When FSPs Slip Up: FIC Act in Focus
Financial and risk advisers should brace for heightened supervision and enforcement actions in coming years as South Africa’s financial sector authorities ‘toe the line’ on action points from the Financial Action Task Force (FATF) review process.
By way of example, the Financial Sector Conduct Authority (FSCA) recently confirmed it had imposed administrative sanctions on a handful of financial services providers (FSPs) for “failing to comply with certain provisions of the Financial Intelligence Centre (FIC) Act.”
FAIS licensed and FICA accountable
The stronger compliance focus should be common knowledge by now. As the FSCA explains, it is responsible for supervising and enforcing compliance of FSPs with the FIC Act. This legislation aims, among other things, to help combat money laundering, the financing of terrorism and other related criminal activities. “All accountable institutions designated under the FIC Act must comply fully with its requirements,” the FSCA wrote in its post-enforcement communique.
The three sanctioned entities were licensed FSPs under the Financial Advisory and Intermediary Services (FAIS) Act, and accountable institutions under the FIC Act. FAnews readers should pay close attention to both the supervision process and the enforcement actions that were in play here. First and foremost, the authority confirmed that its inspections took place under its supervisory function set out under section 45B of the FIC Act. The clause sits under Chapter 4 of the Act, dealing with compliance and enforcement. 45B is a three-page-long list of clauses and sub-clauses that sets out how the authority should carry out an inspection.
Your writer reckons 45B(1)(b) offers a clear indication of the level of attention you can expect. It reads: ‘An inspector appointed in terms of section 45A may enter the premises, excluding a private residence, of an accountable institution or reporting institution which is registered in terms of section 43B or otherwise licensed or authorised by a supervisory body and inspect the affairs of the accountable institution or reporting institution, as the case may be, for the purposes of determining compliance.’ PS, sections 45B(1A) and (1B) allow the authority access to your private residence, or any other business premises, should it deem necessary.
Lessons from real-world FIC Act hiccups
According to the FSCA, the inspections in question revealed the entities to be in breach of one or more provisions of the FIC Act. Its post-enforcement press release detailed how each of the three FSPs had transgressed sections of the legislation, starting with sections 42(1) and (2). These sections stipulate that accountable institutions must develop, document, maintain, and implement a risk management and compliance programme (RMCP) for anti-money laundering (ML), counter-terrorist financing (TF), and proliferation financing (PF).
Your RMCP has to meet all the FIC Act requirements, setting out how you intend mitigating your ML/TF/PF risks as well as how you intend ensuring compliance with the Act. So, what went wrong under this section? The first sanctioned FSP, Adams Chrambanis, was found in breach because it had failed to develop, document, and maintain an RMCP. The second and third sanctioned FSPs, ID Capital and Henk Kolver, had developed RMCPs but failed to outline how they would comply with various FIC Act requirements.
The FIC Act published by Sabinet runs to 64-pages spanning five chapters, so there are plenty of areas where a FSP might trip up. FSCA found further compliance issues pertaining to sections 21(1), 21A, 21C(1), 21D, and 21F–H, all dealing with customer due diligence. The FIC Act is prescriptive around how your FSP goes about identifying and verifying clients. It sets out rules for obtaining information on business relationships, ongoing due diligence, and establishing if the clients are politically exposed, whether locally or internationally. The first sanctioned FSP was reprimanded for failing to perform the necessary customer due diligence.
Know your clients, intimately
Another potential issue arises from section 28A, read with sections 26A to 26C, requiring accountable institutions to scrutinise their client information to determine if any of their clients are listed on Targeted Financial Sanctions Lists (TFSL) published under the Protection of Constitutional Democracy Against Terrorist and Related Activities Act. Say it with me, dear reader, the POC-DA-TA-RA Act. Two of the sanctioned FSPs failed to scrutinise their client information as required. And given the US President’s recent focus on South Africa, you might soon find more politically connected South Africans on these lists.
The final compliance shortcoming flagged by the FSCA in press coverage of its enforcement action relates to section 42A(1) which requires ‘the highest levels of authority within the entity to ensure that an accountable institution and its employees comply with the provisions of the FIC Act and the RMCP.’ According to the FSCA, “Senior management [at the first sanctioned FSP] failed to ensure that it complied with the provisions of the FIC Act.” Reading between the lines, the second and third sanctioned FSPs had done enough to satisfy 42A(1) but still tripped up over other compliance aspects.
As mentioned in the opening paragraph, all eyes are on supervision and enforcement outcomes as South Africa strives to get removed from the FATF grey-list. The FSCA issued directives to each of the sanctioned institutions to remediate the identified FIC Act deficiencies and imposed suitable administrative sanctions. Adams Chrambanis was fined R785k, of which R300k was conditionally suspended for three years; Henk Kolver was fined R300k, of which half was conditionally suspended for three years; and ID Capital was fined R200k, of which half was conditionally suspended for three years.
Serious breaches, serious sanctions
“We consider the identified compliance deficiencies to be serious breaches of the FIC Act,” wrote the FSCA. “The requirement to understand and mitigate money laundering and terrorist financing risks through effective implementation of an RMCP is vital not only because it assists accountable institutions to protect and maintain the integrity of their own businesses, but also because it helps contribute to the integrity of the South African financial system as a whole.”
The FSCA warns that proper due diligence of all clients is crucial to help identify and mitigate against suspicious and criminal elements from infiltrating the financial system. Their presser ended with a clear warning to all FSPs to get their FIC Act compliance in order.
“The above sanctions serve as reminders that we will not tolerate non-compliance with the FIC Act. All accountable institutions are urged to continually review and enhance their anti-money laundering and terrorist financing controls at the highest levels and to conduct thorough risk assessments on a regular basis. Failure to do so will result in firm regulatory action.”
Writer’s thoughts:
The FSCA is taking supervision and enforcement of the FIC Act seriously, with significant consequences for non-compliance. Are the penalties mentioned in this piece a fair reflection of the non-compliance risks? Please comment below, interact with us on X at @fanews_online or email us your thoughts [email protected].
