A Property Practitioner’s Guide to FICA
Are you, as a Property Practitioner, aware that you could be an Accountable Institution? Are you compliant with FICA? It may seem daunting and overwhelming to know where to start, but don’t worry we’ve got you covered. Below is a guide to assist you to ensure your compliance.
Please note that the term “Property Practitioners” now encompasses a diverse group including certain auctioneers, managing agents, business brokers, trustees, bond or mortgage originators, bond brokers, property developers involved in marketing or selling properties, individuals engaged in the marketing or sale of timeshare or fractional ownership, and homeowners associations.[1] However, inclusion in this broader category does not confer the status of Accountable Institutions on these practitioners unless their activities align with those of an “estate agent” as defined in the existing legislation. This is in line with the guidance which has been issued by the Financial Intelligence Centre (“the FIC”) in the Public Compliance Communication 56 (PCC 56), Guidance on the Interpretation of Item 3 of Schedule 1 of the Financial Intelligence Centre Act[2] (“FICA”).[3]
Therefore, all Property Practitioners who perform “estate agent” activities must register as Accountable Institutions with the FIC.[4] Our view is that all other Property Practitioners, who manage trust accounts, for example, may one day be deemed as Accountable Institutions.
WHERE IT BEGAN
The FICA was initially gazetted on 3 December 2001 and came into effect in stages since 1 February 2002, with various amendments throughout the years since promulgation. FICA’s main objectives are to regulate South Africa’s anti-money laundering and counter-terrorism financing programmes and to establish the FIC to combat these illicit activities.
FICA contains a number of control measures which are based on the three basic principles of money laundering detection and investigation:[5]
- intermediaries in the financial system must know with whom they are doing business;
- the paper trail of transactions through the financial system must be preserved; and
- possible money laundering transactions must be brought to the attention of investigating authorities.
Furthermore, FICA also established the FIC as the agency responsible for the collection, analysis and disclosure of information to assist in the detection, prevention and deterrence of money laundering, terrorist financing and proliferation financing in South Africa.
WHAT CHANGED
During its mutual evaluations of South Africa, the Financial Action Task Force (“FATF”)[6] identified weaknesses in South Africa’s anti-money laundering, combating financial terrorism and countering proliferation financing regimes. Consequently, South Africa was “grey-listed”.[7]
Following the grey-listing, as part of resolving identified strategic deficiencies, while subject to increased monitoring, significant amendments were made to FICA (and other financial sector laws), which came into effect on 19 December 2022. One of the changes to FICA significantly increased the number of sectors and businesses designated as Accountable Institutions.[8]
Several role players within the community scheme industry have been designated as Accountable Institutions in terms of FICA, such role players include Legal Practitioners, Credit Providers and potentially you, a Property Practitioner.[9]
WHAT IS REQUIRED FROM YOU
- Registering with the FIC
All Accountable Institutions are obliged to register with the FIC to enable submission of regular and annual regulatory reports to the FIC.[10] Registration must be done within 90 days from the date that business has commenced, alternatively, if you are already in business, register as a matter of urgency.
Registration is free and is a simple process which must be done electronically on the system known as “goAML” which can be accessed via the FIC’s website, www.fic.gov.za.
Failure to register or update registration information, when necessary, means the Accountable Institution is guilty of an offence and could be subject to a fine not exceeding R10 million.[11]
Accountable Institutions are encouraged to read the goAML Registration Guideline provided by the FIC, which can be accessed here: FIC goAML Registration User Guide.
- Appointing a compliance officer
An Accountable Institution is obliged to appoint a compliance officer to ensure compliance with the provisions of FICA and the internal rules applicable to them.[12]
Failure to appoint and train a compliance officer in accordance with section 43 of FICA, means the Accountable Institution is non-compliant and could be subject to an administrative sanction.[13]
Only the registered FICA compliance officer has access to the goAML website which must be monitored regularly or as required from time to time.
- Development and Implementation of a Risk Management and Compliance Programme (“RMCP”)
In terms of FICA, an Accountable Institution is required to develop, implement and maintain a formal document, known as the RMCP, detailing how the company conducts and implements risk based anti-money laundering and counter terrorist financing measures, and assesses its own money laundering, terrorist financing risks in line with the guidance issued by the FIC and in compliance with the provisions of FICA.[14]
The RMCP deals with the aspects such as the following:
- Background of the Accountable Institution and governance;
- Risk Assessment and Risk Rating;
- Characteristics of products and services and associated risks;
- Geographic locations, distribution channels and other associated risks;
- Customer Due Diligence;
- Record Keeping;
- Reporting;
- Training; and
- Prohibitions relating to persons and entities identified by the Security Council of the United Nations.
The board of directors or senior management is ultimately responsible for ensuring that the Accountable Institution maintains an effective internal risk-based control structure through the RMCP.
When completing your RMCP keep in mind that the Guidance Notes are just that, a guide, and therefore you will still need to apply your mind and do active work to ensure the RMCP reflects the unique features of your business and the market within which you operate, and that it is compliant with the FICA.
- Perform Customer Due Diligence (“KYC”) and ongoing Customer Due Diligence
Accountable Institutions are not required to follow a “one size fits all” approach in the methods that they use and the levels of verification that they apply to all relevant clients.[15] The Accountable Institution should take into consideration all relevant factors which can contribute to the risk rating of a client, product or transaction.
Customer Due Diligence (“CDD”) is the process of collecting and evaluating information about a customer or potential customer and assessing the level of risk they possess.
An Accountable Institution must therefore:
4.1) Follow the Know Your Client (“KYC”) business principle to “establish and verify the identity of their customers/clients before or during the time they do business”.[16] The KYC principle provides for controls which usually include the:[17]
- collection and verification of identity documentation;
- screening against warning or sanctions lists;
- client risk assessment; and
- investigations into client’s financial transactions.
Moonstone[18] describes the KYC Principle as “an important step developed globally to prevent identity theft, financial fraud, money laundering and terrorist financing.”
4.2) Be up to date with all FICA requirements for new and existing clients (remember the FICA documentation will be required for every new client application and/or change).
4.3) Always obtain clear copies of required documentation, for example, the identification number and picture must be clearly identifiable on the copy of the identification document provided.
- In the case of a foreign national, the FIC states that the Accountable Institution must obtain a copy of the person’s identity document, such as his or her passport, as well as written confirmation regarding the authenticity of the identity document provided. Such written confirmation must be from a person in authority (e.g. relevant embassy).[19]
- It is common practice that documentation provided must not be more than 3 (three) months old, including the certification of identity documents, unless otherwise specified (this is to avoid outdated documents that might no longer be applicable or relevant being used).
4.4) The FIC has further provided a list confirming what documentation you may accept as proof of residence (the name and residential address of the person should reflect on the document), these include but are not limited to:[20]
-
- Utility Bill;
- Bank Statement;
- Recent Lease or Rental Agreement;
- Municipal Rates and Taxes Invoice;
- Mortgage Statement;
- Telephone or Cellular Account;
- Valid Television Licence;
- Recent Long-term or Short-term Insurance Policy;
- Recent Motor Vehicle Licence Documentation; and/or
- Statement of Account issued by a Retail Store.
When a new client completes an application, to enter into a business relationship with you, ensure that it is done so correctly, that all pages are initialled and signed where required. If any changes are made, make sure that such changes are initialled and signed as well.
4.5) Ongoing Customer Due Diligence
- In accordance with your RMCP, you must conduct ongoing due diligence in respect of a business relationship, which includes:
- monitoring of transactions undertaken throughout the course of the business relationship, including, where necessary:
- the source of funds, to ensure that the transactions are consistent with the Accountable Institution’s knowledge of the client and the client’s business and risk profile; and
- the background and purpose of all complex, unusual large transactions, and all unusual patterns of transactions, which have no apparent business or lawful purpose.
- monitoring of transactions undertaken throughout the course of the business relationship, including, where necessary:
- Record Keeping
In terms of FICA an Accountable Institution must keep records of all Customer Due Diligence and Transactions, for at least five years from the date a business relationship has been terminated or from inception of a single business transaction, or longer, if required by law.[21]
Such records further include risk ratings conducted on clients, all reports filed with the FIC as well as decisions made not to report a transaction to the FIC including the reasons and supporting documentation.[22]
Records must be secure and confidential and should be easily accessible to the FIC, should it be required or requested.[23]
- Training
6.1) FICA requires Accountable Institutions to train and provide ongoing training to its employees to ensure compliance with FICA obligations and the specific RMCP.[24]
6.2) FICA further requires an Accountable Institution to keep record and registers of training to ascertain employee attendance and engagement, training should be assessed, and all new and current employees should be trained on a regular basis.[25]
6.3) Failure to train will mean that your business is in contravention of FICA, and this could lead to an administrative sanction.[26]
- Reporting
7.1) As per the RMCP requirements, an Accountable Institution’s RMCP must include a detailed description and guidelines of the reporting process to be followed by its employees and the compliance officer as to how to identify and report suspicious transactions.[27]
7.2) Chapter 3 of FICA outlines and describes an Accountable Institution’s obligations to report suspicious behaviour and transactions and includes the following reports:
7.3) Inability to conduct Customer Due Diligence
An Accountable Institution must report a transaction if it has the inability to conduct Customer Due Diligence (“CDD”) including the inability to:[28]
- Establish and verify the client’s identity in terms of the RMCP;
- Obtain information about the business relationship in terms of the RMCP; and
- Conduct ongoing CDD on client in terms of the RMCP.
7.4) Failure to Report
There is a general assumption that each employee has the general knowledge, skills, training and experience reasonably expected of a person in that position, to identify anything suspicious, especially as the Accountable Institution should provide ongoing training, as required by FICA, and therefore when a suspicion is formed each employee has a duty to report it.[29]
7.5) Tipping Off:
- It is vitally important that employees are aware of tipping off. When making a report the person involved may not inform anyone, including the client or any other person associated with a reported transaction, of the contents of a suspicious transaction or activity report or even the fact that such a report has been filed with the FIC.[30]
- Contravening these prohibitions constitutes offences in terms of FICA that carry maximum penalties of imprisonment for a period up to 15 years or a fine up to R100 million.[31]
- Once you have formed a suspicion, you don’t know who a party to the potential suspicious activity may be or who may tip off the client and therefore the reporting party should limit their discussion to the compliance officer.[32] Tipping off could create an opportunity for the client or related parties to disappear or hide illicit funds and it may impact existing relationships with the client.
- You are protected if you file a report to the FIC in terms of the above, and will therefore not be subject to any action, whether civil or criminal.[33]
Guidance Note 4B provides more information on reporting obligations and requirements.[34]
THERE ARE CONSEQUENCES SHOULD YOU NOT COMPLY
Accountable Institutions are legally obliged to comply with FICA, and therefore it is important to know that your business could be subject to two types of penalties for non-compliance:
- Administrative sanction,[35] which includes but is not limited to:
- a caution not to repeat the conduct; or
- the restriction or suspension of certain specified business activities; or
- a financial penalty.
- Criminal sanction,[36] which includes:
- a maximum penalty of 15 years or a fine not exceeding R100 million; or
- a maximum sentence of five years or a fine not exceeding R10 million for certain lesser offences.
By using this guide, along with the below recourse list, you can ensure that you are compliant with FICA requirements and avoid the hefty penalties that you could suffer for being non-compliant.
RESOURCE LIST:
- The Financial Intelligence Centre and FICA: https://www.fic.gov.za/about/#the-fic-act
- Registration & Reporting: https://goweb.fic.gov.za/goAMLWEb_PRD/Home
- FIC Act obligations: https://www.fic.gov.za/compliance/
- Public Compliance Communication (PPC): https://www.fic.gov.za/compliance/compliance-guidance/public-compliance-communication/
- Sanctions issued by supervisory bodies: https://www.fic.gov.za/compliance/supervision-and-enforcement/sanctions-issued-by-supervisory-bodies/
- Sanctions issued by the FIC: https://www.fic.gov.za/compliance/supervision-and-enforcement/sanctions-issued-by-the-fic/
FOOTNOTES
[1] See “PCC Summary” in Public Compliance Communication 56 (PCC 56), Guidance on the Interpretation of
Item 3 of Schedule 1 to the Financial Intelligence Centre Act, 2001 (Act 38 Of 2001), accessible at https://nama.org.za/wp-content/uploads/2023/09/221110-PCC-56-PP-final.pdf.
[2] Act 38 of 2001.
[3] Accessible at https://nama.org.za/wp-content/uploads/2023/09/221110-PCC-56-PP-final.pdf.
[4] See para 2.1 of PCC 56.
[5] Financial Intelligence Centre Guidance Note 3A Guidance for Accountable Institutions on client identification and verification and related matters (“Guidance Note 3A”), accessible at https://www.fic.gov.za/document/2005-07-guidance-guidance-note-3a-accountable-institutions-and-cdd/.
[6] The Financial Action Task Force (FATF) is the global money laundering and terrorist financing watchdog. It sets international standards that aim to prevent these illegal activities and the harm they cause to society. See https://www.fatf-gafi.org/en/countries/detail/South-Africa.html.
[7] FATF https://www.fatf-gafi.org/en/countries/detail/South-Africa.html.
[8] Schedule 1 of FICA, as amended by the General Laws Amendment Act 22 of 2022.
[9] Schedule 1 of FICA, as amended by the General Laws Amendment Act 22 of 2022.
[10] Section 43B of FICA.
[11] Section 61A of FICA.
[12] Section 42A of FICA.
[13] Section 62 of FICA.
[14] Financial Intelligence Centre Guidance Note 7 on the Implementation of various aspects of FICA, accessible here https://www.fic.gov.za/wp-content/uploads/2023/09/2017.10-Guidance-Guidance-Note-7-FIC-Act-obligations.pdf
[15] Guidance Note 3A, accessible at https://www.fic.gov.za/document/2005-07-guidance-guidance-note-3a-accountable-institutions-and-cdd/.
[16] LexisNexis 10 December 2018 accessible at https://www.lexisnexis.co.za/lexis-digest/corporate/make-it-easier-to-know-your-customer.
[17] LexisNexis 10 December 2018 accessible at https://www.lexisnexis.co.za/lexis-digest/corporate/make-it-easier-to-know-your-customer.
[18] Gail Gibson from Moonstone Compliance (Pty) Ltd 12 September 2016, accessible at https://www.moonstone.co.za/kyc-knowing-your-client-or-killing-your-client/.
[19]Guidance note 3A, accessible athttps://www.fic.gov.za/document/2005-07-guidance-guidance-note-3a-accountable-institutions-and-cdd/.
[20] Guidance Note 3A, page 15.
[21] Section 22 of FICA.
[22] Section 23 of FICA.
[23] Section 24 of FCA.
[24] Section 43 of FICA.
[25] PCC No. 18.
[26] Section 62 of FICA.
[27] Financial Intelligence Centre Guidance Note 7 (and as required in terms of the Risk and Compliance Return Questionnaire).
[28] Section 21 E of FICA.
[29] Guidance Note 4B, accessible at https://www.fic.gov.za/document/guidance-note-4b-strs/.
[30] Section 29 of FICA.
[31] Section 68 of FICA.
[32] Section 29 of FICA.
[33] Section 38 of FICA.
[34] Guidance Note 4B accessible at https://www.fic.gov.za/document/guidance-note-4b-strs/.
[35] Section 45(c)(3) of FICA.
[36] Sections 68(1) and 68(2) of FICA.