FSCA Exchanges Immediate Outcome 4 and Sector Risk Assessment Communication

Executive Committee: Commissioner: U. Kamlana | Deputy Commissioners: A. Ludin | K. Gibson | F. Badat

IMPORTANT INFORMATION ABOUT THE FINANCIAL ACTION TASK FORCE (“FATF”) MUTUAL EVALUATION OF SOUTH AFRICA IN RELATION TO IMMEDIATE OUTCOME 4: PREVENTIVE MEASURES ISSUED BY: THE FINANCIAL SECTOR CONDUCT AUTHORITY (“FSCA”) 10 March 2022

Contents

1. The Financial Sector Conduct Authority

2. The Financial Action Task Force

3. Mutual Evaluation

4. Immediate outcome 4: Preventive Measures 4.1 Deficiencies identified 4.2 The Authority’s expectations

5. Sector Risk Assessment

6. Publication

7. Consequences

8. The Financial Sector Conduct Authority 1.1 The Financial Sector Conduct Authority (“the Authority”) is designated as a supervisory body in terms of item 1 of Schedule 2 to the Financial Intelligence Centre Act, no 38 of 2001 (“the FIC Act”). 1.2 As a supervisory body, the Authority performs supervisory and enforcement activities on a risk-based approach in relation to accountable institutions listed under items 4, 5 and 12 of the FIC Act. These institutions include financial services providers, collective investment scheme managers and authorised users of an exchange (collectively referred to as non-bank financial institutions). Supervision of authorised users is delegated to licensed exchanges in terms of section 45(1B)(b) of the FIC Act.

9. The Financial Action Task Force 2.1 The Financial Action Task Force (“FATF”) is an inter-governmental body which sets standards to promote effective implementation of legal and operational measures for combating money laundering (“ML”), terrorist financing (“TF”) and proliferation financing (“PF”) of weapons of mass destruction. 2.2 South Africa became a member of FATF in 2003.

10. Mutual Evaluation 3.1 FATF developed 40 Recommendations required for a robust framework to combat ML, TF and PF. 3.2 In November 2019, FATF conducted a mutual evaluation of South Africa and assessed both our technical compliance (our legal framework for combating ML/TF/PF) as well as our level of effectiveness in identifying our ML/TF/PF risks and mitigating such risks identified. 3.3 The FATF published its report on their findings in October 2021 which can be found by following the link hereunder: https://www.fatf-gafi.org/publications/mutual-evaluations/documents/mer-south-africa-2021.html 3.4 One of the immediate outcomes assessed during the mutual evaluation, relates to preventive measures. A rating of “moderate” was assigned to this immediate outcome by the FATF Assessors.

11. Immediate Outcome 4: Preventive Measures Immediate Outcome 4 relates to the following core issues: (i) Understanding of ML/TF risks and FIC Act obligations. (ii) Apply mitigating measures commensurate with risk. (iii) Apply CDD and record keeping measures including obtaining beneficial ownership information and ongoing monitoring. (iv) Apply enhanced/specific measures for PEPs, new technologies, targeted financial sanctions, higher risk countries. (v) Meeting reporting obligations and practical measures to encourage tip-offs. (vi) Apply internal controls and procedures to ensure compliance with the FIC Act.

4.1 Deficiencies identified The following deficiencies in relation to preventive measures were identified: 4.1.1 Non-bank financial institutions show a very basic to limited ML/TF risk understanding and are more compliance focused when implementing such measures. 4.1.2 Non-bank financial institutions play down the risks of operating internationally. 4.1.3 TF risk is poorly understood, primarily based on a lack of information. 4.1.4 Non-bank financial institutions that have an under-developed understanding of their risks, conduct ongoing monitoring only to a limited extent. 4.1.5 Enhanced measures are insufficiently applied given the very low percentage of clients identified to be high risk. 4.1.6 Basic customer due diligence is satisfactorily applied by many non-bank financial institutions; however, all non-bank financial institutions are challenged by beneficial ownership requirements. 4.1.7 Non-bank financial institutions fail to file suspicious and unusual transaction reports commensurate with their risk profiles.

4.2 The Authority’s expectations 4.2.1 Considering the findings by FATF, it is clear that there are two major areas of concern for accountable institutions supervised by the Authority: (a) Understanding of ML/TF risk. (b) Ability to identify reportable transactions and to timely file such reports with the Financial Intelligence Centre. 4.2.2 Should these findings not be addressed immediately with tangible positive results to demonstrate remediation by October 2022, South Africa may become subject to further stringent processes by the FATF which could include becoming grey listed (a name and shame list). 4.2.3 The Authority will continue with its efforts to promote better outcomes in relation to immediate outcome 4. To this end: (a) We will continue to record and publish webinars on our official YouTube channel to create awareness to promote the industry and individual institutions’ understanding of ML/TF risk. (b) We will continue to engage with industry bodies to establish what the issues are that the industry is struggling with which may hamper remediation. (c) We will continue to engage with other supervisors to share information about how the industry is progressing in remediating the findings related to immediate outcome 4. (d) We will strengthen the information sources on our official website to assist the industry with understanding ML/TF risks to enable them to identify such risks and submit timely reports to the Centre in line with the reporting obligations set out in the FIC Act. 4.2.4 We expect the industry to: (a) Re-assess institutional risk management and compliance programmes to ensure that these programmes enable them to identify, assess, monitor, mitigate and manage their institutional ML/TF risks. (b) Move from a compliance-driven approach to a risk-based approach. (c) Consult the sector risk assessment published by the Authority on its official website to establish the ML/TF risks identified in the Securities sector and inform the review of institutional risk assessments accordingly.

5. Sector Risk Assessment 5.1 The Authority first conducted and published a sector risk assessment in May 2019. 5.2 Due to risk and risk factors continuously evolving, the assessment is reviewed frequently. 5.3 The Authority reviewed the sector risk assessment and decided to update the assessment. 5.4 The updated assessment is divided in two parts: 5.4.2 A sector risk assessment review of the securities sector; and 5.4.3 A sector risk assessment review of the CIS and financial advisory and intermediary sectors. 5.5 The review of the security sector risk assessment was finalised and can be accessed by following the link below: https://www.fsca.co.za/Regulatory%20Frameworks/Tem/Securities%20Sector%20Risk%20Assessment%20Report%20April%202018%20to%20December%202020%20(February%202022).pdf

6. Publication 6.2 The review of the sector risk assessment is also published on the Authority’s official website. Please follow the instructions below to access this and other important AML/CFT information on our website: 6.2.2 Go to www.fsca.co.za 6.2.3 Scroll down to the grey banner and click on the heading “Regulatory Framework” 6.2.4 Scroll down and click on the block “Anti-money laundering and counter terrorism financing” 6.2.5 Scroll down to the heading “Financial Intelligence Centre” and click on “2022”

7. Consequences 7.2 The failure of non-bank financial institutions to comply with the FIC Act may result in administrative sanctions being imposed on such institution. 7.3 The Authority has already imposed numerous sanctions for non-compliance with the FIC Act. A list of sanctions imposed can be found on the AML/CFT tab on the FSCA website.

For enquiries: Kgomo.Molefe@fsca.co.za or Michele.Fourie@fsca.co.za

THE FICA SUPERVISION DEPARTMENT - CONDUCT OF BUSINESS DIVISION FOR THE FINANCIAL SECTOR CONDUCT AUTHORITY