Compliance about much more than dodging a FIC fine
Compliance and control officers who do not enjoy full buy-in from the business will end up fighting a losing battle. This no-nonsense prediction set the scene for an insightful discussion on Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) regulatory framework, and South Africa’s progress towards getting removed from the Financial Action Task Force (FATF) grey list.
Building a ‘defensible position’
Manet Basson, MD at FTI Consulting, used her opening address to the recent DocFox Africa Fighting Financial Crime Conference to share her experiences on putting businesses in a ‘defensible position’ in the context of complying with the Financial Intelligence Centre Act (FICA) and standing up to mounting regulatory scrutiny. “There is a lot going on in the South African regulatory environment,” she led, before rattling off the long list of regulations that both compliance officers and other financial services professionals should be aware of. FICA got first mention.
FICA, which is the cornerstone of South Africa’s AML-CFT framework, was significantly enhanced by the 2022 General Laws (Anti-Money Laundering and Combating Terrorism Financing) Amendment Act. These enhancements were aimed at strengthening the country’s framework for combating AML and CFT. Other notable legislation includes the Prevention of Organised Crime Act (POCA), which provides measures to combat organised crime, money laundering and criminal gang activities; and the Protection of Constitutional Democracy Against Terrorist and Related Activities Act (also called POCDATARA), which criminalises acts of terrorism and terrorist financing, and establishes measures to detect, prevent and prosecute such activities.
Apologies, dear reader, if this newsletter seems a bit preachy; but your writer seldom dives into the complex world of financial crime fighting. “The most important thing about POCA is that it criminalised money laundering; it was also the very first time that legislation from the United States found its feet in our legislation,” Basson said, commenting on the influence of that country’s Racketeer Influenced and Corrupt Organizations (RICO) Act. Finally, POCDATARA replaced “…about 35 laws that had aspects of terrorism-focused controls in them” becoming South Africa’s law on anti-terrorism.
Aside from FICA, POCA and POCDATARA, local compliance experts have to comply with seven directives, around nine guidance notes, and keep track of a staggering list of issued and repealed Public Compliance Communications (PCCs).
PCCs can be hellish to keep track of
For context, PCCs are issued by the Financial Intelligence Centre (FIC) as part of its mandate to oversee compliance with the FICA. PCCs offer detailed explanations, clarifications and practical advice on various aspects of AML and CFT compliance; but they can be hellish to stay on top of. According to Basson, it helps for compliance professionals to keep a full list of the PCCs, what they deal with and whether they are still active. “When the regulator comes in for an onsite inspection, you need to be able to figure out what they are referring to under PCC 12 or PCC 43 or whatever number,” she said.
The power and reach of the overarching legislation are evident. “Today, with FICA, we sit with one piece of legislation that covers money laundering, terrorist financing and proliferation financing; it is a kick-ass law given that FICA prevails in conflicts with any act, save for the Constitution,” Basson exclaimed, before steering the conversation to the serious matter of grey listing. She offered some fascinating background on the list, and how South Africa came to be added to it. It turns out that around 2016 there were actually three lists: a blacklist, a so-called light-grey list and a dark-grey list.
The presenter explained that the blacklist featured the three countries that had zero intention of ever participating in combating AML and CFT, being Iran, Myanmar and North Korea. In the past, the dark grey list contained countries that were in contravention of AML-CFT standards but had little interest in addressing their shortcomings; and the light grey list included countries that were working to improve their regulatory frameworks. Today, the two grey lists have merged into a single list, with South Africa being the only country on the 21-country list that is actually a member of the FATF. It is also among 12 African countries being sanctioned.
That grey listing was a bit unfair…
Basson intimated that local financial sector regulators were within their rights to be somewhat miffed at the country’s inclusion on the list. “By the time we were officially placed on the grey list, we were around 10 times better than we were in the year we were assessed,” she said. Ironically, international businesses that were happy to conduct business with the country pre-grey listing were suddenly hands-off. Driving this point home, the presenter said she had never seen a more collaborative and proactive approach between enforcement agencies, regulatory authorities, National Treasury and various financial services stakeholders to tackle FATF concerns.
Unfortunately, addressing the remaining FATF points could prove a time-consuming affair given the lead times on corruption crime prosecutions and the FATF-monitored mutual legal assistance (MLA) requests between FATF member countries. As for the way forward, there are three FATF plenaries each year, held in February, June and October. In June 2024, South Africa will get to update its progress towards addressing technical compliance concerns; and the country will have until January 2025 to address the remaining technical compliance issues and figure out how to ace its next FATF effectiveness assessment. Best case, therefore, is a June 2025 removal.
And then, the moment the assembled compliance officers had been waiting for; a free lesson from a compliance expert with more than two decades of experience. You need to understand the difference between compliance risk and the arguably more important risk focuses of combating money laundering, terrorist financing and proliferation financing. “We are focusing on compliance risk, being the risk of not getting a fine,” Basson said. “And this means we are neglecting money laundering risk; we are not managing terrorist financing risk; and we are not managing proliferation financing risk”.
Nothing like a compliance fine to get your boss’ attention
The presenter shared a couple of real-life experiences to underline this point. One example centred on the head of compliance at a large retail bank saying that he “actually wanted a compliance fine, because he could use the fine to leverage support from the business”. Another, centred on a compliance manager who feared losing his job after receiving notice of a fine. The message is clear: the compliance ‘buy-in’ is not right in many organisations. You might be doing the necessary to avoid a compliance risk fine but be staring down the triple-whammy of an AML, CFT or proliferation financing faux pas.
The presenter offered some concise advice for compliance teams preparing for their next site inspection. “When you prep for your next inspection [consider if] you can actually pass the money laundering risk. Be sure to consider whether you really understand where the money laundering risk in your organisation lies; and reflect on your understanding of which customers pose more or less risk,” she said. To simply flag and treat all clients as ‘high risk’ was dismissed as absurd. And understanding client-based risk was described as more important than an AML policy; or Internal Rules; or Risk Management and Compliance Plan.
Thanks to all the financial crime fighters!
The presentation included some interesting comments around core FICA concepts such as Know Your Customer (KYC) and ultimate beneficial owners (UBOs); but we will park those for another day. “We have a kick-ass legislation, and compliance is a nice environment to work in,” Basson concluded, before thanking all the financial crime fighters in the audience for making a difference. Those who pursue the truth, and tirelessly ask the difficult questions will make a dent in serious financial crimes.
Writer’s thoughts:
A consequence of aggressive oversight is that compliance professionals can become overly focused on avoiding fines over managing risk. How do you ensure your organisation effectively manages AML, CFT and proliferation financing risks beyond mere compliance? Please comment below, interact with us on X at @fanews_online or email us your thoughts [email protected].
Comments