Risk-Based Approach (RBA)

What is a Risk-Based Approach (RBA)? 

The Risk-Based Approach (RBA) is a system of risk management for Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) that adjusts itself depending on the risk level of a country, industry, or specific business. 

In other words, the RBA is an approach to AML/CFT law-making and regulation that adjusts the intensity of regulation according to the levels of risk that are present in specific circumstances. 

For example, if a certain business sector faces a high risk of financial crime (e.g. banks), businesses within that sector will be legally obligated to implement more intensive protocols to mitigate the risk of financial crime. Accordingly, businesses in other sectors that are at a lower risk of financial crime will not be obligated to employ the same protocols because they are not exposed to the same level of risk. 

The RBA, therefore, facilitates the creation of effective AML/CFT and risk mitigation programs without forcing low-risk business sectors to unnecessarily waste resources mitigating minor risks. 

What is the Financial Intelligence Centre Amendment Act (FICA)?

FICA is South Africa’s central piece of legislation concerning Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT). FICA regulates many aspects of South Africa’s financial system, including the country’s adoption of the Risk-Based Approach (RBA).

The purpose of the Act is to “assist in the identification of the proceeds of unlawful activities; combat money laundering; and combat the financing of terrorist and related activities.”

This is achieved by “creating a legal framework for effective identification and verification of client identities; recordkeeping; reporting processes; staff training; compliance requirements and the establishment of the Financial Intelligence Centre and Counter-Money Laundering Advisory Council."

Today, much of how FICA governs the usage of the RBA in South Africa comes down to the Act’s classification of certain businesses, institutions and organizations as Accountable Institutions (AIs). 

What is an Accountable Institution (AI)? 

FICA designates a wide variety of businesses, institutions and organizations as Accountable Institutions (AIs). FICA’s exact classification of an AI is varied and complex – it is best understood by referring in detail to Schedule 1 of the Act, which defines exactly the classification of an Accountable Institution. 

In essence, however, an AI can be understood as any business, institution or organization that carries out the business of any entity listed under Schedule 1 of the Act, which due to the associated higher risk of financial crime, demands more intensive protocols for risk mitigation. 

An AI's regulatory compliance obligations will also vary depending on the AI’s classification (e.g., FOREX). 

Obligations of an Accountable Institution in South Africa 

Accountable Institutions must comply with a variety of regulatory compliance obligations that are established by FICA. These include obligations for due diligence, record-keeping, internal compliance governance and reporting of information to the Financial Intelligence Centre. 

Notably, because South Africa operates a Risk-Based Approach (RBA) to AML/CFT regulation, it is the responsibility of the AI to identify risks and take the necessary steps to mitigate those risks. This must be done internally; the business is responsible for risk assessment, as well as the creation of a plan to effectively address and mitigate those risks. Once the AI has finalized its risk management strategy, it will be presented to the Financial Intelligence Center (FIC), which can then approve or reject the strategy.

An Accountable Institution (AI) is therefore legally obligated to design and implement an RBA in line with its categorization, as well as being in line with the level of risk that it is exposed to. 

Consequently, the digital tools that an AI requires to ensure regulatory compliance will vary on a case-to-case basis. For example, due to the varying natures of their business, one AI may require a wide variety of basic tools for identity verification, while another AI may require complex digital tools that focus on enhanced due diligence and risk analysis. 

As South Africa’s leading provider of world-class identity verification, data validation and due diligence solutions, ThisIsMe gives businesses the tools they need to ensure compliance with the regulatory obligations established by FICA. 

Identity Verification, Data Validation and Enhanced Due Diligence Services in South Africa 

Although there are universally recognized guidelines for AML/CFT regulations, every country typically has their own set of regulatory requirements that govern how businesses, institutions and organizations in that specific country must conduct business with their customers. 

When doing business in a country and ensuring regulatory compliance, it is important to employ experts in the relevant country who are best equipped to operate within the nexus of legislation, law enforcement and economic realities while delivering high-quality and cost-effective solutions for ensuring regulatory compliance.  

As South Africa’s leading provider of world-class due diligence and remote-onboarding solutions, ThisIsMe is proud to be at the forefront of a trust-based and privacy-compliant digital world. To experience our full suite of advanced due diligence services, book a demonstration by contacting our team here