The Financial Intelligence Centre Act, 2001 (FICA) has been the key regulatory tool to protect the integrity of the South African financial system against abuse for illicit purposes like money laundering the proceeds of crime and the financing of terrorism. The FICA Amendment Act No 2 of 2017 (“the Act”) published in the Government Gazette on 02 May 2017 strengthens the provisions of FICA by introducing a risk-based approach to customer due diligence, among other things.
The provisions in the Act support other criminal justice system laws against money laundering and financing of terrorism.
The different provisions of the Act have been implemented on 13 June 2017 and others will be implemented on 2 October 2017. Some of the sections that will come into effect on 2 October 2017 relate to customer due diligence measures; recordkeeping requirements; risk management and compliance programme (RMCP); and governance and training. Herewith a brief overview of recordkeeping requirements, RMCP and governance and training.
The Act requires accountable institutions to retain records concerning client identification and transaction activity. The accountable institution is obliged to keep customer due diligence records and records of every transaction which they have with a client. There is no prescribed manner the records must be kept but it must be in accordance with the accountable institution’s standard procedures for the capture and retention of records.
Regardless of the manner in which records are kept, accountable institutions must ensure that the following principles are met:
- accountable institution must have free and easy access to the records;
- records must be readily available to the Financial Intelligence Centre and relevant supervisory body when required;
- records must be capable of being reproduced in a legible format; and
- If records are stored off-site, the Centre and relevant supervisory body must be provided with the details of the third party storing said records.
The Act further, in terms of the new Section 42(1), places an obligation on accountable institutions to develop, document, maintain and develop a RMCP. The RMCP comprises of policy documents, procedures, systems and controls that must be implemented within the institution. It can be described as foundation of an accountable institution’s efforts to comply with its obligations under the Act on a risk sensitive basis.
An accountable institution must have a compliance function to assist the board of directors or the senior management of the institution in discharging their obligations and assign a person with sufficient competence and seniority to ensure the effectiveness of the compliance function. However, this does not divest the board of its statutory duty to ensure compliance.
The programme must be approved by the board of directors and the institution must review this programme at regular intervals to ensure that it remains relevant, and for the achievement of the statutory requirements set out for it. The documentation describing the programme must be made available by the institution to each of its employees involved in transactions to which the Act applies. A copy of the programme documentation must also, on request, be made available to the Centre.
The board of directors must ensure compliance with the provisions of the Act and the programme by the institution and its employees. An accountable institution must provide ongoing training to its employees to enable them to comply with the provisions of the Act, and the provisions of the programme, that are applicable to them.