FICA Policy
Effective Date: September 2023
- Any reference to the “organisation” shall be interpreted to include the “policy owner”.
- The organisation’s governing body, its employees, volunteers, contractors, suppliers and any other persons acting on behalf of the organisation are required to familiarise themselves with the policy’s requirements and undertake to comply with the stated processes and procedures.
1. INTRODUCTION
The criminal activities of money laundering and terrorist financing have become a global problem as a result of several changes in world markets. The growth in international trade, the expansion of the global financial system and the global surge in organised crime have all converged to provide the source, opportunity and means for converting illegal proceeds into what appears to be legitimate funds.
Money laundering and the financing of terrorism have a devastating effect on the soundness of financial institutions and undermine the political stability of democratic nations. In order to combat these activities, the global community resolved to establish the Financial Action Task Force (“FATF”) in 1989.
FATF is an inter-governmental body whose purpose is the development and promotion of policies to combat money laundering and the financing of terrorism. South Africa became a member state of FATF in 2003 and has demonstrated a strong commitment to the body’s membership criteria though the enactment of the Protection of Constitutional Democracy Against Terrorist and Related Activities Act 33 of 2004 (“POCDATARA”), the Prevention of Organised Crime Act 121 of 1998 (“POC Act”) and the Financial Intelligence Centre Act 38 of 2001 (“FICA”).
The purpose of FICA is to introduce an Anti-Money Laundering (“AML”), Counter Terrorist Financing (“CTF”) and Combatting Proliferation Financing (“CPF”) regulatory framework for South Africa and to establish the Financial Intelligence Centre (“FIC”) who is tasked with supervising and enforcing compliance with the Act. FICA also imposes certain duties on organisations that are more likely to be exploited for money laundering or terrorist financing purposes.
The organisation recognises that it has been classified as a type of institution that is more readily targeted by criminals for money laundering or terrorist financing purposes. The governing body has therefore committed itself to comply fully with FICA’s regulatory requirements in order to make it more difficult for criminals to implicate the organisation in these activities.
2.DEFINITIONS
The definitions provided below have been adapted to align with the organisation’s specific requirements and may not necessarily have the exact same meaning as that of similar legal definition.
2.1 Beneficial Owner
(a) Means a natural person who directly or indirectly –
- ultimately owns or exercises effective control of –
(aa) a client of an accountable institution; or
(bb) a legal person, partnership or trust that owns or exercises effective control of, as the case may be, a client of an accountable institution; or
- exercises control of a client of an accountable institution on whose behalf a transaction is being conducted; and
(b) includes –
(i) in respect of legal persons, each natural person contemplated insection 21B(2)(a);
(ii) in respect of a partnership, each natural person contemplated insection 21B(3)(b); and
(iii) in respect of a trust, each natural person contemplated insection 21B(4)(c), (d) and (e)
2.2 Business Relationship
Means a relationship between a client and the organisation for the purpose of concluding transactions on a regular basis. A business relationship therefore entails an element of a time duration to the engagement with the client.
2.3. Cash
Cash means coin and paper money of the Republic of South Africa or of another country that is designated as legal tender and that circulates as, and is customarily used and accepted as, a medium of exchange in the country of issue, and includes travellers’ cheques.
2.4 Cash Threshold Report
Means the report that must be submitted to the FIC where a transaction is concluded with a client, and an amount of cash in excess of the prescribed amount i.e. R49 999,99 is paid or received by the organisation in terms of that transaction.
2.5 Client
In relation to the organisation, means a person who has entered into a single transaction or a business relationship with the organisation.
2.6 Client Representative
In relation to the organisation, means a natural person who has been authorised by a client to enter into a single transaction or a business relationship with the organisation on behalf of that client.
2.7 Effective Control
In respect of a legal person, means the ability to materially influence or make key decisions in respect of, or on behalf of that legal person.
2.8 Enhanced Client Due Diligence Procedure
Means the reasonable steps taken by the organisation to establish and verify the identity of a client that is party to a High-Risk ML/TF/PF transaction, which steps are more stringent than a Quick Due Diligence and a Standard Due Diligence.
2.9 First Party Accountable Institution
Refers to the accountable institution that receives customer due diligence documentation and/or information on a shared client from the third-party accountable institution.
2.10 International Organisation
While not defined under FICA, an international organisation means any organisation recognised by the Minister of Finance and any official of such organisation who enjoys such privileges and immunities as may be provided for in any agreement entered into with such organisation or as may be conferred on them by virtue of section 7(2) of Diplomatic Immunities and Privileges Act, 37 of 2001.
2.11 Legal Person
Any person, other than a natural person, that enters into a single transaction or establishes a business relationship, with the organisation, and includes a person incorporated as a company, close corporation, foreign company or any other form of corporate arrangement or association, but excludes a trust, partnership or sole proprietor.
2.12 Money Laundering
Means an activity which has, or is likely to have, the effect of concealing or disguising the nature, source, location, disposition or movement of the proceeds of unlawful activities or any interest which anyone has in such proceeds.
2.13 Non-compliance
Any act or omission that constitutes a failure to comply with any of FICA’s provisions, regulations, and the organisation’s AML, CTF & CPF RMCP, or any order or directive made in terms of FICA.
2.14 Organ of State
The Constitution defines an Organ of state as:
(a) any department of state or administration in the national, provincial or local sphere of government; or
(b) any other functionary or institution:
- exercising a power or performing a function in terms of the Constitution or a provincial constitution; or
- exercising a public power or performing a public function in terms of any legislation, but does not include a court or a judicial officer.
2.15 Proliferation Financing
Means an activity which has or is likely to have the effect of providing property a financial or other service or economic support to a non-State actor, that may be used to finance the manufacture, acquisition, possessing, development, transport, transfer or use of nuclear, chemical or biological weapons and their means of delivery, and includes any activity which constitutes an offence in terms of section 49A.
2.16 Proliferation of Weapons of Mass Destruction
The following definition has been provided by FATF in their published guidance on proliferation financing risk assessment and mitigation:
“…manufacture, acquisition, possession, development, export, trans-shipment, brokering, transport, transfer, stockpiling or use of nuclear, chemical or biological weapons and their means of delivery and related materials (including both dual-use technologies and dual-use goods used for non-legitimate purposes)”
2.17 Property associated with Terrorist and Related Activities
Has the meaning assigned to it in Section 1 of the Prevention of Organised Crime Act 121 of 1998 (“POC Act”).
Property in this context means:
- money, or any
- movable, immovable, corporeal or incorporeal thing, or any
- rights, privileges, claims and securities and any interest therein and all proceeds thereof, which were acquired, collected, used, possessed, owned or provided for the benefit of, or on behalf of, or at the direction of, or under the control of an entity (or another entity that has provided financial or economic support to such an entity) which commits or attempts to commit, or facilitates the commission of a specified offence as defined in POCDATARA.
An abbreviated list of the POCDATARA offences are:
- The intentional delivery, placing, discharging, detonating (or making a hoax associated with these activities), of an explosive or other lethal device in, into or against a place of public use, a state or government facility, a public transport facility, a public transportation system, or an infrastructure facility.
- The intentional seizure, high-jacking, taking control, destroying or endangering the safety of a fixed platform.
- The intentional seizure, detaining or taking of a hostage in order to compel any third party, including a state, intergovernmental organisation or a group of persons, to do or abstain from doing any act as an explicit or implicit condition for the release of the hostage.
- The intentional murder, kidnap violent attack or other offence related to causing harm to an internationally protected person.
- The intentional seizure or taking of control of an aircraft by force or threat.
- The intentional seizure or taking of control of a ship by force or threat.
- The harbouring, concealing, of a person or group of persons who intend to commit, or who has committed any of the offences listed above.
- The financing of a person or group of persons to commit, or to facilitate the commission of any of the offences listed above.
- The threatening, attempting to threaten, the conspiring with any other person or the inciting of another person to commit any of the offences listed above.
2.18 Quick Client Due Diligence Procedure
Means the reasonable steps taken by the organisation to establish and verify the identity of a client that is party to a Low-Risk ML/TF/PF transaction, which steps are fewer and less onerous than a Standard Due Diligence and that of an Enhanced Due Diligence.
2.19 Single Transaction
A single transaction, means a transaction:
- other than a transaction concluded in the course of a business relationship, and
- where the value of the transaction is not less than the prescribed amount. i.e. R5000
2.20 Shared Client
Refers to the client of both the first party accountable institution and the third-party accountable institution in relation to a single transaction or business relationship. This definition excludes a scenario where a client is coincidentally the client of both accountable institutions. Underlying clients are excluded from this definition.
2.21 Source of Funds
Means the origin of the funds that will be used by the client in concluding a single transaction or which a prospective client is expected to use in concluding transactions in the course of a business relationship.
2.22 Standard Client Due Diligence Procedure
Means the reasonable steps taken by the organisation to establish and verify the identity of a client that is party to a Moderate-Risk ML/TF/PF transaction, which steps are fewer and less onerous than an Enhanced Due Diligence but more stringent that a Quick Due Diligence.
2.23 Suspicious or Unusual Activity Report
Means the report that must be submitted to the FIC where there is reasonable knowledge in respect of the proceeds of unlawful activities or money laundering, and where the report relates to an activity which does not involve a transaction between two or more parties, or in respect of a transaction or a series of transactions about which enquires are made, but which has not been concluded, respectively.
2.24 Suspicious or Unusual Transaction Report
Means the report that must be submitted to the FIC where there is reasonable knowledge in respect of the proceeds of unlawful activities or money laundering, and where the report relates to a transaction or a series of transactions between two or more parties.
2.25 Terrorist and Related Activities
Has the meaning assigned to it in Section 1 of the Protection of Constitutional Democracy Against Terrorist and Related Activities Act 33 of 2004 (“POCDATARA”).
2.26 Terrorist Financing Activity Report
Means the report that must be submitted to the FIC where there is reasonable knowledge in respect of the financing of terrorism and related activities, and where the report relates to an activity which does not involve a transaction between two or more parties, or in respect of a transaction or a series of transactions about which enquires are made, but which has not been concluded, respectively.
2.27 Terrorist Financing Transaction Report
Means the report that must be submitted to the FIC where there is reasonable knowledge in respect of the financing of terrorism and related activities, and where the report relates to a transaction or a series of transactions between two or more parties.
2.28 Terrorist Property Report
Means the report that must be submitted to the FIC where the organisation has in its possession, or under its control property, associated with terrorist and related activities.
2.29 Third Party accountable institutions
Refers to the accountable institution that has collected the customer due diligence documentation and/or information in respect of the shared client and provides this information and/or documentation to the first party accountable institution.
2.30 Trust
Means a trust as defined in Section 1 of the Trust Property Control Act 57 of 1988, but does not include a trust established:
- by virtue of a testamentary disposition,
- by virtue of a court order,
- in respect of persons under curatorship, or
- by the trustees of a retirement fund in respect of benefits payable to the beneficiaries of that retirement fund, and includes a similar arrangement established outside of South Africa.
2.31 Weapons of Mass Destruction
The following definition is extracted from the Non-Proliferation of Weapons of Mass Destruction Act 87 of 1993:
“…any weapon designed to kill, harm or infect people, animals or plants through the effects of a nuclear explosion or the toxic properties of a chemical warfare agent, or the infectious or toxic properties of a biological warfare agent, and includes a delivery system exclusively designed, adapted or intended to deliver such weapons.”
3.POLICY PURPOSE
The purpose of this policy is to confirm the organisation’s commitment to implementing an effective Anti-Money Laundering, Counter Terrorist Financing & Combatting Proliferation Financing Risk Management and Compliance Programme (“AML, CTF & CPF RMCP”), as required by FICA.
The purpose of this AML, CTF & CPF Risk Management and Compliance Programme is to:
- Enable the organisation to identify, assess, mitigate, manage and monitor the risk that the provision by the organisation of its products or services may involve or facilitate money laundering activities or the financing of terrorist and related activities.
- Provide for the manner in which the organisation determines if a person is:
- A prospective client in the process of establishing a business relationship or entering into a single transaction with the organisation, or
- A client who has established a business relationship or entered into a single transaction, is a client of the organisation.
- Provide for the manner in which the organisation complies with the compliance obligations of not establishing a business relationship or concluding a single transaction with an anonymous client or a client with an apparent false or fictitious name.
- Provide for the manner in which, and the processes by which, the organisation:
- Establishes and verifies the identity of a client, and
- Establishes a client representative’s authority to establish a business relationship or to conclude a single transaction on behalf of a client.
- Provide for the manner in which, and the processes by which, the organisation determines whether future transactions that will be performed in the course of the business relationship, are consistent with the organisation’s knowledge of a prospective client.
- Provide for the manner in which, and the processes by which, the organisation conducts additional due diligence measures in respect of legal persons, trusts and partnerships.
- Provide for the manner in which, and the processes by which, ongoing due diligence and account monitoring in respect of business relationships are conducted by the organisation.
- Provide for the manner in which the examining of:
- Complex or unusually large transactions, and
- Unusual patterns of transactions which have no apparent business or lawful purpose takes place.
- Provide for the manner in which, and the processes by which, the organisation will confirm information relating to a client when the organisation has doubts about the veracity of previously obtained information.
- Provide for the manner in which, and the processes by which the organisation will perform the client due diligence requirements in accordance with the following compliance obligations:
- The identification of clients and other relevant persons,
- Understanding and obtaining information on business relationships,
- Additional due diligence measures relating to legal persons, trusts and partnerships,
- Ongoing due diligence when, during the course of a business relationship, the organisation suspects or knows that a transaction or activity is suspicious or unusual.
- Provide for the manner in which the organisation will terminate an existing business relationship where the organisation is unable to:
- Establish and verify the identity of a client or other relevant person,
- Obtain information describing the nature of the business relationship, the intended purpose of the business relationship concerned and the source of funds which a prospective client expects to use in concluding transactions in the course of the business relationship concerned,
- Conduct ongoing due diligence.
- Provide for the manner in which, and the processes by which, the organisation will determine whether a prospective client is a foreign politically exposed person or a domestic politically exposed person.
- Provide for the manner in which, and the processes by which, enhanced due diligence is conducted for higher-risk business relationships and when simplified client due diligence might be permitted in the organisation.
- Provide for the manner, place in which and the period for which client due diligence and transaction records are kept.
- Enable the organisation to determine when a transaction or activity is reportable to the FIC.
- Provide for the processes for reporting information to the FIC.
- Provide for the manner in which:
- The AML, CTF & CPF RMCP is implemented in branches, subsidiaries or other operations of the organisation in foreign countries so as to enable the organisation to comply with its compliance obligations under FICA
- The organisation will determine if the host country of a foreign branch or subsidiary permits the implementation of measures required under FICA
- The organisation will inform the FIC and supervisory body concerned, if the host country does not permit the implementation of measures required under FICA
- Provide for the processes for the organisation to implement its AML, CTF & CPF RMCP.
- Indicate if any of the processes are not applicable to the organisation, and if so, the reasons why it is not applicable.
- POLICY STATEMENT
The organisation commits itself to achieving the following compliance objectives in terms of FICA:
- To protect the integrity of the organisation through the continued management of money laundering and terrorist financing risk.
- To apply a risk-based approach to client transactions and to understand the purpose of all business relationships entered into with clients.
- To educate employees how to identify business relationships and transactions that pose a higher risk to money laundering and terrorist financing.
- To implement robust Client Due Diligence procedures that will make it more difficult for criminals to hide the proceeds of unlawful activities.
- To submit to the FIC relevant reports concerning all transactions that are identified as being suspicious, unusual or above the prescribed cash threshold.
- To keep accurate records of all FICA related transactions and Client Due Diligence procedures.
- To prevent any reputational fallout or brand damage due to noncompliance with FICA and/or the organisation’s AML, CTF & CPF RMCP.
- To prevent any civil or criminal fines or penalties due to noncompliance with FICA and/or the organisation’s AML, CTF & CPF RMCP.
- To prevent loss of sales and client confidence due to noncompliance with FICA and/or the organisation’s AML, CTF & CPF RMCP.
5.FICA COMPLIANCE OBLIGATIONS
The organisation has identified the following twenty-three FICA related compliance obligations:
Nr. | Domain | Compliance Obligation | Reference | Regulatory Designation |
5.1.1 | FICA | The Organisation must Develop, Document, Maintain and Implement an AML & CTF RMCP | FICA | Accountable Institutions |
5.1.2 | FICA | The Organisation must Govern Compliance with its AML & CTF RMCP | FICA | Accountable Institutions |
5.2.1 | FICA | The Organisation must Register itself with the FIC | FICA | Accountable |
5.2.2 | FICA | The Organisation must inform the FIC of any changes to its Registration Particulars | FICA | Accountable |
5.3.1 | FICA | The Organisation must perform Enhanced Client Due Diligence Procedures where a High-Risk Client, Product or Service is Identified | FICA | Accountable Institutions |
5.3.2 | FICA | The Organisation must Understand and Obtain Information where a new Business Relationship is established | FICA | Accountable Institutions |
5.3.3 | FICA | The Organisation must Establish and Verify the Identity of all prospective Clients | FICA | Accountable Institutions |
5.3.4 | FICA | The Organisation must Avoid Clients with apparent False or Fictitious Names | FICA | Accountable Institutions |
5.3.5 | FICA | The Organisation must Avoid and Terminate any Business Relationships or Single Transactions where it is unable to conduct a Client Due Diligence | FICA | Accountable Institutions |
5.3.6 | FICA | The Organisation must Avoid Transactions and Business Relationships with Persons and Entities identified by the United Nations Security Council | FICA | Universal |
5.3.7 | FICA | The Organisation must perform Additional Client Due Diligence Procedures where a client is a Domestic Politically Exposed Person | FICA | Accountable Institutions |
5.3.8 | FICA | The Organisation must perform Additional Client Due Diligence Procedures where a client is a Foreign Politically Exposed Person | FICA | Accountable Institutions |
5.3.9 | FICA | The Organisation must perform Additional Client Due Diligence Procedures where a client is a Family Member or a Close Associate of a DPEP or a FPEP | FICA | Accountable Institutions |
5.3.10 | FICA | The Organisation must perform Additional Client Due Diligence Procedures where a client is a Legal Person, Trust or Partnership | FICA | Accountable Institutions |
5.3.11 | FICA | The Organisation must when in Doubt, confirm the Veracity of previously obtained Client Information | FICA | Accountable Institutions |
5.3.12 | FICA | The Organisation must perform Ongoing Client Due Diligence Procedures and the Monitoring of Transactions of existing Business Relationships | FICA | Accountable Institutions |
5.4.1 | FICA | The Organisation must submit Cash Threshold Reports within the prescribed time limit | FICA | Accountable |
5.4.2 | FICA | The Organisation must submit Suspicious or Unusual Transaction Reports within the prescribed time limit | FICA | Universal |
5.4.3 | FICA | The Organisation must submit Terrorist Property Reports within the prescribed time limit | FICA | Accountable Institutions |
5.5.1 | FICA | The Organisation must keep and maintain Transaction Records for the required period | FICA | Accountable Institutions |
5.5.2 | FICA | The Organisation must keep and maintain Client Due Diligence Records for the required period | FICA | Accountable Institutions |
5.5.3 | FICA | The Organisation must ensure Compliance where Transaction Records or Client Due Diligence Records are kept and maintained by a Third Party | FICA | Accountable Institutions |
5.6 | FICA | The Organisation must provide Training to ensure compliance with FICA and the Organisation’s AML & CTF RMCP | FICA | Accountable Institutions |
The procedures relating to the abovementioned obligations are contained in the following Standards, Procedures and Best Practice (“SPB”) documents:
- SPB FICA General Standards, Registration & Training;
- SPB FICA Client Due Diligence;
- SPB FICA Reporting; and
- SPB FICA Recordkeeping;
6.STANDARDISED COMPLIANCE RISK AND IMPLEMENTED CONTROLS
The organisation has identified nine compliance risks considering its compliance objectives and obligations.
The compliance risks have been assessed and evaluated based on the likelihood of the risk occurring, as well as the potential impact should the risk event occur.
Nr. | Compliance Risk | Possible | Likelihood | Impact | Risk | Implemented Controls |
7.1 | Civil or criminal fines or penalties where there is a failure in the FICA Reporting Duty procedures | Guilty of an Offence: Period not exceeding 15 years imprisonment or to a fine not exceeding R100 Million and / or Administrative Sanction: Financial Penalty not exceeding R10 Million in respect of natural persons and R50 Millions in respect of any other legal person | Possible | Catastrophic | Very High |
|
7.2 | Loss of sales and customer confidence where there is a failure in the FICA Reporting Duty procedures | Administrative Sanction: The restriction or suspension of certain specified business activities | Possible | Major | High |
|
7.3 | Civil or criminal fines or penalties where proper FICA Customer Due Diligence measures are not conducted | Administrative Sanction: Financial Penalty not exceeding R10 Million in respect of natural persons and R50 Million in respect of any other legal person | Possible | Major | High |
|
7.4 | Civil or criminal fines or penalties where FICA Recordkeeping requirements are not met | Administrative Sanction: Financial Penalty not exceeding R10 Million in respect of natural persons and R50 Millions in respect of any other legal person | Possible | Major | High |
|
7.5 | Reputational fallout or brand damage where there is a failure in the FICA Reporting Duty procedures | Administrative Sanction: A Reprimand | Possible | Moderate | Tolerable |
|
7.6 | Civil or criminal fines or penalties where proper FICA GRC Standards are not implemented, reviewed and maintained | Administrative Sanction: Financial Penalty not exceeding R10 Million in respect of natural persons and R50 Millions in respect of any other legal person | Unlikely | Major | Tolerable |
|
7.7 | Loss of sales and customer confidence where proper FICA GRC Standards are not implemented, reviewed and maintained | Administrative Sanction: The restriction or suspension of certain specified business activities | Unlikely | Major | Tolerable |
|
7.8 | Reputational fallout or brand damage where proper FICA GRC Standards are not implemented, reviewed and maintained | Administrative Sanction: A Reprimand | Unlikely | Moderate | Low |
|
7.9 | Reputational fallout or brand damage where FICA Awareness Training of employees is not regularly conducted | Administrative Sanction: A Reprimand | Unlikely | Minor | Low |
|
7.AML, CTF & CPF RMCP APPLICATION
This AML, CTF & CPF RMCP applies to:
- The organisation’s governing body,
- Where applicable, all branches, business units and divisions of the organisation,
- All employees
The organisation’s governing body requires all employees to fully comply with the processes and procedures outlined herein.
Any gross negligence or wilful noncompliance with the provisions of FICA and/or the processes and procedures outlined within the organisation’s AML, CTF & CPF RMCP, will be considered a serious form of misconduct which may result in a summary dismissal.
8.DISCIPLINARY ACTION
Where a FICA related complaint or an investigation related to an infringement of FICA or the organisation’s AML, CTF & CPF RMCP has been finalised, the organisation may recommend any appropriate administrative, legal and/or disciplinary action to be taken against any employee reasonably suspected of being implicated in noncompliance.
In the case of ignorance or minor negligence, the organisation will undertake to provide further FICA Awareness training to the employee.
Any gross negligence or the wilful noncompliance, will be considered a serious form of misconduct for which the organisation may summarily dismiss the employee. Disciplinary procedures will commence where there is sufficient evidence to support an employee’s gross negligence.
Examples of immediate actions that may be taken subsequent to an investigation include:
- A recommendation to commence with disciplinary action.
- A referral to appropriate law enforcement agencies for criminal investigation.
- Recovery of funds and assets in order to limit any prejudice or damages caused.
Contact Us
If you have any questions or concerns about this FICA Policy or our data practices, please contact us at:
Legendary Risk Solutions (Pty) Ltd – info@legendaryrisk.com