Not quite R4.8 billion, but the FSCA has fining power too
In a week dominated by news that the South African Revenue Services (SARS) was seeking R4.8 billion and change in ‘damages’ from JSE-listed firm, Sasfin Holdings, you could be excused for missing a couple of ‘small change’ enforcement actions announced by the Financial Sector Conduct Authority (FSCA).
The latter enforcement actions have far more bearing on the financial and risk management professionals among FAnews’ readership than the pie-in-the-sky SARS action, and we therefore encourage you to review and strengthen your compliance regimes so that you do not appear on a future FSCA ‘enforcement actions’ list. It is also worth noting the current regulatory focus is in the ‘sweet spot’ of the Anti-Money Laundering and Combatting of the Financing of Terrorism (AML-CFT) approach the global Financial Action Task Force (FATF) expects; it will help get South Africa’s off the FATF grey list.
Enforcing FIC Act compliance
Mid-February 2024, FSCA Commissioner Unathi Kamlana imposed an administrative sanction of R400 000,00 on Theuns Vosloo Financial Advisory Services (TV FAS). Half of the fine was conditionally suspended for three years. According to the regulatory authority, the licensed financial services provider (FSP) had failed to comply with certain provisions of the Financial Intelligence Centre (FIC) Act. An FSP licensed in terms of the Financial Advisory and Intermediary Services (FAIS) Act is considered an accountable institution under the FIC Act, and the FSCA is responsible for supervising and enforcing compliance with that act.
PS, post-publication, an FAnews reader pointed out that short-term insurance brokers were considered ‘reportable’ rather than ‘accountable’ institutions under the FIC Act. This reader told us that reportable institutions have certain reporting obligations they may not be aware of. Such obligations are set out in section 27, 28 and 29 of the act. As the reader jested: “section 29 compels almost the whole world to report on suspicious and unusual transactions [as well] as report on any cash sum larger than the prescribed amount being ‘moved’ to or from or electronically transferred to or from the republic…”
The transactions that landed TV FAS in trouble were spotted over a year ago during an inspection carried out by the FSCA on 25-26 January 2023. The inspection, conducted per section 45B of the FIC Act, revealed that the FSP was in breach of three provisions in the act. FAnews readers must pay careful attention to the nature of these breaches and the ensuing enforcement action because they illustrate the need to follow the letter of the law, exactly. Case in point, the first breach resulted from a bungled rather than ignored compliance step.
“Although TV FAS developed a risk management and compliance programme (RMCP), the RMCP was found to be defective as it failed to set out the manner in which the FSP would comply with the FIC Act; additionally, TV FAS failed to implement the RMCP,” the FSCA wrote, in a press release dated 15 February. This failure contravenes sections 42(1) and (2) of the FIC Act which requires the accountable institution to develop, document, maintain and implement a RMCP. It is not enough to have a RMCP ‘parked’ securely on your cloud server; the plan must be adequate, complete and clearly show the processes your firm will use to mitigate AML-CFT risks.
KYC: Know Your Customer
The second breach uncovered during the FSCA inspection relates to section 21(1) of the FIC Act, which requires the accountable institution to establish and verify the identity of clients in accordance with its RMCP. This requirement must be met whenever the accountable institution engages with a prospective client, whether to enter into a single transaction or to establish a business relationship, and before that transaction is concluded. “At the time of the inspection, TV FAS had not implemented an RMCP and as a result none of its clients had been identified and verified accordingly,” wrote the FSCA. The suggestion here seems that the absence of an RMCP risks rendering any client verification actions moot?!?
The third breach centred around FIC Act section 28A read with sections 26A through C, which require accountable institutions to “scrutinise client information to determine whether such clients are listed in terms of section 25 of the Protection of Constitutional Democracy Against Terrorist and Related Activities Act and the Targeted Financial Sanctions Lists (TFSL) issued by the United Nations Security Council”. Heavens; this act and list was news to the writer, who once again thanked his stars he is not in the business of financial or risk advice. According to the FSCA, TV FAS had failed to screen its clients against the TFSL. Combined, the authority viewed the triple-breach as “serious violations of the FIC Act.
Ashburton Fund Managers (AFM) were also punished for failing to comply with certain provisions of the FIC Act. In a press release issued 28 February, the FSCA informed the public that it had imposed an administrative sanction of R16 million on the FSP. Of this total, R10 million had to be settled by the end of February 2024 with the balance being conditionally suspended. According to the regulatory authority, AFM was subject to a supervisory inspection between 17 October and 15 November 2022, during which period a number of breaches were flagged. PS, these breaches are similar those already discussed in this article, though with more detail.
Detailed RMCP appears non-negotiable
AFM tripped up over sections 42(1) and (2) of the FIC Act because its RMCP “was found to be defective” for failing to “set out the manner in which [the company] would comply with the FIC Act”. The regulator said AFM’s programme did not explain how it would examine complex or unusually large transactions and unusual patterns of transactions; perform customer due diligence; terminate existing business relationships as contemplated in section 21E; enable it to determine when a transaction or activity is reportable to the FIC; and the implementation of its RMCP.
AFM also tripped up under sections 21 and 21B of the FIC Act. “At the time of the inspection, AFM [had] failed to identify and verify the identity of some clients including beneficial owners of clients,” the FSCA wrote. AFM’s third breach was exactly the same as that made by TV FAS in that it had not screened its clients, including beneficial owners, against the TFSL. The FSCA has shown clear intent to make non-compliant FSPs feel their contraventions on the bottom line. “The sanction imposed by the FSCA serves as a strong reminder that non-compliance with the FIC Act will not be tolerated; accountable institutions must continue reviewing and strengthening their anti-money laundering and terrorist financing risk and control environments,” they wrote.
Bolstering financial system integrity
“The requirement to understand and mitigate money laundering and terrorist financing risks through the implementation of an RMCP is vital not only because it assists accountable institutions to protect and maintain the integrity of their own businesses but also because it helps contribute to the integrity of the South African financial system as a whole,” the FSCA concluded. “Proper customer due diligence and screening of clients is also crucial to help identify and mitigate against suspicious and criminal elements from infiltrating the financial system”.
Writer’s thoughts:
The FSCA has clear legislative powers to enforce financial services law, including the FAIS and FIC Acts; but the size of the fines and penalties it has issued of late seem quite steep. Do you agree with the size of administrative sanctions being levelled by the authority against non-compliant FSPs? Please comment below, interact with us on Twitter at @fanews_online or email us your thoughts [email protected]
Comments