On the 29th of November 2022, Schedule 1 of the Financial Intelligence Centre Act (Fica) was amended. The Act has broadened the definition of Accountable Institutions. This means that some businesses now have legal obligations for due diligence checks. If they don’t, they face the threat of massive fines. Understanding what the new revisions to FICA, as well as what they mean for your business, is therefore essential to ensure continued regulatory compliance.
What is the Financial Intelligence Centre Amendment Act (FICA)?
In South Africa, an Accountable Institution is a concept that is defined and regulated by the Financial Centre Amendment Act (FICA). FICA is South Africa’s central piece of legislation for Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT). It governs many aspects of South Africa’s financial system, including defining and regulating the concept of an Accountable Institution and South Africa’s adoption and the Risk-Based Approach (RBA) for the country’s national AML/CFT legislation.
What is an Accountable Institution (AI)?
Accountable Institutions (AIs) can be broadly understood as financial institutions, businesses and organizations that, due to the financial and legal nature of their business, carry a higher responsibility towards their clients, government and society – a responsibility that means AIs are held to higher standards concerning good governance, enhanced due diligence, and risk assessment and mitigation.
FICA classifies certain businesses, institutions and organizations as Accountable Institutions (AIs). When a financial institution, business or organization is designated as an AI, it has to comply with a wide range of regulatory requirements that cover due diligence, record-keeping, reporting of information to the Financial Intelligence Centre (FIC) and internal compliance governance.
These revisions to FICA were made to try and avoid South Africa being greylisted by the FATF (an attempt that was unsuccessful).
For a detailed breakdown of Accountable Institutions and a list of exactly which businesses classify as such, read our article here.
How Has FICA Been Revised?
Essentially, FICA has revised its definition of what constitutes an Accountable Institution (AI) under Schedule 1 of the Act. Because the designation as an AI largely determines what laws and regulations a business must comply by, this revision to FICA means that certain sectors and industries will now have to comply with laws that they previously did not have to consider. The complete list of revisions to FICA is laid out in Government Gazette 47596.
The South African government aims to prevent greylisting by targeting businesses that can potentially facilitate money laundering and financing of terrorism, such as crypto asset service providers. This is achieved by designating them as accountable institutions.
Other pieces of South African legislation have also been amended. Apart from the changes made to Schedule 1 of the FICA, the General Laws (Anti-Money Laundering and Combating Terrorism Financing) Amendment Bill (GLA) brought about several other modifications to the provisions of FICA. These amendments became effective on December 31, 2022.
Non-compliance with these regulations can result in severe penalties, including fines of up to ZAR 100 million (approximately USD 6.8 million) or imprisonment for up to 15 years. The FIC also has the authority to impose administrative sanctions, such as warnings or restrictions on business operations.
ThisIsMe is South Africa’s leading provider of digital tools for identity verification, data validation and enhanced due diligence. To find out how ThisIsMe can equip your business with the tools necessary to ensure regulatory compliance with FICA, contact our team here.
Expanded Definition of Accountable Institutions by FICA
FICA has expanded its list of Accountable Institutions to include:
• Someone who conducts the business of establishing trust arrangements for clients.
• Someone who conducts the business of preparing for or executing transactions, including acting as a trustee, related to investing, controlling, safeguarding, or administering trust property as defined in the Trust Property Control Act.
• A cooperative bank, as defined by the Cooperative Banks Act, 40 of 2007.
• Someone who conducts the business of providing credit as defined in the National Credit Act, 34 of 2005 (NCA).
• Someone who conducts the business of providing credit in relation to any credit agreement that falls outside the scope of the NCA's application, according to the provisions of sections 4(1)(a) or (b) of the NCA.
• Someone who conducts the business of transferring money or value.
• Someone who conducts the business or operation on behalf of a client, which includes exchanging one form of cryptocurrency for another, concluding transactions that transfer cryptocurrency from one address or account to another, or safeguarding or administering cryptocurrency or an instrument that enables control over cryptocurrency.
• Someone who conducts the business of dealing in high-value goods for any transaction in which the business receives payment, in any form, equal to or exceeding R100 000.
The last line requires further clarification. Writing in BusinessTech, Luke Fraser summarized the essence of the revision to FICA by explaining that:
“Organisations that sell any items that total R100,000 or more to anyone in all forms of payments will be considered accountable institutions. This applies to sole proprietors, companies and all other types of business.” – Luke Fraser, BusinessTech.
However, this is not entirely true. As explained by Nicole Copley in an article for the Daily Maverick, your business or nonprofit will only be considered an AI if it deals with items worth more than R100,000 on a regular basis. This means that many non-profit organizations that do not routinely display high monthly turnovers should remain exempt from the new FICA requirements.
What Industries and Sectors are Strongly Impacted?
As a consequence of these new revisions to FICA, some industries are going to be strongly impacted and made to comply with greater due diligence and ongoing monitoring obligations. These industries/businesses are:
• Specific legal practitioners
• Gambling establishments
• Credit providers
• Boards of executors or trust companies
• Real estate agents
• Long-term life insurance companies
• Motor vehicle dealers
• Crypto asset dealers
• Krugerrand dealers
What Are the New Legal Requirements Stipulated by FICA?
Although these requirements may not apply to every business and should not be taken as direct legal advice concerning regulatory compliance with FICA, it does serve as an overview of what certain business can expect.
• Complete registration on the FIC's go-AML system via the FIC website no later than March 19, 2023.
• Appoint a compliance officer who is an employee or director of the accountable institution.
• Develop a risk management and compliance programme (RMCP) that complies with the requirements of section 42 of the FICA. The RMCP must be approved by senior management and/or the board of directors.
• Conduct a risk-based assessment of clients with whom the accountable institution conducts transactions or establishes a business relationship to verify their identification.
For a complete overview of all the requirements, visit the official FICA website here.
Because South Africa operates a Risk-Based Approach to its AML/CFT regulatory framework, different businesses will be subjected to different degrees of compliance. AIs are required to assess the risks associated with their clients and conduct customer due diligence accordingly. Ongoing customer due diligence must also be carried out for clients with whom the institution has established a business relationship. Additionally, the institution must keep records of all transactions with clients, in accordance with FICA regulations.
Reporting to the FIC is also mandatory for AIs, including transactions that exceed the prescribed cash threshold, any suspicious or unusual transactions, and electronic fund transfers that exceed the prescribed threshold. They must also provide regular training on FICA requirements and the obligations of AIs.
An AI that fails to comply with the FICA requirements such as registration with Financial Intelligence Center (FIC), reporting obligations, maintaining an RMCP, providing training, or proper record-keeping will be non-compliant with FICA provisions. As punishment, the FIC can impose administrative sanctions, including financial penalties not exceeding R10 million for individuals and R50 million for legal entities.
Identity Verification, Customer Due Diligence and Risk Assessment Tools for South Africa
ThisIsMe is South Africa’s leading provider of digital tools for tasks like enhanced due diligence, KYC, customer due diligence, data validation and risk assessment. Committed to world-class standards for data handling and data privacy, ThisIsMe is proud to be at the forefront of a trust-based and privacy-compliant digital world. To experience our full suite of advanced due diligence services, contact our team here.
