Refer to the FIC’s guidance note 7, which indicates different factors that must be taken into account when assessing money laundering, terrorist and proliferation financing risks.
For more compliance information and guidance offered to accountable institutions, refer to the FIC website (www.fic.gov.za). For further information contact the FIC’s compliance contact centre on +27 12 641 6000 or log an online compliance query by clicking on: https://www.fic.gov.za/ContactUs/Pages/ComplianceQueries.aspx.