Executive Committee:

Commissioner: U. Kamlana | Deputy Commissioners: A. Ludin | K. Gibson | F. Badat

IMPORTANT INFORMATION ABOUT THE FINANCIAL ACTION TASK FORCE (“FATF”) MUTUAL EVALUATION OF SOUTH AFRICA IN RELATION TO IMMEDIATE OUTCOME 4: PREVENTIVE MEASURES

ISSUED BY THE FINANCIAL SECTOR CONDUCT AUTHORITY (“THE AUTHORITY”) April 2022

Contents

1. The Financial Sector Conduct Authority
2. The Financial Action Task Force
3. Mutual Evaluation
4. Immediate outcome 4: Preventive Measures
5. The Authority’s expectations
6. Sector risk assessment
7. Body of Knowledge
8. Risk Management and Compliance Programme
9. Webinars
10. Publication
11. Guidance products
12. Consequences

---

1. The Financial Sector Conduct Authority

1.1 The Financial Sector Conduct Authority (“the Authority”) is designated as a supervisory body in terms of item 1 of Schedule 2 to the Financial Intelligence Centre Act, nr 38 of 2001 (“the FICA Act”).

1.2 As a supervisory body, the Authority performs supervisory and enforcement activities on a risk-based approach in relation to accountable institutions listed under items 4, 5 and 12 to the FICA Act. These institutions include financial services providers, collective investments scheme managers and authorised users of an exchange (collectively referred to as non-bank financial institutions). Supervision of authorised users is delegated to licensed exchanges in terms of section 45(1B)(b) of the FICA Act.

2. The Financial Action Task Force

2.1 The Financial Action Task Force (“FATF”) is an inter-governmental body which sets standards to promote effective implementation of legal and operational measures for combating money laundering (“ML”), terrorist financing (“TF”) and proliferation financing (“PF”) of weapons of mass destruction.

2.2 South Africa became a member of FATF in 2003.

3. Mutual Evaluation

3.1 FATF developed 40 Recommendations required for a robust framework to combat ML, TF and PF.

3.2 In November 2019, FATF conducted a mutual evaluation of South Africa and assessed both our technical compliance (our legal framework for combating ML/TF/PF) as well as our level of effectiveness in identifying our ML/TF/PF risks and mitigating such risks identified.

3.3 The FATF published its report on their findings in October 2021 which can be found by following the link here under: https://www.fatfgafi.org/media/fatf/documents/reports/mer4/Mutual-Evaluation-Report-South-Africa.pdf

3.4 One of the immediate outcomes assessed during the mutual evaluation, relates to preventive measures. A rating of “moderate” was assigned to this immediate outcome. Moderate rating means that major improvements are necessary.

4. Immediate Outcome 4: Preventive Measures

4.1 Immediate Outcome 4 relates to how well do financial institutions comply with the following core issues:

• 4.1.1 Understanding of ML/TF risks and FICA Act obligations.
• 4.1.2 Apply mitigating measures commensurate with risk.
• 4.1.3 Apply customer due diligence (“CDD”) and record keeping measures including obtaining beneficial ownership information and ongoing monitoring.
• 4.1.4 Apply enhanced/specific measures for politically exposed persons (“PEPs”), new technologies, targeted financial sanctions, higher risk countries.
• 4.1.5 Meeting reporting obligations and practical measures to prevent tip-offs.
• 4.1.6 Apply internal controls and procedures to ensure compliance with the FICA Act.

4.2 Deficiencies identified

The following deficiencies in relation to preventive measures were identified:

• 4.2.1 Non-bank financial institutions show a very basic to limited ML/TF risk understanding and are compliance focused when implementing such measures.
• 4.2.2 Non-bank financial institutions play down the risks of operating internationally.
• 4.2.3 TF risk is poorly understood, primarily based on a lack of information.
• 4.2.4 Non-bank financial institutions that have an under-developed understanding of their risks, conduct ongoing monitoring only to a limited extent.
• 4.2.5 Enhanced measures are insufficiently applied given the very low percentage of clients identified to be high risk.
• 4.2.6 Basic customer due diligence is satisfactorily applied by many non-bank financial institutions; however, all non-bank financial institutions are challenged by beneficial ownership requirements.
• 4.2.7 Non-bank financial institutions fail to file suspicious and unusual transaction reports commensurate with their risk profiles.

5. The Authority’s expectations

5.1 Considering the findings by FATF, it is clear that there are two major areas of concern for accountable institutions supervised by the Authority:

• 5.1.1 Understanding of ML/TF risk.
• 5.1.2 Ability to identify reportable transactions and to timely file such reports with the Financial Intelligence Centre (“the Centre”).

5.2 Should all findings not be addressed immediately with tangible positive results to demonstrate remediation by October 2022, South Africa may become subject to further stringent processes by the FATF which could include becoming grey listed (a name and shame list).

5.3 The Authority will continue with its efforts to promote better outcomes in relation to immediate outcome 4. To this end:

• 5.3.1 We will continue to record and publish webinars on our official YouTube channel to create awareness to promote the industry and individual institutions’ understanding of ML/TF risk.
• 5.3.2 We will continue to engage with industry bodies to establish what the issues are that the industry is struggling with which may hamper remediation.
• 5.3.3 We will continue to engage with other supervisors to share information about how the industry is progressing in remediating the findings related to immediate outcome 4.
• 5.3.4 We will strengthen the information sources on our official website to assist the industry with understanding ML/TF risks to enable them to identify such risks and submit timely reports to the Centre in line with the reporting obligations set out in the FICA Act.

5.4 We expect the industry to:

• 5.4.1 Re-assess institutional risk management and compliance programs to ensure that these programs enable them to identify, assess, monitor, mitigate and manage their institutional ML/TF risks.
• 5.4.2 Move from a compliance-driven approach to a risk-based approach.
• 5.4.3 Consult the sector risk assessment published by the Authority on its official website to establish the ML/TF risks identified in the Securities Sector and the CIS and FSP sectors respectively and inform the review of institutional risk assessments accordingly.

6. Sector risk assessment

6.1 The Authority first conducted and published a sector risk assessment in May 2019.

6.2 Due to risk and risk factors continuously evolving, the assessment is reviewed frequently.

6.3 The Authority reviewed the sector risk assessment and decided to update the assessment.

6.4 The updated assessment is divided into two parts:

• 6.4.1 A sector risk assessment review of the securities sector; and
• 6.4.2 A sector risk assessment review of the CIS and financial advisory and intermediary sectors.

6.5 The review of the security sector risk assessment was finalised and can be accessed by following the link below: https://www.fsca.co.za/Regulatory%20Frameworks/Temp/Securities%20Sector%20Risk%20Assessment%20Report%20April%202018%20to%20December%202020%20(February%202022).pdf

6.6 The review of the CIS and Financial Advisory and Intermediary services sector can be accessed by following the link below: https://www.fsca.co.za/Regulatory%20Frameworks/Temp/FSCA%20Sector%20Risk%20Assessment%20CIS%20%20Financial%20Advisory%20and%20Intermediary%20Services%20Sectors%20-%20April%202018%20to%20December%202020%20(April%202022)%20final.pdf

7. Body of Knowledge

7.1 The Authority developed an ML/TF Body of Knowledge.

7.2 The purpose of this Body of Knowledge is to promote a consistent understanding and interpretation of the FICA Act and AML/CFT related concepts to promote compliance.

7.3 The Body of Knowledge includes useful links to information further elaborating on the concepts included in the Body of Knowledge.

7.4 The Body of Knowledge can be accessed by following the link below: https://www.fsca.co.za/Regulatory%20Frameworks/Temp/FSCA%20AML%20CFT%20Body%20of%20Knowledge%20-%20April%202022.pdf

8. Risk Management and Compliance Programme (“RMCP”)

8.1 The amendments to the FICA Act in 2017 introduced a shift from a rules-based approach to a risk-based approach.

8.2 Section 42 of the FICA Act sets out the requirements for the development, documentation, maintenance and implementation of an RMCP.

8.3 The purpose of the RMCP is to enable an accountable institution to identify, assess, monitor, mitigate and manage its inherent ML/TF risks.

8.4 To assist accountable institutions to develop an RMCP, the Authority developed a framework which explains what should be considered and included when drafting an RMCP.

8.5 This framework is a collective of three documents, which together provides practical steps and examples of what constitutes an RMCP.

8.6 The framework can be accessed by following the link/s below: https://www.fsca.co.za/Regulatory%20Frameworks/Pages/AML_CFT.aspx

9. Webinars

9.1 To provide further assistance to promote compliance and increase awareness, the Authority published several webinars discussing topical issues and providing practical information.

9.2 The Authority published the following webinars on its official website:

• 9.2.1 FICA Act registration obligations: This webinar explains what the FICA Act registration obligations entail and provides step-by-step assistance with the registration process and updating of registration details. This webinar can be accessed by following the link below: https://youtu.be/iKL_D82T1wA

• 9.2.2 FICA Act reporting obligations: This webinar explains what the FICA Act reporting obligations entail and provides step-by-step assistance with the reporting process. This webinar can be accessed by following the link below: https://youtu.be/LPAU_NNcs3I

• 9.2.3 Sector risk assessment – Securities Sector: This webinar explains what the sector risk assessment entails and highlights the findings resulting from the assessment to be considered by authorised users when reviewing their RMCP. This webinar can be accessed by following the link below: https://youtu.be/Rgn7WvO7ES0

• 9.2.4 Sector risk assessment – FSPs and CIS managers: This webinar explains what the sector risk assessment entails and highlights the findings resulting from the assessment to be considered by FSPs and CIS managers when reviewing their RMCP. This webinar can be accessed by following the link below: https://youtu.be/m2l9ELK8x48

• 9.2.5 Risk-based approach: This webinar explains what a risk-based approach is. This webinar can be accessed by following the link below: https://www.youtube.com/watch?v=ksKyRF85sHo

• 9.2.6 Financial Intelligence Centre Act supervision and enforcement conducted by the FSCA: This webinar provides insights into the nature of the supervisory activities conducted and enforcement action taken by the FSCA. This webinar can be accessed by following the link below: https://www.youtube.com/watch?v=P8Gv-as6a3g&t=18s

• 9.2.7 Financial Intelligence Centre guidance and amendments to the Financial Intelligence Centre Act: This webinar provides updates on guidance issued by the Centre as well as details of the amendments to the FICA Act. This webinar can be accessed by following the link below: https://www.youtube.com/watch?v=jC4ldKMZ_Kk

10. Publication

10.1 All the information shared in this communication is also published on the Authority’s official website. Please follow the instructions below to access this and other important AML/CFT information on our website:

• 10.1.1 Go to www.fsca.co.za
• 10.1.2 Scroll down to the grey banner and click on the heading “Regulatory Framework”
• 10.1.3 Scroll down and click on the block “Anti-money laundering and counter terrorism financing”
• 10.1.4 Scroll down to the relevant heading to access the relevant information published. For example:
  • 10.1.4.1 “Body of Knowledge”
  • 10.1.4.2 “Sector Risk Assessments”
  • 10.1.4.3 “Webinars”
  • 10.1.4.4 “Risk Management and Compliance Programme”

11. Guidance products

11.1 The Centre has issued several guidance products to assist accountable institutions to understand their compliance obligations. Guidance products published to improve the level of compliance with regards to application of a risk-based approach are highlighted below:

• 11.1.1 Guidance Note 7 on the implementation of various aspects of the Financial Intelligence Centre Act, nr 38 of 2001 https://www.fic.gov.za/Documents/171002_FIC%20Guidance%20Note%2007.pdf

• 11.1.2 Draft Guidance Note 7A on the implementation of various aspects of the Financial Intelligence Centre Act, nr 38 of 2001 – Chapter 4 Amendments https://www.fic.gov.za/Documents/220401_%20FIC%20Guidance%20Note%2007A%20final.pdf

• 11.1.3 Public Compliance Communication 52 on Identification of Money Laundering And Terrorist Financing Risks And Associated Customer Due Diligence for Clients of Authorised Users of an Exchange in terms of the Financial Intelligence Centre Act https://www.fic.gov.za/Documents/220325%20PCC52%20_%20auth%20user.pdf

• 11.1.4 Draft Public Compliance Communication (PCC) 114 on the Risk Management and Compliance Programme in terms of section 42 of the Financial Intelligence Centre Act, nr 38 of 2001 for designated non-financial businesses and professions (these principles apply to all accountable institutions although the FIC cautions against its application by large accountable institutions with complex structures) https://www.fic.gov.za/Documents/220331%20Draft%20PCC%20114%20RMCP.pdf

12. Consequences

12.1 The failure of non-bank financial institutions to comply with the...