In our recent article we took a look at The 7 key requirements that need to be met in order to be FICA compliant. Within these 7 key requirements there are several procedures and checks that Accountable Institutions should be completing:
Establish and verify the identity of your client (Customer Due Diligence) 🔎
Customer Due Diligence (CDD) includes performing identification and verification checks on your clients to assess their varying levels of risk, prior to undertaking a single transaction or establishing a business relationship with them. In order to truly know your customer you should do more than just obtain proof of your customer’s identity and address. As an Accountable Institution you should also be requesting disclosures and documentation on a case-by-case risk-based basis to understand who your customers are. For example, you would need to identify if your client is a legal person, related party (eg: Directors, Partners or Members, who have executive control or management over a legal person) and/or Ultimate Beneficial Owner. This would need to be identified before undertaking a single transaction or establishing a business relationship. For higher risk clients, enhanced due diligence would need to be performed such as seeking senior management approval for the relationship, establishing the source of wealth/funds and conducting enhanced ongoing monitoring of the business relationship.
Establish the nature and purpose of your client – business relationship
A big part of understanding your client, is identifying the nature and/or purpose of the business relationship. For example, this could include identifying whether it is a once-off transaction or longer-term business relationship as well as what products/services the client is requesting.
Risk rating your clients according to a RMCP
As per the FATF “a risk-based approach means understanding the Money Laundering and terrorist financing risk to which you are exposed, and taking the appropriate mitigation measures in accordance with the level of risk”. What this means is that clients need to be risk assessed (eg: low, medium or high rated) against a variety of risk factors relevant to your business (eg: source of funds; main business activities; size of transaction; adverse media; product; service etc) in accordance with a risk rating schema and in light of your Risk Management and Compliance Programme (RMCP) to know whether more or less stringent due diligence measures need to be taken.
Determining the source of funds or wealth
An important element of CDD is that Accountable Institutions (AIs) should obtain a declaration of where the money is coming from in order to perform a transaction. In other words, identifying the source of funds means you should identify the origin of the particular funds which are being used to perform the transaction between the AI and the customer.
Sanctions Screening and Adverse Media
The key requirements in South Africa are to screen all clients against the United Nations Targeted Financial Sanctions lists. These primarily look to address terrorist activities and terrorist-related funding and list individuals and companies that are known to have links or involvement to these related activities. Sanctions are referred to in terms of sections 26A, 26B and 26C of the FIC Act.
Adverse media checks or screenings refers to screening your clients or potential clients against general media and press. Adverse media checks can reveal the involvement of your potential clients with crimes such as money laundering, financial fraud, drug trafficking, financial threats, organised crime, or terrorism. Adverse media is helpful in determining whether or not your client poses any reputational risk to your business or if they have perhaps been mentioned in any adverse news stories.
Identify whether your client is a Domestic Prominent Influential Person (DPIP) or Foreign Prominent Public Official (FPPO)
We have put together some extensive resources explaining all you need to know about DPIPs/FPPOs, you can have a read here for more information. In terms of your action as an Accountable Institution, according to sections 21F and 21G of FICA, you need to undertake enhanced due diligence measures when a client is identified as a DPIP or FPPO. These include seeking senior management approval for the relationship, establishing the source of wealth and funds and conducting enhanced ongoing monitoring of the business relationship. (As of 29 December 2022, Domestic Prominent Influential Persons (DPIPs) and Foreign Prominent Public Officials (FPPOs) have been replaced with the acronyms Domestic Politically Exposed Persons (DPEPs) and Foreign Politically Exposed Persons (FPEPs). Read more here.)
Ensure ongoing due diligence
Client due diligence should not be a once off task but should instead be continuous. This means keeping information about clients up to date and continuing to monitor their behaviour, activity and transactions. It is also important to evidence changes that might occur over time, for example a change of industry, adverse media or sanctions around a client so that their risk rating can be updated and appropriate due diligence undertaken.
Should you require help with any of the above, or if you would like to check that you are meeting all FICA requirements, then feel free to reach out to our Compliance Team: compliance@docfox.co.za