FSP 180 Wealth Portfolio Managers (Pty) Ltd – Notice of Final Sanction

Executive Committee: Commissioner: U. Kamlana I Deputy Commissioners: A. Ludin I K. Gibson I F. Badat ENQUIRIES: Kgomotso Molefe DIALLING NO.: (012) 367 7197 OUR REF: FSP 180 E-MAIL: Kgomotso.Molefe@fsca.co.za DATE: 20 September 2024 Mr J Pheiffer Wealth Portfolio Managers (Pty) Ltd 12 Bloekom Street Loevenstein Bellville 7532 Per email: johann@wealthgroup.co.za NOTICE OF ADMINISTRATIVE SANCTION

1. NOTICE 1.1. The Financial Sector Conduct Authority (FSCA) is satisfied that Wealth Portfolio Managers (Pty) Ltd (WPM), an authorised financial services provider and an accountable institution as envisaged in terms of item 12 of schedule 1 to the Financial Intelligence Centre Act 38 of 2001 (the FIC Act), has failed to comply with the FIC Act. Accordingly, the FSCA hereby issues this Administrative Sanction Notice (the Notice). 1.2. The non-compliance emanates from an inspection conducted by the FSCA on WPM in terms of section 45B of the FIC Act on 14 and 15 September 2023 of which the final inspection report was issued on 19 December 2023.
2. NATURE OF THE NON-COMPLIANCE 2.1. Risk Management and Compliance Programme (RMCP)

2 2.1.1. In terms of section 42(1) of the FIC Act, an accountable institution must develop, document, maintain and implement a programme for anti-money laundering, counter-terrorist financing and proliferation financing risk management and compliance. 2.1.2. Section 42(2) of the FIC Act states that, “a risk management and compliance programme must- (a) Enable the accountable institution to- (i) Identify; (ii) Assess; (iii) Monitor; (iv) Mitigate; and (v) Manage, the risk that the provision by the accountable institution of new and existing products or services may involve or facilitate money laundering activities, the financing of terrorist and related activities or proliferation financing activities;” Non-compliance identified during the inspection that was conducted on 23 September 2021 2.1.3. On 23 November 2021, WPM was informed that they failed to comply with its duties as an accountable institution as expressed in section 42 of the FIC Act based on the following: (a) Failed to develop a RMCP, and as a result, did not document, maintain or implement a RMCP (in contravention of section 42(1) of the FIC Act). (b) Due to WPM not having a RMCP in place, the accountable institution was inherently in contravention of further requirements that would have been assessed through an RMCP document in accordance with sections 42(2), 42(2A), and 42(2B) of the FIC Act. (c) During the inspection the FSCA found that WPM was competent in its understanding of beneficial ownership of legal persons, trusts, and partnerships. However, this process was not documented in an RMCP. (d) WPM failed to comply with its duties expressed in section 28A of the FIC Act read with sections 26A, 26B and 26C as WPM failed to include the process of scrutinising clients in accordance with sections 42(2)(o) and (p) which would have been included in a RMCP.

3 (e) WPM was competent in its understanding of what a suspicious activity or transaction would entail and was also able to provide the process that it would have to follow in the event that a reportable activity or transaction arises. However, the process was not documented in an RMCP. 2.1.4. WPM was informed about the abovementioned contraventions and afforded until 30 November 2021 to provide representations and to undertake remedial steps. The feedback letter has been attached hereto for ease of reference. 2.1.5. WPM did not provide representations and / or remediation in response to the inspection findings. Several extensions of time to provide representation and proof of remediation were afforded to the accountable institution. WPM was granted a final date of submission of 15 June 2022 but also failed to respond. 2.1.6. On 31 July 2023, WPM was informed of the FSCA’s intention to conduct a follow up inspection in terms of section 45B of the FIC Act. WPM agreed to the follow up inspection which was scheduled for 14 and 15 September 2023. Non-compliance identified during the inspection that was conducted on 14 and 15 September 2023 2.1.7. The findings of the aforementioned inspection revealed that WPM contravened sections 42(1) and (2) of the FIC Act for the following reasons: 2.1.7.1. At the time of the inspection, WPM did not have in place an RMCP as contemplated in terms of section 42 of the FIC Act, as amended. Prior to the inspection, the accountable institution did make available to the FSCA a copy of its business risk assessment plan and accompanying annexures. The business risk assessment plan was nevertheless assessed, and it was found to be substantially defective / non-compliant with the FIC Act, for the following reasons: • During the inspection, it was established that the business risk assessment plan and accompanying annexures formed part of the documentation obtained from Moonstone, an

4 independent provider of compliance and risk management services, in 2013. • WPM did not conduct a money laundering (ML) / terrorist financing (TF) / proliferation financing (PF) business risk assessment taking into account all the relevant risk indicators (i.e., products and services, and geographic locations) and other inherent risk factors to enable the accountable institution to identify and understand the ML / TF / PF risks associated with its provision of products or services to clients. • Although WPM has some understanding of its inherent ML/TF/PF risks and has a risk matrix, there was a failure on its part to adapt this risk understanding and risk assessment into a documented RMCP applicable to its business as required in terms of the FIC Act. Therefore, the accountable institution did not conduct a business risk assessment to identify, assess, monitor, mitigate and manage its ML/TF/PF risks. Furthermore, it was found that the accountable institution failed to implement this risk matrix to individually risk rate its clients. The representative from WPM indicated that the risk ratings were assigned based on his knowledge about the clients. • Furthermore, it was noted that the risk assessment business plan makes provision for processes in relation to customer due diligence measures, client verification, PEP verification, transactions, record keeping, source of funds verification, staff training and FIC registration. However, it was found that there is a lack of comprehensive details regarding the specific measures and processes to be followed in order to give effect to or implement the requirements of section 42 of the FIC Act, and other relevant provisions.

5 2.1.7.2. Accordingly, WPM failed to document, maintain and implement processes regarding the manner in which it will implement ML, TF and PF risk management and compliance as required in terms of sections 42(1) and (2) of the FIC Act, as amended read with Guidance Note 7. 3.2. Governance 3.2.1. In terms of section 42A(1) of the FIC Act, “the board of directors of an accountable institution which is a legal person with a board of directors, or the senior management of an accountable institution without a board of directors, must ensure compliance by the accountable institution and its employees with the provisions of this Act and its Risk Management and Compliance Programme. (2) An accountable institution which is a legal person must— (a) have a compliance function to assist the board of directors or the senior management, as the case may be, of the institution in discharging their obligations under subsection (1); and (b) assign a person with sufficient competence and seniority to ensure the effectiveness of the compliance function contemplated in paragraph (a).” 3.2.2. WMP is registered as a company with a sole director who is also responsible for compliance with the FIC Act. 3.2.3. During the inspection, it was established that the sole director failed to ensure that the accountable institution complies with the provisions of the FIC Act. Whilst WPM has implemented a business risk assessment plan, this document together with its supporting annexures does not comply with the provisions of section 42(1) and (2) of the FIC Act in a material or substantial manner and as such is not an RMCP as contemplated in section 42(1) of the FIC Act. 3.2.4. The sole director, as person responsible for ensuring compliance, does not have sufficient competence to ensure effective compliance with the requirements of the FIC Act as he did not ensure that an RMCP as contemplated in terms of section 42 of the FIC Act was developed even after

6 this requirement was brought to his attention during and after the first FIC inspection that was conducted on 23 September 2021. 3.2.5. Following this inspection, the accountable institution knowingly engaged in business dealings with clients without ensuring that an RMCP as contemplated in section 42 of the FIC Act is implemented when onboarding new clients and during the course of the business relationship. Consequently, the sole director failed to discharge his obligations to ensure compliance by WPM with the FIC Act and did not ensure the effectiveness of the compliance function. 3.3. Customer Due Diligence (CDD) 3.3.1. In terms of section 21C(1) of the FIC Act, “an accountable institution must, in accordance with its Risk Management and Compliance Programme, conduct ongoing due diligence in respect of a business relationship which includes— (a) monitoring of transactions undertaken throughout the course of the relationship, including, where necessary— (i) the source of funds, to ensure that the transactions are consistent with the accountable institution’s knowledge of the client and the client’s business and risk profile; and (ii) the background and purpose of all complex, unusual large transactions, and all unusual patterns of transactions, which have no apparent business or lawful purpose; and (b) keeping information obtained for the purpose of establishing and verifying the identities of clients pursuant to sections 21, 21A and 21B of this Act, up to date.” 3.3.4. According to section 21F of the FIC Act, “if an accountable institution determines in accordance with its Risk Management and Compliance Programme that a prospective client with whom it engages to establish a business relationship, or the beneficial owner of that prospective client, is a foreign politically exposed person, the institution must— (a) obtain senior management approval for establishing the business relationship;

7 (b) take reasonable measures to establish the source of wealth and source of funds of the client; and (c) conduct enhanced ongoing monitoring of the business relationship.” 3.3.5. In terms of section 21G of the FIC Act, “if an accountable institution determines in accordance with its Risk Management and Compliance Programme that a prospective client with whom it engages to establish a business relationship, or the beneficial owner of that prospective client, is a foreign politically exposed person, the institution must— (a) obtain senior management approval for establishing the business relationship; (b) take reasonable measures to establish the source of wealth and source of funds of the client; and (c) conduct enhanced ongoing monitoring of the business relationship.” 3.3.6. During the aforementioned inspection, it was found that WPM failed to develop CDD measures and processes in accordance with a risk-based approach as required in terms of the FIC Act. Upon analysis of the sampled client files, the following non-compliance was established: 3.3.6.1. The accountable institution failed to conduct ongoing due diligence measures in respect of business relationships with client/s to monitor transactions including the source of funds, the background and purpose of all complex, unusual transactions and all unusual patterns of transactions which has no apparent business or lawful purpose. WPM failed to obtain the source of funds which the client expects to use in concluding transactions in the course of the business relationship concerned in relation to 17 out of 34 sampled client files. 3.3.6.2. Although the sampled client list provided to the FSCA indicates that the accountable institution has no politically exposed persons, there was no evidence that could be found in the client files establishing the manner in which WPM verified the status as a politically exposed person or family member or known close associate of such a person (section 21G of the FIC Act).

8 Moreover, although WPM provided to the FSCA with a Domestic Prominent Influential Persons questionnaire, it could not be established whether the questionnaire was applied. 3.4. Targeted Financial Sanctions (TFS) 3.4.1. In terms of section 28A read with section 26A – 26C of the FIC Act and Guidance Note 7, an accountable institution is required to scrutinise (screen) client information to determine whether their clients are listed in terms of section 25 of Protection of Constitutional Democracy Against Terrorist and Related Activities Act, 2004 (POCDATARA) and listed by the Security Council of the United Nations contemplated in a notice referred to in section 26A (1) of the FIC Act. 3.4.2. Section 28A(3) of the FIC Act states that, “an accountable institution must upon- (a) publication of a proclamation by the President under section 25 of the Protection of Constitutional Democracy against Terrorism and Related Activities Act, 2004; or (b) notice being given by the Director under section 26A(3), Scrutinise its information concerning clients with whom the accountable institution has business relationships in order to determine whether any such client is a person or entity mentioned in the proclamation by the President or the notice by the Director.” 3.4.3. During the inspection it was found that WPM contravened section 28A read with section 26B of the FIC Act in that out of the 34 sampled files that were analysed, evidence of screening could only be found in three (3) sampled files. 4. REASONS FOR IMPOSING THE ADMINISTRATIVE SANCTIONS 4.1. WPM’s non-compliance as detailed above is a serious violation of the provisions of the FIC Act.

9 4.2. All accountable institutions were given 18 months to implement the provisions of the Financial Intelligence Centre Amendment Act No. 1 of 2017 which introduced the risk-based approach to client identification and verification and provided for RMCPs. 4.3. The importance of a risk-based approach is underscored by the fact that this is the very first recommendation of the Financial Action Task Force. The RMCP is the cornerstone of compliance with the FIC Act, combatting ML/TF and PF. Non￾compliance with sections 42(1) and (2) of the FIC Act is seen in a serious light by the FSCA. 4.4. By understanding and managing ML, TF and PF risks, as required in terms the of FIC Act and in accordance with RMCPs, accountable institutions not only protect their businesses from harm or loss but and also contribute to the broader financial stability and integrity of the South African financial system. 4.5. It is imperative that accountable institutions comply with their FIC Act, as amended obligations such as customer due diligence measures, including the screening clients against the TFS Lists will mitigate the risk of that accountable institutions being exploited by its clients for ML, TF or PF purposes. 4.6. WPM has been found to be non-compliant with the provisions of the FIC Act, as amended for its failure to: (i) document, develop and maintain processes when implementing an RMCP as contemplated in terms of section 42 and which is in line with the nature, size and complexity of its business, (ii) ensure good governance and compliance practices, (iii) conduct CDD and (iv) screen / scrutinise clients against the TFS Lists so as to ensure that WPM does not inadvertently establish business relationships with sanctioned persons. These were repeated findings by the FSCA. 4.7. The FSCA has taken into consideration that WPM had not cooperated with the Authority following the aforementioned inspections in that the FIC Act compliance recommendations were not put into action. The accountable institution continued engaging in business dealings with clients with full knowledge of the contraventions outlined above. WPM did not acknowledge the aforementioned non-compliance despite being provided with courtesy and afforded numerous opportunities to provide representations and to remedy the non-compliance identified:

10 4.7.1. The FSCA conducted an inspection on WPM on 23 September 2021. A feedback letter was issued on 3 November 2021, however no representations and / or remedial steps were taken by the accountable institution in response to this feedback. 4.7.2. A follow-up inspection was conducted on 14 and 15 September 2023. The draft report was issued to WPM on 12 October 2023 and the final inspection report was issued on 19 December 2023. WPM did not submit any representations and / or remediation in response to both draft and final inspection reports. 4.8. The FSCA has taken into consideration that on 19 July 2024, WPM submitted its representations in response to the Notice of intention to Sanction issued on 3 July 2024. The representations have been duly considered as well as the subsequently provided information regarding the progress of amending the RMCP. 4.9. The FSCA has also noted that WPM agrees that there has been a contravention of the FIC Act and further that the deficiencies need to be remedied. 4.10. The FSCA has taken cognisance of the fact that WPM has requested an extension to comply with the directive to remediate. 4.11. The FSCA has taken into account that WPM failed to comply with section 17(4) of the Financial Advisory and Intermediary Services Act, 2002 and was accordingly issued with a notice of intention to suspend the authorisation of WPM dated 30 May 2022. 4.12. The FSCA has noted that the sole director of WPM has been operating in the financial services industry for more than 20 years and as such should be conversant with the requirements of the different laws and regulations (which includes the FIC Act) applicable to his business.

11 5. PARTICULARS OF THE ADMINISTRATIVE SANCTION 5.1. In terms of section 45C(1), read with sections 45C(3)(a), (c) & (e), and 45C(6)(a) of the FIC Act, the FSCA hereby imposes the following administrative sanction on WPM: 5.1.1. A directive to remediate all deficiencies addressed in paragraph 2 above and to provide evidence to the FSCA on or before 31 October 2024. WPM is hereby directed to: 3.3.1.1. develop, document, maintain and implement an RMCP and ensure that the RMCP sufficiently details the processes describing the manner in which the requirements of sections 42(2) of the FIC Act will be implemented; 3.3.1.2. conduct CDD as contemplated in terms of sections 20A – 21H of the FIC Act on existing and new clients in line with the RMCP; and 3.3.1.3. scrutinise (screen) the information of the 31 outstanding sampled clients against the TFS list and ensure that all clients are screened in line with the RMCP and as contemplated in terms of section 28A read with section 26B of the FIC Act. 5.1.2. A caution not to repeat the conduct which led to the aforementioned non￾compliance detailed in paragraph 2 above. 5.1.3. A financial penalty of R100 000 for non-compliance with sections 42(1) and (2) of the FIC Act. 5.1.4. A reprimand for non-compliance with sections 42A of the FIC Act. 5.1.5. A reprimand for non-compliance with sections 21C(1), 21F and 21G of the FIC Act. 5.1.6. A financial penalty of R100 000 for non-compliance with section 28A read with section 26B of the FIC Act. 5.2. WPM is directed to pay the financial penalty of R200 000 on or before 21 October 2024. 5.3. The financial penalty is payable via electronic fund transfer to: Account Name: NRF – FIC Act Sanctions

12 Account Holder: National Treasury Account Number: 80552749 Bank: South African Reserve Bank Code: 910145 Reference: FIC Sanction – Wealth Portfolio Managers 4.6. Proof of payment must be submitted to the FSCA at Charl Geel (charl.geel@fsca.co.za). 6. RIGHT OF APPEAL 5.1. In terms of section 45D of the FIC Act, read with Regulation 27C of the Regulations promulgated in terms of GN R1595 in GG 24176 of 20 December 2002 as amended, WPM may lodge an appeal within 30 days, from the date of receipt of the Notice. The notice of appeal and proof of payment of the mandatory appeal fee must be: - 5.1.1. hand delivered to: The Secretary: The FIC Act Appeal Board Byls Bridge Office Park, Building 11 13 Candela Street Highveld Extension Centurion sent via electronic mail to: The Secretary: The FIC Act Appeal Board AppealBoardSecretariat@fic.gov.za 5.1.2. sent via electronic mail to: The HOD: Office of General Counsel FSCA Attention: Mr S Rossouw (Stefanus.Rossouw@fsca.co.za) 5.2. The Secretary of the FIC Act Appeal Board may be contacted at AppealBroardSecretariat@fic.gov.za and telephonically at (012) 641-6243 should

13 WPM require further information regarding the appeal process. Details of the appeal process can also be found on the FIC’s website at www.fic.gov.za. 7. FAILURE TO COMPLY WITH THE ADMINISTRATIVE SANCTION 7.1. In terms of section 45(C)(7)(b) of the FIC Act, should WPM fail to pay the prescribed financial penalty in accordance with this notice and an appeal has not been lodged within the prescribed period, the FSCA may forthwith file with the clerk or registrar of a competent court a certified copy of this notice, which shall thereupon have the effect of a civil judgement lawfully given in that court in favour of the FSCA. 8. PUBLICATION OF SANCTION 8.1. The FSCA will make public the decision and the nature of the sanction imposed in terms of section 45C(11) of the FIC Act. Yours faithfully

---

Unathi Kamlana Commissioner