Du Toit Advisors CC Sanction Notice

Executive Committee: Commissioner: U. Kamlana I Deputy Commissioners: A. Ludin I K. Gibson I F. Badat ANNEXURE “B” THE FINANCIAL SECTOR CONDUCT AUTHORITY AND DU TOIT ADVISORS CC

---

ADMINISTRATIVE SANCTIONS IN TERMS OF SECTION 45C OF THE FINANCIAL INTELLIGENCE CENTRE ACT, NO. 38 OF 2001 (“FIC ACT”)

---

1. The Financial Sector Conduct Authority (FSCA) is satisfied that Du Toit Advisors CC (DTA), an authorised financial services provider and an accountable institution as envisaged in terms of item 12 of schedule 1 of the FIC Act, has failed to comply with the FIC Act. Accordingly, the FSCA hereby issues this Administrative Sanction Notice (the Notice).
2. On 26 January 2023, as part of its supervisory duties, the FSCA conducted a virtual inspection of DTA in terms of section 45B of the FIC Act. The inspection found that DTA is non-compliant with the FIC Act.
3. Nature of Non-compliance: 3.1. Risk Management and Compliance Programme (RMCP) 3.1.1. In terms of sections 42(1) and (2) of the FIC Act, an accountable institution must develop, document, maintain and implement a programme for anti-money laundering and counter-terrorist financing risk management and compliance.

2 3.1.2. At the time of the inspection, DTA did provide an RMCP to the FSCA. The RMCP was found to be defective as it did not set out the processes to comply with various provisions of the FIC Act as required by section 42(2). In addition, DTA failed to implement the RMCP. DTA has subsequently submitted two further versions of its RMCP which predominantly remains technically deficient, in particular as it relates to sections 42(2)(a), 42(2)(b), 42(2)(d), 42(2)(g), 42(2)(h), 42((2)(j), 42(2)(n), and 42(2)(o). 3.1.3. Accordingly, DTA had failed to develop, document, maintain and implement an RMCP as required in terms of section 42(1) and 42(2) of the FIC Act. 3.2. Customer due diligence (CDD) 3.2.1. In terms of section 20A of the FIC Act, an accountable institution may not establish a business relationship or conclude a single transaction with an anonymous client or a client with an apparent false or fictitious name. 3.2.2. In terms of section 21(1) of the FIC Act, when an accountable institution engages with a prospective client to enter into a single transaction or to establish a business relationship, the institution must, in the course of concluding a single transaction or establishing that business relationship and in accordance with its RMCP, establish and verify the identity of the client. In addition, if the client is acting on behalf of another person, an accountable institution must establish and verify the identity of that other person and the client’s authority to establish the business relationship or to conclude the single transaction on behalf of that other person; or, if another person is acting on behalf of the client, establish and verify the identity of that other person and that other person’s authority to act on behalf of the client.

3 3.2.3. In terms of section 21A of the FIC Act, when an accountable institution engages with a prospective client to establish a business relationship as contemplated in section 21, the institution must, in addition to the steps required under section 21 and in accordance with its RMCP, obtain information to reasonably enable the accountable institution to determine whether future transactions that will be performed in the course of the business relationship concerned are consistent with the institution’s knowledge of the prospective client, including information describing the nature of the business relationship concerned and the source of the funds which that prospective client expects to use in concluding transactions in the course of the business relationship concerned. 3.2.4. In terms of section 21B of the FIC Act, when a client is a legal person, trust or similar arrangements between natural persons, an accountable institution must, in addition to the steps required under sections 21 and 21A and in accordance with its RMCP, establish the nature of the client’s business and the ownership and control structure of the client. 3.2.5. In terms of section 21C of the FIC Act, an accountable institution must, in accordance with its RMCP, conduct ongoing due diligence in respect of a business relationship and keep information obtained for the purpose of establishing and verifying the identities of clients pursuant to sections 21, 21A and 21B of the Act, up to date. 3.2.6. DTA failed to comply: 3.2.6.1 with section 21(1) of the FIC Act, in that at the time of the inspection, DTA did not implement its RMCP and as a result DTA did not identify and verify the authority of persons acting on behalf of its clients in respect of two clients; 3.2.6.2 with section 21A of the FIC Act, in that at the time of the inspection, DTA did not, in addition to the steps required under section 21 and in accordance with its RMCP, obtain information to reasonably enable DTA to

4 determine whether future transactions that will be performed in the course of the business relationship concerned are consistent with the institution’s knowledge of that prospective client, including information describing the nature of the business relationship concerned, the intended purpose of the business relationship concerned and the source of the funds which that prospective client expects to use in concluding transactions in the course of the business relationship concerned in respect of thirty-three clients; 3.2.6.3 with section 21B(1) of the FIC Act, in that at the time of the inspection, DTA did not establish the ownership and control structure in respect of two clients; 3.2.6.4 with section 21B(2) of the FIC Act, in that at the time of the inspection DTA did not, in addition to the steps required under sections 21 and 21A and in accordance with its RMCP, establish and verify the identity of the beneficial owner in respect of one client; 3.2.6.5 with section 21C of the FIC Act, in that at the time of the inspection, DTA failed to evidence conducting of ongoing customer due diligence in respect of 16% of its clients included in the file sample. 4. Reasons for imposing the administrative sanction: 4.1. DTA’s non-compliance as detailed above is a serious violation of the provisions of the FIC Act. 4.1.1. By understanding and managing money laundering and terrorist financing risks, as illustrated in RMCPs, accountable institutions not only protect and maintain the integrity of their business but also contribute to the integrity of the South African financial system. 4.1.2. The importance of a risk-based approach is underscored by the fact that this is the very first recommendation of the Financial Action Task Force. Non￾compliance with section 42(1) and (2) of the FIC Act is no minor issue. It breaches one of the core principles of the FIC Act, i.e. a risk-based approach to all the compliance elements of the FIC Act.

5 4.1.3. Customer due diligence is one of the most important provisions of the FIC Act. Understanding who your client is, is important to identify any suspicious transactions and activity that the client may be up to. 4.2. All accountable institutions were given 18 months to implement the amended provisions of the FIC Act. DTA has been found to be non-compliant with the provisions of the FIC Act for the failure to adequately document, develop and implement its RMCP, identify and verify the identity of some of its clients, their beneficial owners as well as persons authorised to act on behalf of clients, and conduct ongoing customer due diligence. From the sampled client list, the clients were on-boarded from 2014 – 2022. 4.3. The FSCA has no record of a previous non-compliance with any law on the part of DTA. 4.4. The sanction to be imposed must be effective, proportionate and dissuasive. 4.5. If it wasn’t for the FSCA’s inspection, DTA would still be non-compliant with the FIC Act. 4.6. The FSCA took into account the representations from DTA and specifically that: 4.6.1 DTA cooperated with the FSCA during the inspection; 4.6.2 DTA has amended its RMCP since the inspection in an effort to comply; 4.6.3 DTA obtained certain customer due diligence and beneficial ownership information since the inspection; 4.6.4 DTA is conscious of applying a risk-based approach; 4.6.5 DTA’s view that a financial penalty is not dissuasive. 5. Particulars of the administrative sanction: 5.1. In terms of section 45C(1)(a), read with sections 45C(3)(c), 45C(3)(e), and 45C(6)(a) of the FIC Act, the FSCA hereby imposes the following administrative sanction on DTA: 5.1.1. A directive to conduct the following activities on or before 30 April 2024: 5.1.1.1. amend its RMCP so that it contains processes to comply with various provisions of the FIC Act as required by section 42(2);

6 5.1.1.2. to implement the revised RMCP including obtaining the necessary customer due diligence information as required by the FIC Act and revised RMCP; and 5.1.2. a financial penalty of R200 000 for non-compliance with sections 42(1), 42(2) of the FIC Act; 5.1.3. a financial penalty of R273 000 for non-compliance with sections 21(1) to 21C of the FIC Act; 5.2. DTA is directed to pay the financial penalty of R250 000 on or before 1 March 2024. 5.3. The payment of the remaining R223 000 of the total financial penalty is hereby suspended for a period of three years from the date of this Administrative Sanction, on condition that DTA complies with the directive issued in paragraph 5.1.1 above and remains fully compliant with sections 42(1) and (2), sections 20A, 21, 21A, 21B and section 21C of the FIC Act. 5.4. Should DTA be found to be non-compliant with provisions of the FIC Act detailed in paragraph 5.3 above within the three years suspension period, the suspended penalty of R223 000 becomes immediately payable. 5.5. The financial penalty is payable via electronic fund transfer to: Account Name : NRF – FIC Act Sanctions Account Holder : National Treasury Account Number : 80552749 Bank : South African Reserve Bank Code : 910145 Reference : FIC Sanction – Du Toit Advisors CC 5.6. Proof of payment must be submitted to the FSCA at Michele Fourie (michele.fourie@fsca.co.za). 6. Right of appeal:

7 6.1. In terms of section 45D of the FIC Act, read with Regulation 27C of the Regulations promulgated in terms of GN R1595 in GG 24176 of 20 December 2002 as amended, DTA may lodge an appeal within 30 days, from the date of receipt of the Notice. The notice of appeal and proof of payment of the mandatory appeal fee must be-: 6.1.1. hand delivered to: The Secretary: The FIC Act Appeal Board Byls Bridge Office Park, Building 11 13 Candela Street Highveld Extension Centurion 6.1.2. sent via electronic mail to: The HOD: Office of General Counsel FSCA Attention: Mr S Rossouw (Stefanus.Rossouw@fsca.co.za) 6.2. The Secretary of the FIC Act Appeal Board may be contacted at AppealBroardSecretariat@fic.gov.za and telephonically at (012) 641-6243 should DTA require further information regarding the appeal process. Details of the appeal process can also be found on the FIC’s website at www.fic.gov.za. 7. Failure to comply with the administrative sanction: 7.1. In terms of section 45(C)(7)(b) of the FIC Act, should DTA fail to pay the prescribed financial penalty in accordance with this notice and an appeal has not been lodged within the prescribed period, the FSCA may forthwith file with the clerk or registrar of a competent court a certified copy of this notice, which shall thereupon have the effect of a civil judgement lawfully given in that court in favour of the FSCA. 8. Publication of sanction: 8.1. The FSCA will make public the decision and the nature of the sanction imposed in terms of section 45C(11) of the FIC Act.

8 Issued on this the 1 st of February 2024