FICA: Risk Management and Compliance Toolkit Credit Providers
Overview
Amendments to the Financial Intelligence Centre Act (FICA) came into effect on 31 December 2022
It’s important to note that the enhanced compliance requirements occasioned by these amendments apply to a wider range of commercial activities. This is because amendments to Schedule 1 of the FICA mean more individuals and businesses have, by definition, become accountable institutions.
In addition to registering with the FIC, accountable institutions are required to fulfil certain regulatory obligations, such as:
- Implementing customer identification and verification processes;
- Conducting customer due diligence;
- Appointing a compliance officer;
- Training employees on FICA compliance;
- Undertaking business risk assessments; and
- Maintaining and implementing a risk management and compliance program.
This HUB includes all the necessary policies and procedures that Credit Providers may need in order to comply, as well as the necessary annexures to assist with the successful implementation of the Risk Management and Compliance Programme.
Preface and Disclaimer
Preface
Disclaimer
Introduction to Money Laundering
What is money laundering?
What is terrorist financing?
What is Proliferation Financing or proliferation activity?
What is the purpose of the Financial Intelligence Centre (FIC)?
What is the role of the Financial Intelligence Centre (FIC)?
The Acts and Regulations and Abbreviations
The Acts and regulations
List of abbreviation
Definitions
Why is our agency an accountable institution?
Item 11 of Schedule 1 of the FIC Act
Why are credit providers being used for money laundering purposes?
What can our business as a credit provider do to combat money laundering?
Scope and purpose of the Risk Management and Compliance Hub (RMCH)
Risk Management Compliance Governance
Responsibility of management and those charged with Governance
Approval and adoption of the Risk Management and Compliance Programme (RMCP)
Implementation of the Risk Management and Compliance Programme (RMCP)
Process for Responding to FIC requests for RMCP Scrutiny Section 42(4)
Annual review of the Risk Management and Compliance Programme (RMCP)
Appointment and responsibility of the Compliance/Reporting Officer
Appointment of the Compliance/Reporting Officer
Appointment of an additional user on GoAML
Responsibilities of the Compliance Officer
Prohibition on Sharing Login Details
Activities considered to be a business relationship or single transaction
Activities considered to be a business relationship or single transaction
Implementing a Risk Based Approach (RBA)
Obligation to implement an effective Risk Management Compliance Program (RMCP)
Business level risk assessment
Responding to identified risks
Client-level risk assessments
Product and Services risk rating
Control measures
Client Risk Assessments
Assessing the risk of a natural person/sole proprietor
Assessing the risk of a corporate entity
Assessing the risk of a partnership
Assessing the risk of a trust
Assessing the risk of a Non - Profit Organisation
Customer due diligence
Meaning of Customer Due Diligence (CDD)
Timing of verification
Identification and verification of existing and prospective clients
Simplified Due Diligence
Verification and corroboration of the clients identity
Understanding and obtaining information about the business relationship
Anonymous clients and clients acting under false or fictitious names
Money Laundering threats and vulnerabilities posed by international geographic areas
Establish if a person is a Domestic Politically Exposed Person (DPEP)
Establish if a person is a Foreign Politically Exposed Person (FPEP)
Establish if a person is a Prominent Influential Person (PIP)
Obtaining additional information from a client which poses a high risk of money laundering
Establishing and verifying the identities of natural persons/sole proprietor
Establishing and verifying the identities of a corporate entity
Establishing and verifying the identities of a partnership
Establishing and verifying the identity of a trust
Establishing and verifying the identities of a Non - Profit Organisation (NPO
Establish and Identify the identity of a Government Entity
Ongoing due diligence/account monitoring
Doubts about veracity of previously obtained information
Inability to conduct customer due diligence
Maintaining the correctness of the client’s information
Receipt and acceptance of funds prior to completion of the customer due diligence measures
Impact of the Protection of Personal Information Act, 2013 on the identification and verification requirements of the FIC Act
Record keeping
Obligation to keep Customer Due Diligence records
Type and format of record keeping
Keeping records of transactions
Duration and manner for which records must be kept
Records kept by third parties
Training relating to anti-money laundering and counter terrorist financing compliance
Obligation to provide training to all employees.
Training session for employees: Course outline
Training session for directors/owners and compliance/reporting officers
Screening of employees
Duty to screen employees
Advising the Centre of clients
Obligation to advise the Centre of clients of the business
Targeted financial sanctions aimed at terrorist financing
Scrutinising persons and entities against The Targeted Financial Sanctions List (TFS)
Prohibitions relating to persons and entities identified by Security Council of the United Nations
Applications for Permitted Financial Services
Reporting cash transactions above R 49 999.99
Obligation to report cash transactions above R 49 999.99
Payment or receipt of cash via a third party
Prescribed particulars to be reported to the Centre
Reporting suspicious and unusual transactions
Obligation to report suspicious and unusual transactions
Meaning of suspicion
Types of reports
Indicators of suspicious and unusual transactions
Indicators of suspicious and unusual activity
Manner of reporting
Reporting suspicious and unusual transactions
Time period for submitting a report
Threshold for reporting suspicious and unusual transactions
Prescribed particulars to be reported to the Centre
Continuing with a transaction after a report is made to the FIC
Request by the Financial Intelligence Centre to discontinue the transaction
Dealing with further requests for information from the FIC
Reporting by temporary workers
Tipping-off
Confidentiality rules with regards to reporting to the Centre
Protection for person's reporting to the Centre
Defence
Penalty for failure to report suspicious or unusual transactions
Reporting of property associated with terrorist and related activities
Introduction
Obligation to report property associated with terrorist and related activities
Freezing of the property and ceasing to conduct business
Manner of reporting to the FIC
Intervention by Centre
Monitoring orders
Failure to file a report in terms of Section 28A
Reporting failures and submitting defective reports
Reporting Failure
Defective reports
Report content failure
Reporting fraud or theft under the Prevention and Combatting of Corrupt Activities Act (PRECCA)
Obligation to report
Making a report
Submission of a risk and compliance return to the Financial Intelligence Centre
Obligation to submit a Risk and Compliance return to the Financial Intelligence Centre (FIC)
Obligation of the Accountable Institution with regards to Outsourcing
Obligation of the Accountable Institution with regards to Outsourcing
Implementation video
Practical Implementation of the RMCP
Post assessment for the Practical Implementation workshop
Summary of the RMCP
Summary of the RMCP
Annexure List
Annexure List
From the Regulator
PCC56
Directive 6 of 2023 – Submission of risk and compliance returns
Article published in the Sunday Times
FICA Penalties for not submitting the RCR
