DocFox Director of Risk and Compliance, Hawken McEwan, answers some of the most commonly received questions on outsourcing FICA requirements. 

Breaking the myths around FICA outsourcing_DocFox

Can a 3rd party provider be my FICA Compliance Officer?

Section 42A(2)(a) of the FIC Act requires that an Accountable Institution have a compliance function to assist the board of directors or the senior management in discharging their compliance obligations under FICA and so must appoint an internal Compliance Officer with sufficient competence and seniority.

The role of Compliance Officer cannot be outsourced. You cannot act as a Compliance Officer for any Accountable Institution unless you are an employee of that firm as only people working within the business can really understand the risks within it.

However, our compliance team of attorneys and certified anti-money laundering specialists can support you and your team in an advisory, guidance and training capacity.


Can a 3rd party provider give me a Risk Management and Compliance Programme (RMCP)?

Each RMCP must be specific to the individual institution to ensure it reflects the risks in the business and the risk-based approach taken.

An Accountable Institution may seek assistance from a third-party service provider for the development and implementation of an RMCP, which includes the identification of risks and mitigating controls. However, the Accountable Institution has the best understanding of their business and should be involved in its development to ensure that it is suitable and addresses the institution’s specific risk.

DocFox has a customisable RMCP template and our team of compliance experts can provide guidance and notes for you to customise the templates according to your needs.


Can a 3rd party provider help with my risk rating?

Absolutely. Whilst the Accountable Institution has the best understanding of the Money laundering, terrorist and proliferation financing risk that it faces due to the nature of its business, products and services, and should be actively involved in the developing of a risk rating schema, our compliance team at DocFox Africa has a wide base of industry knowledge and can help provide guidance around best practice and FIC recommended assessment approaches to help you define a risk rating schema that is effective and practical.


Can a 3rd party provider 'do' my Customer Due Diligence (CDD) for me?

The main purpose or core function of conducting CDD, is for the Accountable Institution to know and understand who its clients are. Therefore, the Accountable Institution cannot outsource its CDD obligation, and the Accountable Institution will always remain responsible for conducting CDD and assessing risk.

However, an Accountable Institution may seek the assistance of a third-party service provider like DocFox to assist with the CDD operational functions such as the collection, processing and screening of documentation and/or information for CDD purposes.

The Accountable Institution must have sufficient controls in place to ensure that its CDD obligations have been met – and that is why our customers must review, risk assess and accept/decline every single client themselves so they really Know Their Clients (KYC).

Higher risk clients and those identifying as DPEP, FPEP or PIPs should be signed off by senior management.


How can DocFox help?

Our compliance team of experienced attorneys and certified anti-money laundering specialists at DocFox Africa are well versed in all things FICA. Based on our years of experience working with Accountable Institutions we have put together a range of FICA-based compliance services that will be sure to enhance the success uptake and implementation of FICA compliance within your business. This includes our ‘Compliance on Call‘ service that allows you to ask unlimited AML related questions to the team for their input.

Read more about our services here