SA’s Greylisting - A Year in, the Long Road to Redemption

February 2024 marks a year since South Africa (SA) was placed on the greylist by the Financial Action Task Force (FATF). We take a look at the progress made in addressing the deficiencies identified by the FATF and discuss the road ahead. 

SA has been a FATF member since 2003 and like all members, is required to undergo mutual evaluation reviews (MERs) on a scheduled basis. These evaluations assess member countries of their compliance with the FATF’s 40 recommendations, which are internationally agreed standards according to which members work to enhance their Anti-Money Laundering and Combating the Financing of terrorism (AML/CFT) laws, as well as those relating to the combatting of the financing of the proliferation (CFP) of weapons of mass destruction.

The MER carried out in 2021, found deficiencies in SA’s AML, CFT and CFP framework and 67 recommendations were made to address these. The country was unable to resolve all deficiencies, though it did pare down the initial 67 concerns to just 8 by the time the FATF held its deliberations on South Africa’s fate in February 2023. The country was added to the FATF greylist of “countries under increased monitoring that are actively working with the FATF to address strategic deficiencies in their regimes” and has undergone two follow-up assessments since then.

The FATF expects that countries that have been placed on their grey and black lists will have addressed most, if not all, technical compliance deficiencies by the end of the third year from the adoption of their MER. It is a year since SA was added to the FATF greylist and the work done towards addressing the technical compliance deficiencies identified reveals that there is forward momentum. We will unpack some of these developments to see if SA’s hope of getting off the greylist by 2025 is an achievable feat.

Progress made by SA in addressing technical compliance deficiencies:

Amongst the remaining 8 recommendations, SA was expected to improve on its risk based supervision on Designated Non-financial Businesses and Professions (DNFBPs) and demonstrate that supervisors can act on non-compliance. These DNFBPs include Credit Providers, the South African Post Bank Limited, High-value goods dealers, the South African Mint Company and Crypto asset service providers. In response to that recommendation the Financial Intelligence Centre (FIC) amended the list of categories of accountable institutions to include DNFBPs and thereafter issued Directives 6 and 7 of 2023. These directives require affected AIs, where the FIC is responsible for supervisory oversight, to submit an annual Risk and Compliance Return (RCR) to the FIC. The questions on the RCR seek to know how these AIs treat different types of risks including, client, transaction, distribution channel, product, geographic, money laundering, terrorist financing and proliferation financing risks. Accordingly, these AIs are obliged to file a self-assessment on their AML, CTF and CPF regimes. The FIC uses a risk-rating tool to analyse the data from RCRs to identify higher risk DNFBPs as a basis for risk-based supervision consideration, and inclusion in the supervisory plan. Non-submission of the return will be considered as non-compliance and may result in an administrative sanction including financial penalties of up to R50 million.

Although a remarkable effort, directives 6 and 7 have been met with a very poor response from the affected AIs, more particularly from legal practitioners and estate agents. From an estimated 16 000 legal practitioners registered with the FIC only a little over 50% have submitted RCRs and about 43% of an estimated 9 000 estate agents. The FIC has not taken too kindly to this nonchalant response and has in turn responded with targeted  inspections on the two categories with a specific interest on whether RCRs were filed and that in a timely manner. Possible administrative sanctions will be issued and hopefully this seeming challenge will not have a material impact on SA’s intention of getting off the greylist within the anticipated time.
 
Additionally, the FIC issued Directive 8 of 2023 which requires AIs to screen all prospective and current employees for competence and integrity as well as to scrutinise employee information against the targeted financial sanctions (TFS) lists. Employees must be risk assessed and subjected to periodic reviews as informed by the relevant risk levels. Although an additional duty, it is possible that the employee risk assessment will be reasonably manageable to carry out for a lot of AIs because most of the employee onboarding human resources processes entail the screening for competence and integrity. For AIs that had already been accountable when the directive was issued it is also a matter of scrutinising their employee information against the TFS lists by use of an existing framework that they have been using for their clients.
 
In October 2022, SA gazetted the decision to regulate crypto currency dealers and exchanges through licensing by the Financial Sector Conduct Authority (FSCA) and a transitional exemption for the period of 1 June 2023 to 30 November 2023 was granted. The licensing initiative has already faced a few challenges as evidenced by the low number of parties that have enlisted and those that revoked their applications. Some of the reasons noted for the low response were the cost of regulation , the needed skill set for key individuals (persons responsible for the regulatory compliance and treating clients fairly requirements) and security requirements of custodial wallets. Crypto currencies by design leverage on blockchain technology to create a decentralised ledger which essentially circumvents the traditional financial system as we know it. Most crypto currencies proponents feel regulation is counterproductive because it hinders peer to peer transactions, which are exclusive of the red tape that comes with the traditional system and exchange control regulations amongst other processes.
 
In October 2023, SA through the Companies and Intellectual Property Commission (CIPC) implemented a beneficial ownership registry. Entities incorporated after and on the 24th of May 2023 are required to file the records of their beneficial owner within 10 days after such incorporation. Entities incorporated before the 24th of May 2023 have to file their Securities register or beneficial ownership register as part of their Annual Returns filing process. Although not accessible to the public the information captured in the registry will be triangulated between the CIPC, the FIC and law enforcement agencies which should immensely improve financial crime investigations and in turn potentially improve the prosecution rate for the same crimes.
 
On the international front, as per the FIC’s annual report of 2022/23, Memoranda of understanding (MoUs) were concluded with the financial intelligence units of Greece, Uruguay, Japan, Bhutan and Pakistan. This brought to 100 the total number of international MoUs the FIC had in place as at 31 March 2023. Since its establishment, the FIC has entered into 42 MoUs with domestic institutions, two of which were signed during the 2022/23 financial year. These MoUs commit both parties to working together to ensure that the financial system is safe, stable and sustainable for all citizens.
 
During the FIC’s 2022/23 financial year, a total of 946 compliance inspections were conducted. The total financial penalty of the sanctions imposed by the FIC was valued at R872 388, of which R436 194 was payable and the remainder was suspended. A notable emphasis in the consideration of business and national level risks when AIs formulated their risk rating matrixes, was observed. Common areas of non-compliance were AIs failing to present effective risk rating frameworks and failing to draft an RMCP that complies with section 42 of the FIC Act. Both areas fall square within DocFox’s expert offerings and if you are battling with the same your solution is an email or phone call away.
 
Countries that have been added to the FATF grey and black lists must actively work with the FATF to address identified deficiencies within their regimes. This in turn should strengthen and enhance the integrity of the affected country’s AML/CFT/CFP regimes and the global financial system as a whole. Massive strides have been made in the space of a year and they inspire confidence in SA’s possible exit from the FATF’s list within the anticipated time. 

What can we expect in 2024?

Still outstanding and on the roadmap:

• As per the National treasury report of 2023, amongst other things, is strengthening of supervisory capacity (both human and financial resources) of the FIC and FSCA by May 2024.
• Conducting inspections on a risk sensitive basis on high-risk DNFBPs by September 2024.
• A demonstration of increased investigations and prosecutions of serious and complex money laundering crimes by January 2025.

These and several other objectives are set to be achieved by SA in the upcoming months, as endeavours to get off the greylist. The next FATF follow up report is expected in October/November 2024 and we await to see the progress that will be made this year.