Latest news with #FICAct
IOL News
23-06-2025
- Business
- IOL News
Prudential Authority imposes hefty sanctions on three major banks for FIC Act breaches
The Prudential Authority (PA) is mandated to supervise and enforce compliance by accountable institutions with the provisions of the Financial Intelligence Centre Act 38 of 2001 (FIC Act) and with any order, determination or directive made in terms thereof. Image: Supplied The Prudential Authority (PA) has unleashed a wave of administrative sanctions on three prominent international banks operating within South Africa following notable breaches of the Financial Intelligence Centre (FIC) Act. This decisive move underscores the authority's commitment to enforcing compliance within the financial sector, as mandated by the South African Reserve Bank (Sarb). In a recent statement, the PA said it imposed administrative sanctions on Citibank N.A. South Africa Branch (Citibank) as a result of its non-compliance with certain provisions of the FIC followed an inspection conducted on Citibank in 2022 in terms of section 45B of the FIC Act. "The administrative sanctions imposed on Citibank consist of a caution not to repeat the conduct which led to the non-compliance as well as a financial penalty totalling R6 million, which is fully and conditionally suspended for a period of 12 months as from 5 March 2025," said the PA. "These administrative sanctions stem from Citibank's failure to comply with section 42 of the FIC Act, in that it failed to implement its Risk Management and Compliance Programme in relation to the assessed advance payment transactions." The PA said Citibank cooperated and has undertaken the necessary remedial action to address the identified compliance deficiencies and control weaknesses. Video Player is loading. Play Video Play Unmute Current Time 0:00 / Duration -:- Loaded : 0% Stream Type LIVE Seek to live, currently behind live LIVE Remaining Time - 0:00 This is a modal window. Beginning of dialog window. Escape will cancel and close the window. Text Color White Black Red Green Blue Yellow Magenta Cyan Transparency Opaque Semi-Transparent Background Color Black White Red Green Blue Yellow Magenta Cyan Transparency Opaque Semi-Transparent Transparent Window Color Black White Red Green Blue Yellow Magenta Cyan Transparency Transparent Semi-Transparent Opaque Font Size 50% 75% 100% 125% 150% 175% 200% 300% 400% Text Edge Style None Raised Depressed Uniform Dropshadow Font Family Proportional Sans-Serif Monospace Sans-Serif Proportional Serif Monospace Serif Casual Script Small Caps Reset restore all settings to the default values Done Close Modal Dialog End of dialog window. Advertisement Next Stay Close ✕ Ad Loading Building on this trend of accountability, HBZ Bank has also found itself in the hot seat, facing a total penalty of R9m due to its own lapses uncovered during a 2022 inspection. The sanctions against HBZ include three cautions, two reprimands, and a financial penalty — R1.5m of which is conditionally suspended for 24 months, commencing on 5 March 2025. Specifically, HBZ was found to have neglected its customer due diligence (CDD) obligations under the FIC Act, failing to perform adequate checks on 18 medium-risk and 5 high-risk client files. The regulator also imposed a caution not to repeat the conduct which led to the non-compliance as well as a reprimand after HBZ failed to comply with sections 22 and 23 of the FIC Act, in that it failed to keep records in relation to one of its high-risk trade finance active and terminated client relationships. Furthermore, the bank received additional reprimands related to insufficient record-keeping practices concerning high-risk client relationships and the absence of a documented rationale for the inherent risk rating of trade finance transactions. The third institution caught in this compliance crackdown is the Bank of Taiwan, South Africa Branch (BOTSA). The PA's inspections revealed deficiencies in the bank's management of its RMCP Introduction Manual. The PA said BOTSA failed to secure necessary approvals from its Executive Committee prior to implementing material changes to this vital document. Moreover, the bank did not effectively manage the annual reviews of its RMCP and neglected required due diligence measures on assessed correspondent banking relationships, as stated in its governance policy. It also implemented its RMCP and undertake the requisite due diligence measures in relation to two of its assessed correspondent banking relationships in respect of Vostro accounts; and provide evidence that its Screening of Customers and Transactions Manual had been reviewed and approved after 2020. "The PA confirms that BOTSA cooperated with the PA and that the bank has undertaken thenecessary remedial action to address the identified compliance deficiencies and control weaknesses," said the PA. BUSINESS REPORT
IOL News
26-05-2025
- Business
- IOL News
Trustworthy: another immediate 'deadline' for trust and company service providers (TCSPs)
South Africa faces a critical deadline to address its greylisting by the FATF, with significant implications for trust and company service providers. This article outlines the necessary compliance measures and the consequences of non-compliance. Image: File photo. More than two years ago, South Africa was found to have insufficiently addressed money laundering and terrorist financing, leading to its greylisting by the Financial Action Task Force (FATF). This greylisting has significant economic and reputational consequences for any country, prompting South Africa to set a deadline of January 2025 to fulfil all requirements for removal from the greylist. Unfortunately, two action items remain unresolved following the latest plenary meetings in France in February 2025. One item requires South Africa to demonstrate a sustained increase in the investigations and prosecutions of serious and complex money laundering, particularly those involving professional money laundering networks/enablers and third-party money laundering, aligned with its risk profile. Additionally, South Africa must show a sustained increase in the effective identification, investigation, and prosecution of the full spectrum of terrorist financing activities, consistent with its risk profile. As a result of missing the deadline, we have now entered our first four-month rolling review cycle (from March to June 2025) with the FATF. In a media statement, Treasury committed to addressing both outstanding action items by June 2025 to facilitate our exit from the greylist by October 2025. With the next reporting deadline approaching, it is unsurprising that we are experiencing increased compliance sanctions from the Financial Intelligence Centre (FIC) and the Financial Sector Conduct Authority (FSCA), aimed at demonstrating to the FATF that sufficient action is being taken against non-compliance. This serves as a stern warning to all TCSPs to comply immediately with the aspects discussed below, at least before the end of May 2025, which will allow the FIC to prepare for the next FATF review in June 2025. Guidance from fines already issued Several Designated Non-Financial Businesses and Professions (DNFBPs), a relatively new category of persons and entities obligated to comply with the FIC Act, have already faced administrative sanctions for non-compliance. The FIC included TCSPs in this new category of 'accountable institutions', as, due to the unique nature of the services they offer, they are vulnerable to abuse by entities seeking to misuse corporate structures to facilitate the movement of illicit funds. These sanctions arose from failures to adhere to FIC directives and the provisions of the FIC Act, such as submitting Risk and Compliance Returns (RCRs) and developing and implementing a Risk Management and Compliance Programme (RMCP). Some published examples include Capital Point Properties (for failing to develop and implement an RMCP, scrutinise clients against the targeted financial sanctions list, and comply with Directive 6, which requires certain accountable institutions to file an RCR), Alpha Trust (for non-compliance with Directive 6, requiring the submission of an RCR), KR Inc (for failing to comply with Directives 1, 2, and 4 regarding registration details on the goAML system, non-compliance with Directive 6, which mandates certain accountable institutions to file an RCR, and for sharing login credentials), the life insurers Sanlam Life and Fedgroup Life (for weaknesses in their money laundering control measures), and most recently Ninety One Fund Managers SA (for having a 'technically deficient' and poorly implemented RMCP, particularly in risk-rating its clients, among other shortcomings of the FIC Act). This list should guide trust and company service providers who have not yet complied with their 'new' obligations to comply immediately, some of which are discussed below. Register with the FIC as 'Accountable Institution' If you or your business qualifies as an 'accountable institution', you are obligated to register with the FIC. Failing to do so does not imply that you will be exempt from oversight. Non-registration will result in sanctions imposed by the FIC. The FIC statistics clearly indicate that many TCSP 'accountable institutions' have not yet registered, including accountants, attorneys, financial advisors, and other service providers offering the envisaged services as a business. Since the FIC's net is quite wide, any service provider dealing with companies and trusts should verify the types of activities they perform against the qualifying criteria set forth by the FIC. Schedule 1 (item 2) to the FIC Act and Public Compliance Communication 6A (PCC 6A) provide practical guidance on this topic. Submit RCR The FIC realised that DNFBPs, as a new 'accountable institution' type, are unaware of the money laundering and terrorist financing risks they face, making this sector and South Africa vulnerable to exploitation by criminals. Therefore, they developed the RCR to address this gap. The FIC believes that RCRs are integral to ensuring that businesses understand how they can be used for laundering proceeds acquired through criminal activities. According to the FIC, 'Filing a RCR is thus central to ensuring that businesses survive and are robust in the fight against financial crime.' The RCR is a questionnaire that assists businesses in identifying the risks they face from money laundering and terrorist financing abuse. The FIC uses its risk and compliance assessment analysis tool to evaluate the RCRs it receives, identifying DNFBPs at higher risk of money laundering and terrorist financing. Directive 6 was issued on March 31, 2023, obligating TCSPs to submit an RCR to the FIC by May 31, 2023. Directive 6 requires legal practitioners, estate agents, trust service providers, company service providers, and casinos to complete and submit their RCRs online via the FIC's website. The deadline for these submissions was May 31, 2023. For those TCSPS who have not yet submitted the RCR, they must do so immediately on the FIC portal. Non-compliance will be dealt with harshly, as they are quoted as saying, 'It is inevitable that the longer the non-compliance persists, the harsher the financial penalties will become.' Submit RMCP All 'accountable institutions', including trust and company service providers, must implement an RMCP. This structured framework of policies, procedures, and controls is designed to identify, assess, and mitigate risks, ensuring that an organisation adheres to relevant laws, regulations, and internal policies. The FIC requires 'accountable institutions' to indicate client types along with the degree of risk for money laundering, terrorist financing, and proliferation financing. This assists TCSPs in applying varying degrees of verification during onboarding and ongoing relationships. The RMCP helps TCSPs understand their business environments while implementing risk mitigation measures and controls to protect their businesses. The risk-based approach includes identifying various client types, determining what additional measures must be in place, and outlining what training their teams need to deal with such behaviours. The RMCP must be documented, kept updated, and implemented. Staff should understand the RMCP, as they are the ones at the coalface of the business. On March 4, 2025, the FIC issued a notification requesting all 'accountable institutions' supervised by it to submit a copy of the documentation describing their RMCP to the FIC on or before the close of business on Wednesday, 12 March 2025, in terms of section 42(4)(a) of the FIC Act 38 of 2001. The FIC advised that failure to comply with this request by March 12, 2025, would constitute non-compliance and might lead to administrative sanctions being imposed, including a financial penalty in terms of section 45C of the FIC Act. TCSPs who have not met the deadline to submit their RMCPs as per the above notification are urged to do so immediately to avoid further penalties. The FIC reminded accountable institutions that non-submission of the RMCP constitutes non-compliance with the FIC Act. The FIC, however, warns 'accountable institutions' not to merely submit a deficient RMCP and assume that will tick the compliance box. The FIC warned that the RMCP will be tested against legislative requirements through inspections and compliance monitoring. Therefore, TCSPs should ensure that the required attention is given when compiling the RMCP. The FIC confirmed in a media statement on May 7, 2025, that 'RMCPs are fundamental to protecting accountable institutions and ultimately, the integrity of our financial system.' The FIC reiterated that 'Accountable institutions who are in default must immediately submit their outstanding RMCPs electronically to the FIC on the goAML platform.' Communication from FIC on goAML goAML is an integrated software solution that the FIC uses for registration, reporting, data collection, analysis, case management, and secure communications. It is essentially the FIC's preferred IT platform for handling its daily operations. 'Accountable institutions' were strongly urged by the FIC to consult and monitor the FIC goAML message board daily (under their Org ID profile as registered with the FIC) to immediately attend to outstanding RMCP and other requests from the FIC. Conclusion South Africa's greylisting signalled that the country's effectiveness in combating financial crimes, such as money laundering and terror financing, was below international standards. This resulted in increased scrutiny from international regulators, along with reputational and economic damages. It is understandable that the government is implementing measures to convince the FATF that sufficient actions are being taken for the country to exit the greylist. If South Africa is not delisted by October 2025, it will be required to continue reporting to the FATF Africa Joint Group every four months until all action items are addressed. This situation would not bode well for the country. The RCRs and RMCPs are critical documentary evidence that the FIC must demonstrate to convince the FATF that the country has a sufficient handle on money laundering and terrorist financing. TCSPs, therefore, have no choice but to comply and visit goAML as a daily routine to stay out of trouble. * Van der Spuy is a Chartered Accountant with a Masters's degree in tax and a registered Fiduciary Practitioner of South Africa®, a Chartered Tax Adviser, a Trust and Estate Practitioner (TEP), and the founder of Trusteeze®, the provider of a digital trust solution. PERSONAL FINANCE
IOL News
28-04-2025
- Business
- IOL News
Absa Bank penalised R10 million for failing to comply with financial regulations
The administrative sanctions imposed on Absa are due to the failure to comply with certain provisions of the FIC Act and consist of two cautions not to repeat the conduct which led to the non-compliance, a reprimand and a financial penalty totalling R10 million The Prudential Authority (PA) has taken decisive action against Absa Bank, imposing administrative sanctions totalling R10 million following an inspection in 2022. This enforcement is part of the authority's ongoing mandate to ensure accountable institutions adhere to the Financial Intelligence Centre Act (FIC Act) of 2001. The PA on Friday said that the sanctions arose from serious breaches regarding compliance with customer due diligence regulations aimed at preventing financial crime. During its investigation, the PA identified significant shortfalls in Absa's adherence to essential provisions of the FIC Act.
