IT3(d) Deadline Day: the strict urgency for third-party data reporting

Bradley Elliot

South Africa continues to languish on the Financial Action Task Force (FATF) grey list.

After the failures of some financial service providers (FSPs) to align with the standards set by global regulators -accumulating R16 million worth of FCSA fines - it’s time to put compliance first. While some institutions have solidified anti-money laundering (AML) measures, others have done lots of work .

Complacency is rife in watchlist screening for sanctioned and politically exposed persons (PEPs), even with the IT3(d) reporting deadline looming on May 31. If FSPs miss the call to file information about third-party data, their failure harms not only their own businesses but also risks reputational damage for the rest of South Africa’s financial ecosystem.

The grounds for tighter regulation

IT3(d) is a regulation that requires organisations to submit third-party data to the South African Revenue Service (SARS) for use in tax assessments. SARS introduced the regulation after the Financial Action Task Force (FATF) added South Africa to the grey list because many organisations’ AML processes lacked beneficial ownership transparency and high-quality detection of suspicious transactions.

IT3(d) aims to prevent terrorist financing and dirty money movement. To redeem their place in the AML world, FSPs should use trustworthy third-party data sources to report data promptly and accurately by the end of May, regardless of the new deadline. Mapping beneficiaries and new clients against current PEP and sanctions watchlists has never been more pertinent in our precarious geopolitical climate.

The PEPs Problem

Traditionally, AML involved disparate systems for ID verification, PEPs and sanctions, risk assessments, and so on. Disjointed data across these siloes posed an operational challenge for compliance teams, who needed to cross-reference clients and their transaction histories to compile accurate risk reports for regulators. Human error and inefficiency are unavoidable under these conditions.

Furthermore, only 25% of businesses scan new customers against watchlists, which allows nefarious individuals to sneak through the cracks. This sanctioned data is relatively formalised for universal use, making it more accessible to process than PEP data. PEP data is a minefield that requires acquiring, combining and understanding public, third-party, and first-hand research data:

- To be classed as a PEP, a person must be appointed to a high-profile role by a community institution, international body or state within the last 12 months.
- People can be PEPs by association, through relation or marriage.
- Every country has its own classification as a PEP.

Despite these nuances, there is some good news. Combining existing customer data with information provided by a top-notch third-party data source (of which there are many) can benefit identity and document verification. Following IT3(d)’s deadline for third-party data reporting, FSPs are reminded that maintaining screening quality against constantly updated lists is possible and necessary.

Answer the call for 360-degree customer views

Investigating customer data for due diligence is no longer a one-time check where businesses can give an initial thumbs up and rest on their laurels. Robust sanctions and PEP monitoring require a combination of technology and compliance professionals.

In the new age of RegTech, an AML product should enable advanced matching using machine learning, rescreen clients and beneficial owners against current watchlists, and integrate existing customer data through APIs. Platforms should identify the correct risks for further investigation from trusted data sources to reduce any time wasted on false positives.

IT3(d) reporting only scratches the surface of end-to-end AML/CTF compliance. FSPs must urgently address reporting third-party data and proving the use of proper AML measures. Complacent organisations are taking enormous risks, especially when the battle against sanctioned individuals looks likely to heat up in the future.