FICA COMPLIANCE

Another topic worth repeating…

Picture this – you are happily online shopping, when all of a sudden, you get a notification from your bank that someone has just tried to transfer a large amount of money out of your bank account. Panic stations ensue.

But despite the panic and potential loss of money, your bank account has remained untouched.

That’s probably because your bank took steps to ensure that crimes of this nature are prevented, and suspects of these crimes apprehended. Thankfully.

But you wouldn’t be alone. This happens to many people worldwide. Often on a daily basis. According to Investec –

“In today’s globalised economy, criminals can generate huge sums of money through fraud, drug trafficking, arms smuggling, and many other heinous crimes. These criminals are constantly adapting their activities to disguise their “dirty money” and targeting financial institutions. Not only does this cost countries billions a year, but it is also providing the resources for international terrorism to grow”.

It used to be much worse. But that’s until government, international bodies and – importantly – financial institutions undertook efforts to prevent and detect transactions involving suspicious activity.

The Financial Intelligence Centre Act 38 of 2001 (FICA) as well as the amendments to Schedules 1, 2 and 3 (which came into effect on 19 December 2022) require, amongst other things, the obligation to undertake a Know Your Client or “KYC” exercise.

This is especially the case for any financial institution that deals with customers while opening and maintaining financial accounts. It will also include attorneys, trustees and executors, estate agents, trade, stockbrokers, and management companies.

What is FICA?

FICA is a requirement by South African legislation (under The Financial Intelligence Centre Act 38 of 2001 (FICA) which has been amended by the Financial Intelligence Centre Amendment Act 1 of 2017 (FICAA) to conform to international standards set by the Financial Action Task Force (FATF).

Wait. What is FATF?

FATF is an international body of countries tasked with setting best practices to combat money laundering, terrorist financing, tax evasion as well as the financing of proliferation of weapons of mass destruction (which we will refer to as “prohibited actions”). South Africa has been a member of FATF since 2003 and is also a signatory to the United Nations (UN) Convention Against Corruption in 2004.

FATF requires financial and other entities to truly know their clients. This is referred to – as one might guess – Know Your Client. Every person (and every entity) in South Africa is subject to a standard KYC process.

The FATF has set out an international standard, which all signatory countries should incorporate into their own legislation, provided it’s adapted according to each country’s particular circumstances.

And this is where FICA comes in.

Who does FICA apply to?

All persons and all businesses operating in South Africa are required to abide by FICA. As required by the Act, an accountable institution is required to comply with KYC regulations and take responsibility for ensuring that those they do business with are not involved in any prohibited actions.

Wait. What are Accountable Institutions?

An ‘Accountable Institution’ is any person defined in schedule 1 of the Act. Amongst those listed include attorneys, trustees and executors, estate agents, financial instrument trade and stockbrokers, management companies, bankers and those involved in the remittance of currency, but this is not a closed list.

What if there is non-compliance with FICA?

According to DocFox –

“The penalties for non-compliance vary depending on the severity of the offence but can range from a public reprimand to a financial penalty or even jail time. These penalties apply not only to the company itself but may also apply to the executives or owners of a business as well as employees or individuals involved in dealings with a specific client, transaction, or activity.

The Financial Intelligence Centre (FIC) specifically states that non-compliance with the FIC Act could lead to:

• A public reprimand.
• A remediation directive.
• The restriction or suspension of certain business activities.
• Financial penalty of up to R10 million for a natural person or up to R50 million for a legal person.
• For more serious offences, the maximum penalty increases to imprisonment for a period of up to 15 years or a fine of up to R100 million”.

What are the duties imposed on accountable institutions?

Simply put – to establish the identity of the client and retain records of the identity of the client for a period of five years (which according to Section 23 is either from the date the business relationship was terminated, or transaction concluded).

Section 21(1) stipulates that an accountable institution may only establish a business relationship or conclude a single transaction with a client once the accountable institution has undertaken the following –

“(a) to establish and verify the identity of the client;

(b) if the client is acting on behalf of another person, to establish and verify-

(i) the identity of that other person; and

(ii) the client’s authority to establish the business relationship or to conclude the single transaction behalf of that other person; and

(c) if another person is acting on behalf of the client, to establish and verify-

(i) the identity of that other person; and

(ii) that other person’s authority to act on behalf of the client.”

But, if a client is acting on behalf of another person, the accountable institution must establish the identity of the instructing person as well as the authorisation that the client received in order to establish a business relationship.

Section 22(1) sets out the record keeping requirements as follows –

“Whenever an accountable institution establishes a business relationship or concludes a transaction with a client, whether the transaction is a single transaction or concluded in the course of a business relationship which that accountable institution has with the clint, the accountable institution must keep record of

(a) the identity of the client;

(b) if the client is acting on behalf of another person-

(i) the identity of the person on whose behalf the client is acting; and

(ii) the client’s authority to act on behalf of that other person;

(c) if another person is acting on behalf of the client-

(i) the identity of that other person; and

(ii) that other person’s authority to act on behalf of the client;

(d) the manner in which the identity of the persons referred to in paragraphs (a), (b) and (c) was established;

(e) the nature of that business relationship or transaction;

(f) in the case of a transaction-

(i) the amount involved; and

(ii) the parties to that transaction;

(g) all accounts that are involved in-

(i) transactions concluded by that accountable institution in the course of 35 that business relationship; and

(ii) that single transaction;

(h) the name of the person who obtained the information referred to in paragraphs (a), (b) and (c) on behalf of the accountable institution; and

(i) any document or copy of a document obtained by the accountable institution 40 in order to verify a person’s identity in terms of section 21(1) or (2).”

KYC due diligences

KYC – simply put – involves performing background checks on the client to ensure that they are properly risk assessed before being on boarded. KYC ensures accountable institutions establish and verify the actual identity of their clients before or during the time they do business.

The main reason KYCs are undertaken is to ensure that clients are not involved in prohibited actions. In fact, the KYC process can be seen as one of the key aspects of FICA as it sets the wheels in motion for all other due diligences.

What does a KYC due diligence include?

KYC controls usually include –

1. The collection and verification of identity documentation;
2. The identification of the nature of the client’s business operations;
3. The establishment of the identity of its ultimate beneficial owner (being the natural person who ultimately benefits from the client’s assets and profits);
4. Screening against warning lists, client risk assessment and investigations into clients’ financial transactions;
5. Monitoring and periodically obtaining fresh client information;
6. Regularly reviewing certain categories of clients, and
7. Reviewing business relationships with foreign prominent public officials and domestic prominent influential persons.

FICAA extends the list of persons and institutions with whom the FIC will share information – especially noteworthy is the inclusion of the supervisory bodies and the Public Protector.

Undertaking the KYC requirements

While we cannot make FICA obligations go away entirely, we do offer some sound solutions that can make the somewhat heinous requirements much easier to deal with. AJS takes the worry out of finding yet another service provider by offering an inbuilt FICA management system in their overall practice and financial management “toolkit”. All you need to do is contact AJS and they will activate FICA for you (with some added training thrown in.) At no extra expense to those firms already subscribed to AJS.

With the AJS system, information is only captured once, allowing for the same information to then be re-used for other matters for the same client. So, firms need only collect the FICA information which is either missing or which has expired. This will save time and safeguard efficiency whilst also ensuring that all compliance obligations are met.

What’s more, AJS’ FICA compliance is strengthened by the integrations with  DocFox and Lexis Nexis KYC Providers. All designed with the sole aim of taking compliance obligations and making them easy.

Increase compliance and reduce both the time and resources needed by looking into automating your KYC process and ensure that you are – and remain – FICA compliant.

And that is – once again – FICA Compliance in a nutshell.

To find out how to undertake KYC and ensure you are FICA Compliant, feel free to get in touch with AJS – we have the right combination of systems, resources and business partnerships to assist you with incorporating supportive legal technology into your practice. Effortlessly.

AJS is always here to help you, wherever and whenever possible!

(Sources used and to whom we owe thanks: LexisNexis; Phatshoane Henney Attorneys; Investec; DocFox)

– Written by Alicia Koch on behalf of AJS