DocFox hosted a webinar on 29 March where Hawken McEwan, Director of Risk and Compliance at DocFox discussed what “greylisting” is, its effects, and how by addressing its deficiencies, together with law enforcement bodies, asset forfeiture units, the FIC and other entities, Accountable Institutions can also play an active role to get South Africa off the greylist.  

DocFox webinar_Greylisting

Since the announcement of the Financial Action Task Force (FATF) decision to greylist South Africa there has been a considerable amount of uncertainty of what this greylisting means for businesses and in particular Accountable Institutions. In addition to this concern, often the next question is what can we do to turn things around.

What are the reasons for South Africa being greylisted?

This is not a quick question to answer as there are a considerable amount of factors at play, but it’s important to perhaps fill in the context around who greylisted us.

National governments have continually faced an insurmountable challenge to deal with the growing problem of financial related crime such as money laundering and terrorist financing. As the financial system developed and international transactions became easier to conduct, the proceeds of crime would too easily disappear into the complexities of the global system.

It was clear that there needed to be a coordinated response. No country could fight money laundering on its own. In 1989, the G7 created the Financial Action Task Force (FATF), and their aim is to assist countries to stem the financial flows associated with crime through assessing the threats of illicit financial flows, of setting global standards for fighting them, colloquially called the FATF 40 Recommendations, and of particular relevance, assessing a countries effectiveness to implementing the standards.

Threats to the global financial system continue to evolve. New threats emerge, such as cyber-attacks against banks, as well as the use of virtual assets in criminal schemes. The FATF are responsible for assessing these ever changing threats, updating the recommendations, providing guidance and continuing to assess countries compliance with them.

And it’s that assessment against the FATF recommendations that led to our greylist designation.

To reiterate, it is a designation. It’s not a sanction. There are no legal restrictions around anyone doing business with South Africa, its entities, or individuals. Rather, the country has, as a whole, been identified as having weaknesses in its controls around money laundering, terrorist financing and proliferation financing compared to the standards that are generally accepted by the majority of the developed world. Those FATF 40 Recommendations.  

We were only compliant with three of the forty recommendations in the first round of assessments, and even with considerable work behind the scenes, at our final assessment in February this year, we were found to still be lacking in eight.

What are the 8 strategic deficiencies identified

A key aspect to note is the way the FATF recommendations are weighted towards criminal justice and prosecutions, rather than front end customer and transaction interaction - so whilst the recent regulatory updates placing requirements on accountable institutions were key to addressing some risks and were live, they were still not fully implemented.  

What the FATF wanted to see was effective justice prevailing. Implementation of the recommendations on the ground.  The criminals being caught and sent to jail – with their ill-gotten gains taken away – so the key deficiencies and subsequent action plan all play to that.

  • SA had to improve risk-based supervision - especially of  designated non-financial businesses (DNFBs) and demonstrate that all AML/CFT supervisors apply effective and proportionate sanctions for noncompliance; In other words, don’t overlook the non-financial entities that are being leveraged in financial crime schemes to buy, transfer or sell assets, and across the board check compliance more often, more intensely and where you see gaps, enforce stricter sanctions, to demonstrate that non-compliance will not be tolerated.
  • We had to ensure that competent authorities have timely access to accurate and up-to-date Beneficial Owner information on legal persons and arrangements, so it was clear who was behind transactions and activities. Again, there was a need to apply sanctions and fines for breaches or violations by legal persons who fail to declare their ultimate ownership or control – who is really in the driving seat of companies and their activities and transactions.
  • We have to demonstrate a sustained increase in investigations and prosecutions of serious and complex money laundering and terrorist finance related activities. Whilst we had seen an increase in arrests and investigation over recent months, the FATF want to see this continue - and more than that - continue through to actual prosecution - sending a clear message that again, this behaviour will not be tolerated.
  • Part of this is a need for SA to enhance its identification, seizure and confiscation of proceeds and instrumentalities of a wider range of predicate crimes.  They want to see more asset forfeiture of criminal assets.
  • The FATF then turned to the Financial Intelligence Centre (FIC) and required them to update its Terrorist Finance Risk Assessment to inform the implementation of a comprehensive national counter financing of terrorism strategy. The report alluded that South Africa’s reluctance ‘to classify politically motivated violent acts as terrorism’ was constraining its ability to tackle terrorist financing.
  • The FIC must also ensure the effective implementation of Targeted Financial Sanctions (TFS) and demonstrate an effective mechanism to identify individuals and entities that meet the criteria for domestic designation. This means ensuring institutions are screening against the TFS list and more than that, proactively adding domestic names to the list and not just rely on the designation of names by the United Nations.
  • Finally, comments around sharing information - asking the country to demonstrate a sustained increase in law enforcement agencies’ requests for financial intelligence from the FIC for its investigations; and a sustained increase in information sharing internationally and better and more information to help facilitate investigations and confiscations here and abroad.

So we had done a lot of work in terms of updating legislation… but the FATF want to see action and real, tangible and sustained results that have the ultimate outcome of seizing assets and successfully prosecuting those behind them.

DocFox greylisting webinar_2023 Final Review


What are the practical implications to take into consideration since the announcement?

The biggest implications seem to be across two broad themes.

Firstly, other countries will now see us as a higher risk and will seek to mitigate their exposure through either voting with their feet, or undertaking enhanced due diligence to get a level of comfort that whatever their engagement is with South Africa, is legitimate and transparent. That will mean South African individuals and businesses jumping through hoops, answering more questions and providing more information.  Although in real terms the level of risk didn’t change on the 24th of February, it did put us on the global stage and so it is anticipated that there will be an extra cost in terms of compliance.

Secondly, a lot of these challenges are systemic in nature around the entire law enforcement value chain – and to deliver those prosecutions we’ve been waiting for will require jumping considerable hurdles around legislation, capacity, resources, skills, due process and arguably impetus.

Whilst we arguably have the legislation, we are still lacking in leveraging it to its full advantage to see results.

In fact, the Minister of Finance, Enoch Godongwana, announced the allocation of R14bn in the budget to support the strengthening of SA’s defences against, and prosecution of, financial crime and said they must make sure that they can strengthen the security cluster and develop a programme of action in order to get out of this greylisting as quickly as possible.

What responsibility do Accountable Institutions have?

DocFox_Greylisting webinar_What responsibility do Accountable Institutions have?

A common thread we have seen running through the reasons behind greylisting is one of action, or lack thereof.  The inability to demonstrate effectiveness and implementation on the ground.

And a large part of this will come from Accountable Institutions (AI’s) - old and new.

The FIC and law enforcement have a requirement to make better use of, and to share information.  That information comes from a variety of sources, but very much includes the reports made by Accountable Institutions around suspicious activities and transactions.  AI’s play a vital role in the value chain of intelligence for the country.

Secondly, there has been a clear statement from the FSCA, the SARB and the FIC that the level of supervision around the Financial Intelligence Centre Act (FICA) will increase. They will expect to see full compliance with all requirements, from knowing your customer (KYC) and  screening against sanctions lists, to reporting suspicions  - and the consequences for non-compliance will become much more prevalent.   

This is all to provide a level of comfort that the requirements of the legislation is being put into action - a great indicator to the FATF and the world that the words on paper are being adhered to on the front line.

So how can Accountable Institutions help the fight against the grey?  Simple. Be compliant.

The Ponemon Institute published research that showed the cost of non-compliance was potentially almost 3 times the cost of maintaining or meeting compliance requirements. So whilst we mentioned that increase in the cost of doing business earlier, being compliant is certainly the less expensive option compared to the potential risk of the alternatives – which can be severe enough to close businesses. But whilst regulatory compliance is absolutely something we need to get stricter about I think that finally, there is a clear need for commitment from South African businesses to also do what is right, not what is easy.

A message from all of us at DocFox: The true financial crime superheros are those on the front line who are involved with the clients, the assets and the transactions and who can use their skills, experience and knowledge to pick up on the often very subtle clues that something untoward may be going on. However, having said that, for the majority of people, fighting financial crime is not their day job – but every single one of the stories and headlines you read or hear about on the news relate to financial crimes that are there because someone said something. Someone did something. Someone reported their suspicion.

So you can be part of making a difference - and of getting the colour back into our amazing country and finally moving away from the greylisting designation cloud hanging over us.

You really are part of the front line defence against money laundering and terrorist financing in South Africa.   And by actively engaging, you can play your part in turning greylisting around! DocFox is committed to playing an active role, where possible, in getting SA delisted. Continue to follow us and our #SAisnotgrey campaign to stay up to date with everything related to greylisting.

Other topics discussed:

>> New Politically Exposed and Prominent Influential Persons Acronyms in Terms of the FIC Act

>> Recent Important FICA Amendments you Should be Aware of

>>The New Categories in FIC Act Schedule 1 and New Accountable Institutions in Terms of the FIC Act

>> Cash Reporting Threshold increase and other Changes to FICA Rules

Some questions from the webinar:

Q: You mentioned new accountable institutions as one of the steps taken to avoid greylisting. Is it true they have 18 months to comply?

DocFox Compliance Team Answer: I hear this on probably a daily basis and it’s a misunderstanding of the communications issued by the FIC. The new Schedule went live on 19th December. That means that these new institutions considered accountable, such as credit providers and high value goods dealers needed to be compliant from that date.  Not in 18 months time.
The confusion arose in that the FIC stated that although inspections will take place, they do not envisage issuing sanctions or fines for 18 months.    It did not say that you did not have to be compliant, not that it would NOT issue sanctions or fines. 
The meaning behind that was that they would focus on assisting and guiding these new institutions with compliance during inspections, but the expectation for compliance is still there.  If they see wilful blindness as I spoke about before, or an avoidance of process – then I think there is absolutely the possibility of sanctions and fines.  So in short, no it’s not true. These firms need to be compliant now.    

Q: Why are all our clients suddenly High Risk Rated? Surely if the AI as well as the client are both in the same greylisted country then the outcome should be the same as before the greylising?

DocFox Compliance Team Answer: It is all about taking a risk-based approach. Since South Africa as a country has been greylisted and not its citizens, it may not make sense for you to make South Africa as a country have a high risk scoring for a higher risk jurisdiction risk factor, particularly since all of your clients may be South African. This can all be detailed in your RMCP.

Q: With the changes that were made to the Financial Intelligence Centre Act, which came into effect on 19 Dec 2022, will incidental credit providers need to register with the FIC as accountable institutions?

DocFox Compliance Team Answer: Yes these credit providers are seen as AIs. Please have a look at Draft PCC 23A on credit providers for more information.

Q: The CIPC has announced that "it is planning to establish and implement a Beneficial Ownership (BO) register to be released upon approval of the Regulations, pursuant to the commencement of the General Laws Amendment Act, 2022..." Will DocFox make that information available to us?

DocFox Compliance Team Answer: We are not aware at this stage of who will have access to the register or how it will work. We are following announcements and updates. At this stage we cannot confirm.

Q: Are any of the other BRICS [Brazil, Russia, India, China, South Africa] nations greylisted/blacklisted by FATF?

DocFox Compliance Team Answer: Please see a link to all grey and black list countries: