Adams Chrambanis & Associates CC – Notice of Administrative Sanction

Executive Committee: Commissioner: U. Kamlana I Deputy Commissioners: A. Ludin I K. Gibson I F. Badat ENQUIRIES: Kgomotso Molefe DIALLING NO.: (012) 367 7197 OUR REF: FSP11858 E-MAIL: Kgomotso.Molefe@fsca.co.za DATE: 21 November 2024 Ms Athanasia Chrambanis Adams Chrambanis & Associates CC 2 Barbara 5 Beacon Road Lambton Germiston 1401 Per email: sue@adamschrambanis.co.za NOTICE OF ADMINISTRATIVE SANCTION

1. NOTICE 1.1. The Financial Sector Conduct Authority (FSCA) is satisfied that Adams Chrambanis & Associates CC (ACA), an authorised financial services provider and an accountable institution as envisaged in terms of item 12 of schedule 1 to the Financial Intelligence Centre Act 38 of 2001 (the FIC Act), has failed to comply with the FIC Act. Accordingly, the FSCA hereby issues this Administrative Sanction Notice (the Notice). 1.2. The non-compliance emanated from an inspection conducted by the FSCA on ACA in terms of section 45B of the FIC Act of which the final report was issued on 23 November 2023.

2 2. NATURE OF THE NON-COMPLIANCE 2.1. Risk Management and Compliance Programme 2.1.1. In terms of section 42(1) of the FIC Act, an accountable institution must develop, document, maintain and implement a programme for anti-money laundering and counter terrorist financing risk management and compliance. 2.1.2. Section 42(2) of the FIC Act states that, “A risk management and compliance programme must- (a) Enable the accountable institution to- (i) Identify; (ii) Assess; (iii) Monitor; (iv) Mitigate; and (v) Manage, the risk that the provision by the accountable institution of new and existing products or services may involve or facilitate money laundering activities, the financing of terrorist and related activities or proliferation financing activities;” 2.1.3. The findings of the inspection revealed that ACA contravened sections 42(1) and (2) of the FIC Act for the following reasons: 2.1.3.1. At the time of the inspection, ACA did not provide the FSCA with a copy of its Risk Management Compliance Programme (RMCP) upon request. 2.1.3.2. Accordingly, ACA failed to develop, document and maintain processes and procedures regarding the manner in which it will implement money laundering, terrorist financing and proliferation financing (ML/TF/PF) risk management and compliance as contemplated in section 42 of the FIC Act read with FIC Guidance Note 7.

3 2.1.3.3. The accountable institution did not conduct a business risk assessment as envisaged in terms of section 42(2) of the FIC Act read with Guidance Note 7 issued by the Financial Intelligence Centre. 2.1.3.4. As a result, ACA did not subject its clients to a ML, TF and PF risk assessment. A risk matrix was not developed in this regard. 2.2. Customer Due Diligence 2.2.1. In reference to section 20A of the FIC Act, “an accountable institution may not establish a business relationship or conclude a single transaction with an anonymous client or a client with an apparent false or fictitious name.” 2.2.2. In terms of section 21(1) of the FIC Act, “when an accountable institution engages with a prospective client to enter into a single transaction or to establish a business relationship, the institution must, in the course of concluding that single transaction or establishing that business relationship and in accordance with its Risk Management and Compliance Programme— (a) establish and verify the identity of the client; (b) if the client is acting on behalf of another person, establish and verify— (i) the identity of that other person; and (ii) the client’s authority to establish the business relationship or to conclude the single transaction on behalf of that other person; and (c) if another person is acting on behalf of the client, establish and verify— (i) the identity of that other person; and (ii) that other person’s authority to act on behalf of the client.” 2.2.3. According to section 21A, “when an accountable institution engages with a prospective client to establish a business relationship as contemplated in section 21, the institution must, in addition to the steps required under section 21 and in accordance with its Risk Management and Compliance Programme, obtain information to reasonably enable the accountable institution to determine whether future transactions that will be performed in the course of the business relationship concerned are consistent with the

4 institution’s knowledge of that prospective client, including information describing— (a) the nature of the business relationship concerned; (b) the intended purpose of the business relationship concerned; and (c) the source of the funds which that prospective client expects to use in concluding transactions in the course of the business relationship concerned.” 2.2.4. Pursuant to section 21C(1) of the FIC Act, “an accountable institution must, in accordance with its Risk Management and Compliance Programme, conduct ongoing due diligence in respect of a business relationship which includes— (a) monitoring of transactions undertaken throughout the course of the relationship, including, where necessary— (i) the source of funds, to ensure that the transactions are consistent with the accountable institution’s knowledge of the client and the client’s business and risk profile; and (ii) the background and purpose of all complex, unusual large transactions, and all unusual patterns of transactions, which have no apparent business or lawful purpose; and (b) keeping information obtained for the purpose of establishing and verifying the identities of clients pursuant to sections 21, 21A and 21B of this Act, up to date.” 2.2.5. In reference to section 21D of the FIC Act, “when an accountable institution, subsequent to entering into a single transaction or establishing a business relationship— (a) doubts the veracity or adequacy of previously obtained information which the institution is required to verify as contemplated in sections 21 and 21B; or (b) makes a suspicious or unusual transaction report in terms of section 29, the institution must repeat the steps contemplated in sections 21 and 21B in accordance with its Risk Management and Compliance Programme and to the extent that is necessary to confirm the information previously obtained.”

5 2.2.7. According to section 21F of the FIC Act, “if an accountable institution determines in accordance with its Risk Management and Compliance Programme that a prospective client with whom it engages to establish a business relationship, or the beneficial owner of that prospective client, is a foreign politically exposed person, the institution must— (a) obtain senior management approval for establishing the business relationship; (b) take reasonable measures to establish the source of wealth and source of funds of the client; and (c) conduct enhanced ongoing monitoring of the business relationship." 2.2.8. Pursuant to section 21G of the FIC Act, “if an accountable institution determines that a prospective client with whom it engages to establish a business relationship, or the beneficial owner of that prospective client, is a domestic politically exposed person or a prominent influential person and that, in accordance with its Risk Management and Compliance Programme, the prospective business relationship entails higher risk, the institution must— (a) obtain senior management approval for establishing the business relationship; (b) take reasonable measures to establish the source of wealth and source of funds of the client; and (c) conduct enhanced ongoing monitoring of the business relationship.” 2.2.9. In terms of section 21H of the FIC Act, “(1) sections 21F and 21G apply to immediate family members and known close associates of a foreign or domestic politically exposed person or a prominent influential person, as the case may be. (2) For the purposes of subsection (1), an immediate family member includes— (a) the spouse, civil partner or life partner; (b) the previous spouse, civil partner or life partner, if applicable; (c) children and step children and their spouse, civil partner or life partner; (d) parents; and (e) sibling and step sibling and their spouse, civil partner or life partner.”

6 2.2.10. During the aforementioned inspection, and upon analysis of the sampled client files, it was found that the accountable institution failed to comply with the aforementioned provisions for the reasons set out below: 2.2.10.1. ACA failed to identify and verify the identity of clients and to ensure that it does not establish a business relation or conclude a single transaction with an anonymous client or a client with an apparent false or fictitious name. The non-compliance constitutes 100% (16 out of 16) of the sampled clients. 2.2.10.2. An analysis of the sampled client files indicated that ACA failed to risk rate its clients for ML / TF / PF risk. The non-compliance constitutes 100% (16 out of 16) of the sampled clients. 2.2.10.3. ACA failed to conduct ongoing due diligence in respect of clients. The non-compliance constitutes 100% (16 out of 16) of the sampled clients. 2.2.10.4. There was no evidence received that ACA established the source of funds in respect of the amount utilised by a client to purchase a living annuity on 16 March 2022. The non-compliance affected 1 out of 16 of the sampled client files. 2.2.10.5. There was no evidence found in the sampled client files that indicated ACA took measures to establish whether any of its clients are foreign politically exposed persons, domestic politically exposed persons or prominent influential persons. Moreover, the accountable institution did not take measures to establish whether any of its clients is a family member or known close associate of a foreign or domestic politically exposed person or a prominent influential person. The non-compliance constitutes 100% (16 out of 16) of the sampled client files.

7 2.3. Governance 2.3.1. In terms of section 42A(1) of the FIC Act, “the board of directors of an accountable institution which is a legal person with a board of directors, or the senior management of an accountable institution without a board of directors, must ensure compliance by the accountable institution and its employees with the provisions of this Act and its Risk Management and Compliance Programme. (2) An accountable institution which is a legal person must— (a) have a compliance function to assist the board of directors or the senior management, as the case may be, of the institution in discharging their obligations under subsection (1); and (b) assign a person with sufficient competence and seniority to ensure the effectiveness of the compliance function contemplated in paragraph (a).” 2.3.2. ACA is a close corporation, with only one member. 2.3.3. During the inspection, it was established that the sole member failed to ensure that ACA complies with the provisions of the FIC Act. 2.3.4. The sole member does not have sufficient competence to ensure effective compliance with the requirements of the FIC Act as she did not ensure that an RMCP was developed and implemented. There was a failure on the part of the sole member to obtain training to enable her to comply with the requirements of the FIC Act and to keep abreast with AML/CFT regulatory developments in the industry within which she operates her business. 2.3.5. On 16 May 2023, the FSCA issued the draft inspection report to ACA. On 21 June 2023, the FSCA resent the draft inspection report. The FSCA did not receive representations to the draft inspection report from ACA. 2.3.6. The final inspection report was issued to ACA on 23 November 2023. ACA was afforded an opportunity to submit feedback on the remediation of the non-compliance identified by 7 December 2023. No representations and / or remediation was furnished to the FSCA.

8 2.3.7. ACA did not attempt to remediate the non-compliance following receipt of the draft report nor did they remediate the findings following issuance of the final inspection report. The accountable institution continued its dealings with clients even though the FSCA had notified the accountable institution of the non-compliances. 2.3.8. In light of the above, the sole member failed to ensure that ACA discharged its obligations under the FIC Act and did not ensure the effectiveness of the compliance function. 2.4. Targeted Financial Sanctions 2.4.1. In terms of section 28A read with section 26A – 26C of the FIC Act and Guidance Note 7, an accountable institution is required to scrutinise (screen) client information to determine whether their clients are listed in terms of section 25 of Protection of Constitutional Democracy Against Terrorist and Related Activities Act, 2004 (POCDATARA) and listed by the Security Council of the United Nations contemplated in a notice referred to in section 26A (1) of the FIC Act. 2.4.2. Section 28A(3) of the FIC Act states that “an accountable institution must upon- (a) …; or (b) notice being given by the Director under section 26A(3), Scrutinise its information concerning clients with whom the accountable institution has business relationships in order to determine whether any such client is a person or entity mentioned in the proclamation by the President or the notice by the Director.” 2.4.3. The findings of the aforementioned inspection revealed that ACA may have contravened section 28A read with section 26B of the FIC Act in that the accountable institution failed to scrutinise (screen) any of its clients against any sanction lists (UN1267 and the TFS list).

9 2.4.4. ACA failed to obtain and scrutinise information in order to determine that it does not inadvertently have a sanctioned person as a client. 2.4.5. This non-compliance constitutes 100% (16 out of 16) of the sampled client files. 3. REASONS FOR IMPOSING THE ADMINISTRATIVE SANCTIONS 3.1. ACA’s non-compliance as detailed above is a serious violation of the provisions of the FIC Act. 3.2. All accountable institutions were given 18 months to implement the provisions of the Financial Intelligence Centre Amendment Act No. 1 of 2017 which introduced the risk-based approach to client identification and verification and provided for RMCPs. 3.3. The importance of a risk-based approach is underscored by the fact that this is the very first recommendation of the Financial Action Task Force of which South Africa is a member jurisdiction and is required to comply with its recommendations. 3.4. The RMCP is the cornerstone of compliance with the FIC Act, combatting ML/TF and PF. Non-compliance with sections 42(1) and (2) of the FIC Act is seen in a serious light by the FSCA. 3.5. By understanding and managing ML, TF and PF risks, as required in terms the of FIC Act and in accordance with the RMCP, an accountable institution not only protects its businesses from harm or loss but also contributes to the broader financial stability and integrity of the South African financial system. 3.6. It is imperative that accountable institutions comply with their FIC Act obligations as CDD measures, including the screening clients against the TFS Lists will mitigate the risk of that accountable institutions being exploited by its clients for ML, TF or PF purposes. 3.7. ACA has been found to be non-compliant with the provisions of the FIC Act for its failure to (i) document, develop and maintain an RMCP in line with the nature, size

10 and complexity of its business, (ii) conduct CDD and risk rate its clients, (iii) ensure good governance and compliance; and (iv) screen clients against the TFS Lists. 3.8. Customer due diligence is one of the most important provisions of the FIC Act. Understanding who your client is important to identify any suspicious transactions and activity that the client may be up to. 3.9. The screening of clients is also important in that a client may appear on a targeted financial sanction list and accountable institutions are then required to take certain action against that client. If no screening is done, the accountable institution would not know if they have a client on the targeted financial sanction list. 3.10.The FSCA has taken into consideration that ACA had not cooperated with the Authority during and after the inspection. The accountable institution did not acknowledge the non-compliance, even when afforded opportunities to make representations and remediate the non-compliance: 3.10.1. On 16 May 2023, the FSCA issued the draft inspection report to ACA and resent it on 21 June 2023. The final inspection report was issued on 23 November 2023. The FSCA did not receive representations and / or remediation in respect of both reports. 3.11.The FSCA’s records indicate that on 19 August 2024, ACA was issued with a notice of suspension of Authorisation for non-compliance with sections 19(1) and (2) of the Financial Advisory and Intermediary Services Act, 37 of 2002. 3.12.On 3 July 2024, the FSCA issued a Notice of intention to Sanction (NIS) to ACA. The FSCA received initial representations on 17 July 2024. On 24 July 2024, ACA requested an extension to comply with the directive until 3 August 2024. Furthermore, on 3 August 2024, ACA submitted an unsigned RMCP and also requested a second extension to comply with the remediation directive until 19 August 2024 and subsequently requested a third extension for 2 weeks from 19 August 2024. On 2 September 2024 until 5 September 2024, ACA provided the FSCA with the following

11 documentation and / or information in response to the NIS remediation of the non￾compliance: 3.12.1. Further representations as to why the intended administrative sanction should not be imposed; 3.12.2. RMCP approval page as signed by Ms. Chrambanis; 3.12.3. Client files in respect of 9 out of 16 sampled clients. The files contain information including but not limited to customer due diligence, client risk rating, client screening (TFS and foreign domestic politically exposed persons or prominent influential persons); and 3.12.4. The sole member has indicated an appreciation and understanding of the need to comply with the requirements of the FIC Act and the consequences of the failure to comply. ACA has / is consulting Masthead for guidance. 4. PARTICULARS OF THE ADMINISTRATIVE SANCTION 4.1. In terms of section 45C(1), read with sections 45C(3)(a), (c) & (e), and 45C(6)(a) of the FIC Act, the FSCA hereby imposes the following administrative sanction on ACA: 4.1.1. A directive to remediate the following non-compliance issues and to provide evidence of remediation to the FSCA on or before 31 December 2024: 4.1.1.1. Risk rate the outstanding clients (7 out of 16) in terms of the business risk assessment; 4.1.1.2. Conduct customer due diligence in line with the FIC Act and business risk assessment on the outstanding clients (7 out of 16) in terms of section 21 to 21H of the FIC Act; 4.1.1.3. Screen the outstanding clients (7 out of 16) against the TFS lists as contemplated in section 28A read with section 26B of the FIC Act; and

12 4.1.1.4. The accountable institution must appoint a person with sufficient competence and seniority to ensure the effectiveness of the compliance function as set out in section 42A of the FIC Act. Alternatively, the sole member must upskill herself to ensure ongoing or effective compliance with the FIC Act. 4.1.2. A caution not to repeat the conduct which led to the non-compliance detailed in paragraph 2 above. 4.1.3. A financial penalty of R300 000 for non-compliance with sections 42(1) and (2) read with section 21(1) of the FIC Act. 4.1.4. A financial penalty of R325 000 for non-compliance with section 21(1), 21A, 21C(1), 21D, 21F – H of the FIC Act. 4.1.5. A reprimand for non-compliance with sections 42A of the FIC Act. 4.1.6. A financial penalty of R160 000 for non-compliance with section 28A read with section 26B of the FIC Act. 4.2. ACA is directed to pay the R485 000.00 financial penalty on or before 20 December 2024. 4.3. The payment of the remaining R300 000.00 of the total financial penalty is hereby suspended for a period of 3 years from the date of this Administrative Sanction, on condition that ACA complies with the directive issued in paragraph 4.1.1 above and remains fully compliant with sections 42(1) and (2), 21(1), 21A, 21C(1), 21D, 21F – H, and 28A read with section 26B of the FIC Act. 4.4. Should ACA be found to be non-compliant with the provisions of the FIC Act detailed in paragraph 4.3. above, within the 3 years suspension period, the suspended penalty of R300 000.00 becomes immediately payable. 4.5. The financial penalty is payable via electronic fund transfer to: Account Name: NRF – FIC Act Sanctions

13 Account Holder: National Treasury Account Number: 80552749 Bank: South African Reserve Bank Code: 910145 Reference: FIC Sanction – Adams Chrambanis Associates 4.6. Proof of payment must be submitted to the FSCA at Charl Geel (charl.geel@fsca.co.za). 5. RIGHT OF APPEAL 5.1. In terms of section 45D of the FIC Act, read with Regulation 27C of the Regulations promulgated in terms of GN R1595 in GG 24176 of 20 December 2002 as amended, ACA may lodge an appeal within 30 days, from the date of receipt of the Notice. The notice of appeal and proof of payment of the mandatory appeal fee must be: - 5.1.1. hand delivered to: The Secretary: The FIC Act Appeal Board Byls Bridge Office Park, Building 11 13 Candela Street Highveld Extension Centurion Sent via electronic mail to: The Secretary: The FIC Act Appeal Board AppealBoardSecretariat@fic.gov.za 5.1.2. sent via electronic mail to: The HOD: Office of General Counsel FSCA Attention: Mr S Rossouw (Stefanus.Rossouw@fsca.co.za) 5.2. The Secretary of the FIC Act Appeal Board may be contacted at AppealBroardSecretariat@fic.gov.za and telephonically at (012) 641-6243 should ACA require further information regarding the appeal process. Details of the appeal process can also be found on the FIC’s website at www.fic.gov.za.

14 6. FAILURE TO COMPLY WITH THE ADMINISTRATIVE SANCTION 6.1. In terms of section 45(C)(7)(b) of the FIC Act, should ACA fail to pay the prescribed financial penalty in accordance with this notice and an appeal has not been lodged within the prescribed period, the FSCA may forthwith file with the clerk or registrar of a competent court a certified copy of this notice, which shall thereupon have the effect of a civil judgement lawfully given in that court in favour of the FSCA. 7. PUBLICATION OF SANCTION 7.1. The FSCA will make public the decision and the nature of the sanction imposed in terms of section 45C(11) of the FIC Act. Issued on this the 21 November 2024.

---

Unathi Kamlana Commissioner