FIC your client or face FSCA enforcement

Financial services providers (FSPs) that gloss over the compliance responsibilities set out in the Financial Intelligence Centre (FIC) Act risk being on the receiving end of a range of tough Financial Sector Conduct Authority (FSCA) enforcement actions including debarments, licences being suspended or withdrawn, penalties and warnings. The importance of performing customer due diligence correctly was the key focus during a recent ‘FIC Act for Wealth Managers’ webinar hosted by DocFox. PS, although attended by wealth managers and IFA-types, the content was relevant to all accountable institutions!

Beware; severe financial penalties apply

“It does not matter if you are a credit provider, if you sell trucks and trailers, or if you are in wealth management, your FIC Act requirements are the same,” said Tertia Barrett, Sales Director at DocFox, before singling out failure to conduct customer due diligence and defective Risk Management and Compliance Programmes (RMCPs) as the FIC Act transgressions that attracted frequent and severe financial penalties. Financial penalties have been levelled against all FSPs regardless of financial discipline or size, and across all industries in which accountable institution operate. Barrett handed over to Thilomi Govender, Compliance Office at DocFox, who was tasked with sharing seven points that will help your advice practice to achieve and maintain FIC Act compliance. 

“Now that you have seen the dark side of non-compliance allow me to shed some light on how to avoid these penalties and sanctions,” Govender said, before piling into the compliance theory. 

1. Register with the FIC. The first requirement is to register with the FIC as an accountable institution using their Go AML online platform, which is accessed via the FIC website. PS, AML stands for Anti-money Laundering, for the uninitiated among you. 

2. Appoint your compliance officer. The legislation requires that each accountable institution register the person appointed as your FIC Act compliance officer. “Businesses must have an in-house compliance person with sufficient authority, experience and seniority to manage / oversee your businesses FIC Act compliance processes,” Govender said. “This person must report activities and transactions to the FIC as they occur, and interact with the FIC as required”. The compliance officer function cannot be outsourced, and it is therefore imperative to choose someone “confidently capable of performing compliance functions”. 

Another plan to wrap your head around 

3. Develop your RMCP. “It is important to have a comprehensive risk management and compliance programme [best described as the] anchoring document that details your response to the FIC Act: how you have assessed the risks of money laundering and counter terrorist financing in your business, and exactly how you are addressing it,” explained Govender. Your RMCP must include a detailed outline of your approach to customer due diligence, and in the event the FIC decides to conduct an inspection is one of the primary documents they will request. According to Govender, you must review your RMCP annually and amend it to accommodate changes in legislation and / or your business processes. 

4. Ongoing customer due diligence. This newsletter only touches on the wealth of information shared under the customer due diligence heading. One of the important observation is that customer due diligence elements apply not just to your immediate client, but to related parties to that client. “There are many elements that cannot be met by simply collecting and verifying a copy of an identify document or proof of address; and this is where many firms have found themselves on the back foot,” Govender said. She singled out “the breadth of understanding of clients and extent to which potential risks are examined” as key components of the customer due diligence process. 

5. Submitting reports to the FIC. The FIC Act goes to lengths to explain accountable institutions’ reporting obligations, including the requirement to report various types of activities and transactions to the FIC. Reporting duties and access to information requirements are set out in sections 27 to 41 of the FIC Act and regulations 22 to 24 of the Money Laundering and Terrorist Financing Control Regulations. DocFox mentioned reporting obligations following suspicious activities or transactions; cash transactions over a certain threshold; or matters that pertain to sanctioned or terrorist related activities; but there are others. 

Plain vanilla record keeping and training 

6. Record keeping. According to Govender, the FIC legislation requires you to keep records of the due diligence that you carry out on the client and their related parties as well as details of the risk assessment that took place; any subsequent activities or transactions that transpired; and any suspicious reports that were made. “This is to ensure that the evidence is available should the FIC or authorities require this for an investigation or even for a prosecution,” she said. “Records must be kept for a minimum of five years and can be in be in paper or electronic form, as long as they are kept safely, securely and in confidence and can be easily and quickly accessible by your FIC compliance officer”. Businesses can place a reliance on third parties for record keeping but the ultimate responsibility remains with the accountable institution. 

7. Ongoing training. Per section 43(a) of the FIC Act, you must provide initial and ongoing training to your employees. And even though the Act does not specify the format of the required training, it is FIC’s view that training provided by the accountable institution should enable its employees to comply with the provisions of the FIC Act and the accountable institution’s internal rules. PS, we lifted this comment from FIC’s public compliance communication number 18 (PCC-18). 

The remainder of the presentation took a deep dive into the steps that an FSP or other accountable institution must perform in order to excel at customer due diligence, which was given the acronym CDD. Within minutes, the audience was drowning in acronyms such as DPEPs, FPEPs and PIPs. PS, although a tough ask for this writer, the compliance bodies on the webinar will have known these letters stand for Domestic Politically Exposed Persons; Foreign Politically Exposed Persons; and Prominent Influential Persons respectively. “Accountable institutions must determine who their clients are and conduct due diligence on all of these clients,” Govender said. This due diligence requirement goes beyond simply obtaining a copy of their ID or Passport to verifying this information. “Whatever you decide to do, you must be able to provide a level of comfort that you have established the true identity of your client,” she said. And similar care must be taken when confirming client addresses. 

Acronym frenzy; from CDD to DPEP to UBO!

CDD soon expanded to encompass constructs such as related parties and ultimate beneficial owners, or UBOs. “A related party is any person in the company who has the executive control or management over a legal person, being people who can decide how the company operates, how the funds or assets are used or directed, and can instruct you on behalf of the client,” noted Govender. You must establish the identity of all related parties and, to take things one step further, identify the special type of related party referred to as the UBO… PS, it is impossible to tackle all angles of the CDD requirements in this newsletter, so we conclude with Govender’s words. 

“This presentation was not intended to scare you, but rather to impress upon you that it is vital that the FIC Act is embedded into the day-to-day processes of your business; this includes having a policy and process in place; training all of your staff; ensuring that processes are followed; and having the right tools in place to make the job easier”. 

Writer’s thoughts: 

This writer feels immense sympathy for the owners of small FSPs or accountable institutions who end up wearing many hats as CEO, information officer for POPI and compliance officer for FIC… Is this multi-hat challenge a valid operational concern, or is the compliance load a breeze? Please comment below, interact with us on Twitter at @fanews_online or email us your thoughts [email protected].

Comment on this Post

Name*

Email Address*

Comment*

 

Submit Comment