Ashburton Fund Managers (Pty) Ltd Notice of Sanction

Executive Committee: Commissioner: U. Kamlana I Deputy Commissioners: A. Ludin I K. Gibson I F. Badat ENQUIRIES: Charl Geel DIALLING NO: (012) 367 7890 OUR REF: FSP 40169 E-MAIL: Charl.geel@fsca.co.za DATE: 1 February 2024 Mr. M Ndlovu Chief Executive Officer Ashburton Fund Managers (Pty) Ltd 4 Merchant Place Fredman Drive Benmore 2010 By email: Duzi.Ndlovu@ashburton.co.za Dear Sir NOTICE OF ADMINISTRATIVE SANCTION

1. NOTICE 1.1. The Financial Sector Conduct Authority (FSCA) is satisfied that Ashburton Fund Managers (Pty) Ltd (AFM), an authorised financial services provider and an accountable institution as envisaged in terms of item 12 of schedule 1 to the Financial Intelligence Centre Act 38 of 2001 (FIC Act), has failed to comply with the FIC Act. Accordingly, the FSCA hereby issues this Administrative Sanction Notice (the Notice). 1.2. The non-compliance was identified in an inspection conducted by the FSCA on AFM in terms of section 45B of the FIC Act of which the final report was issued on 6 October

2 2. NATURE OF ALLEGED NON-COMPLIANCE 2.1. Risk Management and Compliance Programme 2.1.1. In terms of section 42(1) of the FIC Act, an accountable institution must develop, document, maintain and implement a programme for anti-money laundering and counter terrorist financing risk management and compliance.1 2.1.2. Section 42(2) of the FIC Act states that, “A risk management and compliance programme must- (a) Enable the accountable institution to- (i) Identify; (ii) Assess; (iii) Monitor; (iv) Mitigate; and (v) Manage, the risk that the provision by the accountable institution of products or services may involve or facilitate money laundering or the financing of terrorist related activities;” 2.1.3. Section 42(2) of the FIC Act continues to set out what minimum information an accountable institution must provide for in the risk management and compliance programme (RMCP). 2.1.4. The findings of the FSCA’s inspection revealed that AFM contravened sections 42(1) and (2) of the FIC Act for the following reasons: 2.1.4.1. Section 42(2)(h) of the FIC Act states that the RMCP must provide for the manner in which the examining of complex or unusually large transactions and unusual patterns of transactions which have no apparent business or lawful purpose and keeping of written findings relating thereto is done by AFM. AFM contravened this section as there is no such provision in its RMCP. 1 The FIC Act is quoted as at the time of the inspection.

3 2.1.4.2. Section 42(2)(j) of the FIC Act states that the RMCP must provide for the manner in which and the processes by which AFM will perform the customer due diligence requirements in accordance with sections 21, 21A, 21B and 21C when, during the course of the business relationship, the institution suspects that a transaction or activity is suspicious or unusual as contemplated in section 29. Enhanced customer due diligence needs to be done where a transaction or activity is suspicious or unusual. Although there is some provision relating to this section in AFM’s RMCP, it does not deal with enhanced due diligence. As a result, AFM contravened this section. 2.1.4.3. Section 42(2)(k) of the FIC Act states that the RMCP must provide for the manner in which AFM will terminate an existing business relationship as contemplated in section 21E. There is some provision in AFM’s RMCP relating to this section, but it is inadequate for the nature and complexity of AFM’s business. 2.1.4.4. Section 42(2)(o) of the FIC Act states that the RMCP must enable AFM to determine when a transaction or activity is reportable to the Financial Intelligence Centre (FIC). In terms of section 28 of the FIC Act, accountable institutions must report to the FIC cash transactions above the prescribed limit. In terms of section 29 of the FIC Act, accountable institutions must report to the FIC inter alia a transaction and/or activity relating to an offence of financing of terrorists and related activities. AFM’s RMCP is silent on how it will identify cash above the prescribed limit paid into the bank account of AFM and/or identify terrorist financing activity and/or terrorist financing transactions to enable it to report it to the FIC in terms of section 29 of the FIC Act. 2.1.4.5. Section 42(2)(r) of the FIC Act states that the RMCP must provide for the processes for the institution to implement its RMCP. AFM’s RMCP is silent on processes to implement the RMCP. 2.1.4.6. Section 42(2)(s) of the FIC Act states that the RMCP must provide for any prescribed matter. AFM’s RMCP is silent on: 2.1.4.6.1. How it will comply with the provisions of section 26B of the FIC Act relating to prohibitions of persons and entities identified by the Security Council of the United Nations; and/or

4 2.1.4.6.2. How it will comply with section 27 of the FIC Act relating to requests from the FIC on their client base. 2.1.4.7. Section 42(2A) of the FIC Act requires accountable institutions to indicate in its RMCP if any paragraph under section 42(2) of the FIC Act is not applicable to that accountable institution and the reason why it is not applicable. AFM failed to indicate that section 42(2)(q) of the FIC Act is not applicable to it in that it does not have branches, subsidiaries or other operations in foreign countries. 2.2. Customer due diligence 2.2.1. In terms of section 20A of the FIC Act, an accountable institution may not establish a business relationship or conclude a single transaction with an anonymous client or a client with an apparent false or fictitious name. 2.2.2. In terms of section 21(1) of the FIC Act, when an accountable institution engages with a prospective client to enter into a single transaction or to establish a business relationship, the institution must, in the course of concluding that single transaction or establishing that business relationship and in accordance with its RMCP: 2.2.2.1. establish and verify the identity of the client; 2.2.2.2. if the client is acting on behalf of another person, establish and verify– (i) the identity of that other person; and (ii) the client’s authority to establish the business relationship or to conclude the single transaction on behalf of that other person; and 2.2.2.3. if another person is acting on behalf of the client, establish and verify– (i) the identity of that other person; and (ii) that other person’s authority to act on behalf of the client.

5 2.2.3. The findings of the FSCA’s inspection revealed that AFM contravened sections 20A and/or 21(1) of the FIC Act in that it did not identify and/or verify nine persons authorised or mandated to act on behalf of clients. 2.2.4. In terms of section 21B of the FIC Act, if a client contemplated in section 21 is a legal person, an accountable institution must, in addition to the steps required under sections 21 and 21A and in accordance with its RMCP— (a) establish the identity of the beneficial owner of the client by— (i) determining the identity of each natural person who, independently or together with another person, has a controlling ownership interest in the legal person; (ii) if in doubt whether a natural person contemplated in subparagraph (i) is the beneficial owner of the legal person or no natural person has a controlling ownership interest in the legal person, determining the identity of each natural person who exercises control of that legal person through other means; or (iii) if a natural person is not identified as contemplated in subparagraph (ii), determining the identity of each natural person who exercises control over the management of the legal person, including in his or her capacity as executive officer, non-executive director, independent non-executive director, director or manager; and (b) take reasonable steps to verify the identity of the beneficial owner of the client, so that the accountable institution is satisfied that it knows who the beneficial owner is. 2.2.5. The findings of the FSCA’s inspection revealed that AFM contravened section 21B of the FIC Act in that AFM failed to establish and/or verify the beneficial owner in respect of 15 clients in accordance with its RMCP. 2.3. Targeted financial sanctions 2.3.1. In terms of section 28A read with section 26A – 26C of the FIC Act and Guidance Note 7, an accountable institution is required to scrutinise (screen) client information to determine whether their clients are listed in terms of section 25 of the Protection of Constitutional Democracy Against Terrorist and Related Activities Act, 2004 (POCDATARA) and listed by the Security Council

6 of the United Nations contemplated in a notice referred to in section 26A (1) of the FIC Act. 2.3.2. The findings of the FSCA’s inspection revealed that AFM contravened section 28A read with section 26B of the FIC Act in that AFM failed to provide evidence that 18 out of 34 sampled clients were screened. Furthermore, AFM failed to provide evidence of screening related parties for 20 sampled client files and to provide evidence of screening beneficial owners of 3 sampled client files. 3. REASONS FOR IMPOSING THE ADMINISTRATIVE ACTION 3.1. AFM’s non-compliance as detailed above is a serious violation of the provisions of the FIC Act. 3.1.1. By understanding and managing money laundering and terrorist financing risks, as illustrated in RMCPs, accountable institutions not only protect and maintain the integrity of their business but also contribute to the integrity of the South African financial system. 3.1.2. The importance of a risk-based approach is underscored by the fact that this is the very first recommendation of the Financial Action Task Force. Non￾compliance with section 42(1) and (2) of the FIC Act is no minor issue. It breaches one of the core principles of the FIC Act, i.e. a risk-based approach to all the compliance elements of the FIC Act. 3.1.3. Customer due diligence is one of the most important provisions of the FIC Act. Understanding who your client is, is important to identify any suspicious transactions and activity that the client may be up to. 3.1.4. The screening of clients is also important in that a client may appear on a targeted financial sanction list and accountable institutions are then required to take certain action against that client. If no screening is done, the accountable institution would not know if they had a client on the targeted financial sanction list. 3.2. The FSCA has no record of a previous non-compliance with any law on the part of AFM.

7 3.3. The sanction to be imposed must be effective, proportionate and dissuasive. 3.4. Being part of a big financial group, AFM should have done better to comply with its AML/CFT obligations. 3.5. The FSCA took into account AFM’s correspondence to the FSCA on 20 October 2023. AFM indicated that they have developed a remediation strategy. Under the strategy, AFM also initiated two projects i.e. on RMCP customisation and adoption of the RMCP and on review of client files. AFM doesn’t dispute any of the findings, but rather commit to improve its anti-money laundering and counter-financing of terrorism policies and procedures. AFM also indicates that some of the inspection findings have been remediated i.e. processes to identify and report transactions and activities to the FIC, as well as screening of all clients of AFM. 3.6. The FSCA also took into account AFM’s response to the notice of intention to sanction dated 01 December 2023 and the subsequent meeting held with the FSCA on 12 December 2023 and in particular: 3.6.1. AFM views its compliance obligations in a serious light and that it had commenced with a comprehensive programme to remediate the deficiencies identified; 3.6.2. Some of the deficiencies have already been remediated; 3.6.3. AFM introduced structural changes to ensure improved compliance with the FIC Act; 3.6.4. The failures were of such a nature that it did not impede AFM’s ability to apply a risk-based approach to compliance with the FIC Act nor to understand the money laundering and terrorist financing risks it faces; 3.6.5. No terrorist financing risks materialised. 3.7. AFM has at all times co-operated with the FSCA.

8 4. PARTICULARS OF THE ADMINISTRATIVE SANCTION 4.1. In terms of section 45C(1), read with sections 45C(3)(c) & (e), and 45C(6)(a) of the FIC Act, the FSCA hereby imposes the following administrative sanction on AFM: 4.1.1. a directive to remediate the following non-compliance identified on or before 30 June 2024: 4.1.1.1. Amend AFM’s RMCP to include the processes and/or manners as required in terms of sections 42(2)(h), (j), (k), (o), (r) and (s) of the FIC Act. The amended RMCP must also be approved by the executive management of AFM; and 4.1.1.2. Review all client files and ensure that customer due diligence information has been obtained as prescribed in the FIC Act and in terms of the approved RMCP in respect of all of them. 4.1.2. a financial penalty of R1 million for non-compliance with 42(1) and (2) of the FIC Act; 4.1.3. A financial penalty of R10 million non-compliance with sections 21(1) and 21B of the FIC Act; and 4.1.4. A financial penalty of R5 million for non-compliance with section 28A read with section 26B of the FIC Act. 4.2. AFM is directed to pay the R10 million of the financial penalty on or before 28 February 2024. 4.3. The payment of the remaining R6 million of the total financial penalty is hereby suspended for a period of 3 years from the date of this Administrative Sanction, on condition that AFM complies with the directive issued in paragraph 4.1.1 above and remains fully compliant with sections 42(1) and (2), section 21(1) and section 28A read with section 26 of the FIC Act. 4.4. Should AFM be found to be non-compliant with provisions of the FIC Act detailed in paragraph 4.3. above, within the 3 years suspension period, the suspended penalty of R6 million becomes immediately payable.

9 4.5. The financial penalty is payable via electronic fund transfer to: Account Name : NRF – FIC Act Sanctions Account Holder : National Treasury Account Number : 80552749 Bank : South African Reserve Bank Code : 910145 Reference : FIC Sanction – Ashburton Fund Managers 4.6. Proof of payment must be submitted to the FSCA at Charl Geel (charl.geel@fsca.co.za). 5. Right of appeal: 5.1. In terms of section 45D of the FIC Act, read with Regulation 27C of the Regulations promulgated in terms of GN R1595 in GG 24176 of 20 December 2002 as amended, AFM may lodge an appeal within 30 days, from the date of receipt of the Notice. The notice of appeal and proof of payment of the mandatory appeal fee must be-: 5.1.1. hand delivered to: The Secretary: The FIC Act Appeal Board Byls Bridge Office Park, Building 11 13 Candela Street Highveld Extension Centurion 5.1.2. sent via electronic mail to: The HOD: Office of General Counsel FSCA Attention: Mr S Rossouw (Stefanus.Rossouw@fsca.co.za) 5.2. The Secretary of the FIC Act Appeal Board may be contacted at AppealBroardSecretariat@fic.gov.za and telephonically at (012) 641-6243 should AFM require further information regarding the appeal process. Details of the appeal process can also be found on the FIC’s website at www.fic.gov.za.

10 6. Failure to comply with the administrative sanction: 6.1. In terms of section 45(C)(7)(b) of the FIC Act, should AFM fail to pay the prescribed financial penalty in accordance with this notice and an appeal has not been lodged within the prescribed period, the FSCA may forthwith file with the clerk or registrar of a competent court a certified copy of this notice, which shall thereupon have the effect of a civil judgement lawfully given in that court in favour of the FSCA. 7. Publication of sanction: 7.1. The FSCA will make public the decision and the nature of the sanction imposed in terms of section 45C(11) of the FIC Act. Yours faithfully

---

Unathi Kamlana Commissioner Financial Sector Conduct Authority