New FICA requirements for accountable institutions

“My business qualifies as an accountable institution under the Financial Intelligence Centre Act. There has been a lot of talk in the news about the new Amendment Act being signed but not a lot of detail on how it will affect my business. Will it be business as usual or are there changes I should be aware of?”

The Financial Intelligence Centre Act 38 of 2001 (“FICA”) was introduced in South Africa to govern financial intelligence and to assist in the combatting of financial crime. The recent Amendment Act to FICA is intended to enhance and modernise our South African framework in accordance with the latest approaches of the international community. All entities classified as “accountable institutions” in terms of FICA must comply with FICA, which includes the latest amendments thereto.

The key amendment introduced, is a shift from a rules-based approach to a risk-based approach in ensuring FICA compliance, which simply means that accountable institutions must consider the potential risk involved with establishing a business relationship or concluding a single transaction with a particular client. 

Accountable institutions are obliged to conduct “client due diligence” (“CDD”) to establish and verify the identities of their clients. Essentially you are required to know who your client is with whom you are doing business. The Amendment Act now imposes enhanced measures relating to ongoing CDD and the monitoring of business relationships, as well as obligations in respect of prominent and influential persons. The Amendment Act also introduces additional due diligence measures relating to legal persons, trusts and partnerships. Client due diligence processes will therefore need to be reviewed by every accountable institution.

Accountable institutions are obliged to develop, document, implement and maintain a Risk Management and Compliance Programme, which sets out the FICA compliance obligations of the business and its procedures for ensuring that these obligations are met. The Amendment Act dictates that the Risk Management and Compliance Programme replaces the formerly required FICA internal rules of the organisation.

Employees of accountable institutions must receive comprehensive and ongoing training on FICA in accordance with their Risk Management and Compliance Programme to ensure that employees are aware of their duties in terms of FICA when engaging with clients.

The board of directors (for legal persons) and the person with the highest level of authority (non-legal persons) are now tasked with ensuring compliance with FICA. A specific individual with sufficient competence and seniority may be appointed to assist with ensuring compliance with FICA, which appointment is similar to the previous FICA compliance officer.

If one looks at the amendments introduced by the Amendment Act, all accountable institutions will need to review their current FICA frameworks to address the changes identified above. Although the Amendment Act has been signed, it has not yet come into operation, which does provide your organisation opportunity to timeously address your FICA compliance in line with the new amendments.

June 9, 2017
International: Privacy by Design – prioritizing security in business

International: Privacy by Design – prioritizing security in business

In today’s current digital space, safeguarding privacy and ensuring that your business is compliant with the various cyber laws and data privacy regulations is crucial to ensure that business operations are well protected. In this article, PR de Wet and Mishka Cassim, from VDT Attorneys Inc., seek to address some of the most important issues companies face and need to consider on a global scale when addressing privacy concerns.

South Africa: POPIA and prior authorisation to process personal information

South Africa: POPIA and prior authorisation to process personal information

The Protection of Personal Information Act, 2013 (Act 4 of 2013) (‘POPIA’) requires a responsible party to apply for and obtain authorisation prior to processing certain identified categories of personal information. With POPIA compliance deadlines fast approaching PR de Wet and Hayley Levey, from VDT Attorneys Inc, analyse the POPIA prior authorisation regime.

Sign up to our newsletter

Pin It on Pinterest