A New Lease on FICAA Compliance: Building a Client Risk Assessment Framework Brick by Brick

The overarching concept in terms of the Financial Intelligence Centre Amendment Act 1 of 2017 (FICAA) centres around what is termed a risk-based approach, which allows Accountable Institutions to design Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) controls and processes that will work for their particular business and then use a risk assessment and calculation for each client to decide on the level of due diligence focus clients receive based on their unique risk rating. 

A vital process in the due diligence chain which is mandatory in FICAA is for Accountable Institutions to “Know your Customer” (KYC), which means identifying and verifying clients, whether that be a natural or juristic person. 

In terms of the South African property / real estate industry, identifying a client and verifying them and their documents against Home Affairs, CIPC and credit bureau databases, which DocFox has plug-ins into, is essential in determining whether it is within your risk appetite to conclude a once-off transaction or begin a business relationship with a client as an Accountable Institution. For instance, a credit bureau check could determine a lessee or property purchaser’s ability to pay/continue to pay rental amounts or their ability to repay an interest-backed loan to a bond-issuing bank, as the risks in repayment failures result in an interruption of cash flow and difficulties and time wastage for the costs of collection for Accountable Institutions.

However, in terms of the wider AML/CFT risk landscape, credit bureau checks, although performing an important KYC function, are only one piece of the larger jigsaw puzzle in terms of an Accountable Institution’s obligations and client risk assessment analysis in terms of FICAA. 

Currently, in terms of FICAA, estate agents are mandated to comply with the full suite of FICAA obligations as an Accountable Institution. However, with the advent of the new Property Practitioners Act No. 22 of 2019 (PPA), which extends to, inter alia, property brokers, property developers and managers, bond facilitators and homeowner associations, it is only a matter of time before “property practitioners” replace “estate agent” under Schedule 1 of FICAA (“List of Accountable Institutions”), particularly since the PPA has now formally replaced the Estate Agency Affairs Act No. 112 of 1976. Property Practitioners would therefore be well-advised to start building towards their FICAA compliance to get ahead of the curve. 

There is more to KYC than Credit Checks

In terms of assessing the risk a potential client presents, whilst there are certain mandated elements around identity, source of funds / wealth and understanding the nature and purpose of a client's relationship with you, how you assess and score risk can depend on your business’s make up which will, to an extent, contribute to the definition of the elements you consider in your risk rating scheme.

In addition to checking credit bureaus and assessing client credit scores, there are several other risk factors that should be taken into account in terms of the property / real estate industry, which combined, enable these industry entities to better know their client and form a clear picture of the overall AML/CFT risk they pose. 

Some of the more important natural and legal person risk factors, which form part of the overall client risk matrix, are:

  • Country of Birth/Citizenship
  • Main country of operation (Legal Persons)
  • Country of Residence
  • Main business industry
  • What is the client's main source of funds?
  • Nature and purpose of relationship with you?
  • Products/services requested?
  • Is there any relevant adverse media?
  • Has the client been identified on a watchlist?
  • Is the client a Domestic Prominent Influential Person (DPIP) or Foreign Prominent Public Official (FPPO) (Politically Exposed Persons)?
  • Value of transaction?
  • Does the sale/rental value seem fairly represented?
  • Has the client viewed the property?
  • Does the property appear aligned to the clients profile?
  • SALE: Will the property be registered in the clients own name?
  • RENTAL: Will the client be the physical tenant?
  • RENTAL: Is the lease a standard term/length?
  • Are any related parties to the entity High Risk? (Legal Persons)

The above risks may be taken into account and utilised, depending on what an Accountable Institution places importance, reliance and emphasis on to determine their client’s overall AML/CFT risk rating calculation. 

Ultimately, whether it is half a percent or 50% of your client base, whether it’s a large or small matter, clients must be risk assessed and fully identified, verified and assessed in line with their potential risk and cash transactions must be reported as there are considerable consequences for failing to do so ( 

At DocFox, with our main pursuit of making money laundering impossible, we can assist you to become FICAA compliant with a range of service offerings, including:

DocFox Software & Services

  • Seamless Customer Onboarding: collecting and comparing information and documents against third-party databases, from individuals to the most complex juristic entities;
  • Risk rating and Automated Client Review: this solution is a fully-configurable, powerful tool which allows you to define, create and implement a risk rating solution that is unique to your business;
  • Ongoing Monitoring: identifying ongoing threats by screening your clients daily against global sanctions lists, watchlists and adverse media, identifying prominent influential persons using the most comprehensive DPIP database in South Africa (we even have SA Royal Families and SOE Board Members);

  • Enhanced Due Diligence (EDD): deep-dives into client files, ownership structures or related entities. Our system enables you to collect enhanced due diligence documents, such as for source of funds, for high risk clients. You can further add to your due diligence by using our bank account verification service to verify that your clients South African banking details are correct and valid;

  • Being Audit Ready: DocFox is a central repository for all your KYC documents, where every action is logged and time-stamped, so that you are always audit ready; and

  • Compliance Services: our FICAA Compliance Experts are on call for advice and guidance on all FICAA and AML related questions. We can build a tailored Risk Management & Compliance Programme (RMCP) for your business, perform an Annual Compliance Review on your selected files and perform Project Services such as preparing for or responding to a FIC inspection, provide guidance on finding your juristic client’s Ultimate Beneficial Owner (UBO) and provide assistance on how to submit Suspicious Activity or Transaction Reports (SAR’s/STR’s). In addition, attend all the professional certified training you will ever need, you can view these trainings here.

Although assessing a client’s credit risk is a vital and necessary element of the overall umbrella of risk factors that real estate / property entities could consider in determining their clients overarching AML/CFT risk, there are several other risk factors, as seen above, which can determine the level of risk and depth of client due diligence required to be undertaken. Whereas one brick will not construct a complete client risk assessment development, taking a plethora of risk factors into account means that Accountable Institutions can complete and construct a clearer and more holistic client risk assessment, thereby being able to know their clients better and to also understand the AML/CFT risks to which their clients expose them.