2018JSAfrL227 (Spruit Article)

DATE DOWNLOADED: Sun Nov 5 01:59:57 2023
SOURCE: Content Downloaded from HeinOnline
Citations:
Please note: citations are provided as a general guideline. Users should consult their preferred
citation format's style manual for proper citation formatting.
Bluebook 21st ed.

Charl Hugo & Wynand Spruyt, Money Laundering, Terrorist Financing and Financial
Sanction: South Africa's Response by Means of the Financial Intelligence Centre
Amendment Act 1 of 2017, 2018 J. S. AFR. L. 227 (2018).
ALWD 7th ed.

Charl Hugo & Wynand Spruyt, Money Laundering, Terrorist Financing and Financial
Amendment Act 1 of 2017, 2018 J. S. Afr. L. 227 (2018).
APA 7th ed.

Hugo, C., & Spruyt, W. (2018). Money laundering, terrorist financing and financial
sanction: south africa's response by means of the financial intelligence centre
amendment act of 2017. Journal of South African Law, 2018(2), 227-255.
Chicago 17th ed.

Charl Hugo; Wynand Spruyt, "Money Laundering, Terrorist Financing and Financial
Amendment Act 1 of 2017," Journal of South African Law 2018, no. 2 (2018): 227-255
McGill Guide 9th ed.

Charl Hugo & Wynand Spruyt, "Money Laundering, Terrorist Financing and Financial
Amendment Act 1 of 2017" [2018] 2018:2 J S Afr L 227.
AGLC 4th ed.

Charl Hugo and Wynand Spruyt, 'Money Laundering, Terrorist Financing and Financial
Amendment Act 1 of 2017' [2018] 2018(2) Journal of South African Law 227
MLA 9th ed.

Hugo, Charl, and Wynand Spruyt. "Money Laundering, Terrorist Financing and Financial
Amendment Act 1 of 2017." Journal of South African Law, vol. 2018, no. 2, 2018, pp.
227-255. HeinOnline.
OSCOLA 4th ed.

Charl Hugo & Wynand Spruyt, 'Money Laundering, Terrorist Financing and Financial
Amendment Act 1 of 2017' (2018) 2018 J S Afr L 227 Please note:
citations are provided as a general guideline. Users should consult their preferred
citation format's style manual for proper citation formatting.
-- Your use of this HeinOnline PDF indicates your acceptance of HeinOnline's Terms and
Conditions of the license agreement available at
Money laundering, terroristfinancing and
financial sanctions: South Africa's response
by means of the Financial Intelligence Centre
Amendment Act 1 of 2017
CHARL HUGO*
WYNAND SPRUYT**
1 Introduction
These notes are aimed at improving understanding of the Financial Intelligence
Centre Act 38 of 2001 (henceforth the act),' in particular as amended by the Financial
Intelligence Centre Amendment Act 1 of 2017 (henceforth the amendment act).
This legislation is aimed at (i) dealing with different aspects of financial crime,
especially money laundering and the financing of terrorism, and (ii) the freezing
of property associated with (mainly) acts of terrorism. It also serves the important
function of assuring the international financial community that South Africa's
financial system and institutions are safe, trustworthy and resistant to abuse by
criminals.
The act created the Financial Intelligence Centre (henceforth the centre),
a statutory body operating outside the public service but within the public
administration as envisaged in section 195 of the constitution. It is registered as
a national public entity in terms of the Public Finance Management Act.3 The
centre's task is not to prosecute or even refer crimes to be investigated. However,
it gathers and analyses financial data and disseminates financial intelligence to
investigative and law enforcement authorities.4 Hence the effectiveness with which
financial crime is prosecuted in South Africa remains a function of the criminal
justice system supported by the role performed by the centre.
The amendment act is an attempt by the South African legislature to improve
the effectiveness of the act. In this regard it has introduced far-reaching and
fundamental changes that also bring South African law, in this regard, more in line
with international standards. In dealing with this development, we explore, first,
* Professor of Banking Law and Director of the Centre for Banking Law, University of Johannesburg.
** Visiting researcher of the Centre for Banking Law, University of Johannesburg.
The common acronym is FICA. The literature relating to FICA teems with acronyms and
abbreviations. A complete list of all those used in the footnotes of this article appears at the end of
the article to facilitate reading.
2 The common acronym is FTC.
I of 1999 (schedule 3 part A).
FTC Annual Report (2016/2017) (https://www.fic.gov.za/Documents/FIC%29Annual%2OReport%20
2016-17%20(LR)pdf) (29-12-2017) 10.
During the 2016-2017 reporting period the data gathered by the FTC included more than five million
financial transactions reported by 3 326 different institutions. These included 358 412 suspicious and
unusual transaction reports. The FIC also received 1 776 domestic and 369 international requests
for information and blocked funds to the value of R149 million. See FTC (n 4) 18-20. The reporting
duties of different institutions are dealt with in par 8 below.
227
[ISSN O257 - 7747] TSAR 2018 -2
228 HUGO AND SPRUYT
the relevant legislative history of the amendment act and other related regulatory
material. This is followed by a consideration of the purposes of the act and the
amendment act. Next, the international background of the act, the work of the
Financial Action Task Force,6 is examined. The main changes brought about by the
amendment act are then identified, after which these changes are revisited in more
detail with specific focus on material issues such as (i) the risk-based approach, (ii)
client due diligence, (iii) beneficial ownership, (iv) 7politically exposed persons and
(v) risk management and compliance programmes. Brief attention is then given to
reporting duties and financial sanctions under the act as amended. Finally, the notes
conclude with a brief reflection on the source material available and relevant to
institutions required to give effect to the provisions of the act.
2 Legislative history
The act dates back to 2001. The amendment act was eventually' signed by
the president on 26 April 2017 and gazetted on 2 May 2017. The determination
of its commencement date(s), however, was left to the minister of finance,' who
determined that certain provisions would become operative on 13 June 2017, others
on 2 October 2017, and yet others on a later date still to be determined but envisaged
to be no later than by the end of 2018.1o
The provisions implemented on 13 June 2017 were those that did not require
changes to the existing regulations, the exemptions or the internal systems
that enable accountable institutions to comply with the act as amended. The
majority of the remaining provisions became operative on 2 October 2017. These
provisions give effect to new concepts and approaches, or required changes to the
regulations and exemptions in place under the act (prior to the amendments and/
or the compliance processes and systems in use by accountable institutions. The
remaining provisions relate mainly to either the freezing of assets in accordance
with United Nations Security Council resolutions relating to financial sanctions, or
to certain aspects of doing business with domestic politically exposed persons (or, 4to
employ the terminology of the act, "domestic prominent influential person[s]" ).1
On 2 October 2017, the amendments to the Money Laundering and Terrorist
Financing Control Regulations (henceforth the regulations)" also came into
6 The common acronym is FATF.

It is not possible to separate these issues cleanly from one another; they are interrelated.
The Financial Intelligence Centre Amendment Bill dates back to April 2015, when it was tabled by
the treasury in parliament.
See s 61 of the amendment act.
o Financial Intelligence Centre (FIC) Road Map for the Implementation of the FinancialIntelligence
Centre Amendment Act (http://www.fic.gov.za/Documents/) (29-12-2017). See also Spruyt "The
Financial Intelligence Centre Amendment Act and the application of a risk-based approach" in Hugo
and Du Toit (eds) Annual Banking Law Update (2017) 19.
FIC (n 10).
12 FIC (n 10).
13 See the definition in s I of the act.
14 The international terminology emanating from the FATF favours "politically exposed person"
(PEP) irrespective of whether referring to domestic or foreign persons. The act, as amended, prefers
"domestic prominent influential person" (or domestic PIP) and "foreign prominent public official"
(or foreign PPO). See s I of the act.
published in GG 41154 (29-09-2017).
TSAR 2018.2 [iSSN 0257 - 7747]

MONEY LAUNDERING, TERRORIST FINANCING AND FINANCIAL SANCTIONS 229
effect. On the same day, the centre issued its comprehensive Guidance Note 716
to support accountable institutions and supervisory bodies in the implementation
of the amendment act, as well as Guidance Note 6, 5B, and 4A which all relate to
regulatory reports that must be submitted to the centre." Also on 2 October 2017,
the exemptions issued in terms of the act (prior to the amendments) were withdrawn
by the minister of finance by notice in the Government Gazette." Especially
important in this regard for legal practitioners is the withdrawal of exemption 10.
The withdrawn exemption reads as follows:
"(1) Every accountable institution which performs the functions of an accountable institution
referred to in item 1 of schedule I to the Act [ie an attorney] is exempted, in respect of those
functions, from compliance with the provisions of Parts I and 2 of Chapter 3 of the Act in respect
of every business relationship or single transaction except for a business relationship or single
transaction in terms of which-
(a) a client is assisted in the planning or execution of
-
i the buying or selling of immovable property;
ii the buying or selling of any business undertaking;
iii the opening or management of a bank, investment or securities account;
iv the organisation of contributions necessary for the creation, operation or management of
a company or close corporation or of a similar structure outside the Republic;
v the creation, operation or management of a company or close corporation or of a similar
structure outside the Republic;
vi the creation, operation or management of a trust or of a similar structure outside the
Republic, except for a trust established by virtue of a testamentary writing or court
order;
(b) a client is assisted in disposing of, transferring, receiving, retaining, maintaining control of
or in any way managing any property;
(c) a client is assisted in the management of any investment;
(d) client is represented in any financial or real estate transaction; or
6 Guidance Note 7 on the Implementation of Various Aspects of the Financial Intelligence Centre
Act, 2001 (Act 38 of 2001) (https://www.fic.gov.za/Compliance/Pages/Guidance-Notes.aspx) (29-12-
2017). In accordance with s 4(c) of FICA (as amended) the FIC, in order to achieve its purposes,
is (entitled) to "give guidance to accountable institutions, supervisory bodies and other persons
regarding the performance and compliance by them of their duties and obligations in terms of this
Act or any directive made in terms of this Act". This is done by means of guidance notes issued in
terms of regulation 28, which reads as follows:
"(1) The Centre may issue guidance concerning
-
(a) the application of a risk-based approach to establish and verify the identity of a client;
(aA) customer due diligence measures;
(aB) the duty to keep records;
(aC) financial sanctions;
(b) reporting duties;
(bA) registration;
(bB) any obligations imposed on supervisory bodies under the Act; and
(c) any other obligations imposed on accountable institutions under the Act.
(2) Guidance referred to in sub-regulation (1) may differ for different accountable institutions or
persons, or categories of accountable institutions or persons and different categories of transactions."
" Guidance Note 6 on Terrorist Financing and Terrorist Property Reporting Obligations in terms of
section 28A of the Financial Intelligence Centre Act, 2001; Guidance Note 5B on Cash Threshold
Reporting to the Financial Intelligence Centre in terms of section 28 of the Financial Intelligence
Centre Act, 2001; and Guidance Note 4A on Reporting of Suspicious and Unusual Transactions and
Activities to the Financial Intelligence Centre in terms of section 29 of the Financial Intelligence
Centre Act, 2001 (https://www.fic.gov.za/Compliance/Pages/Guidance-Notes.aspx) (29-12-2017).
'8 41153 (29-09-2017).
[ISSN 0257 - 7747] TSAR 2018.2

230 HUGO AND SPRUYT
(e) a client deposits, over a period of twelve months, an amount of R100 000 or more with the
institution in respect of attorney's fees which may be incurred in the course of litigation."
Prior to the withdrawal the treasury circulated the draft withdrawal notice together
9
with an explanatory memorandum for public comment.1 The withdrawal of
exemption 10 was motivated as follows:
"[Exemption 10] focused on both the high-risk and low-risk services performed by an attorney in
relation to the facilitation of money laundering. A withdrawal of the exemption would mean that
services performed by an attorney that had previously fallen outside the scope of the FIC Act will
now be included in the scope of the Act. This implies that an attorney would have to determine
for itself which services pose a lower or higher risk for money laundering and apply the necessary
CDD [customer due diligence] requirements in accordance with its RMCP [risk management and
compliance programme]."
Attorneys are accordingly now fully within the fold of the act. However, Guidance
Note 7 recognises that despite the withdrawal of many exemptions "accountable
institutions may be guided by their content as additional factors that may indicate
lower ML/TF risks in a given scenario".2 0
3 Purposes of the act and the amendment act

The purposes of the acts emerge, in the first place, from their long titles. Prior to the
amendments, the long title explained that the act aimed to establish (i) a Financial
Intelligence Centre, and (ii) a Counter-Money Laundering Advisory Council "in
order to combat money-laundering activities and the financing of terrorist and related
activities". In order to achieve this purpose the act imposed certain duties on certain
persons and institutions, and, inter alia, provided for the registration of accountable
and reporting institutions, the sharing of information by the centre and supervisory
bodies, the roles and responsibilities of supervisory bodies, and the imposition of
sanctions. It further granted powers of inspection to the centre and supervisory
bodies. A supervisory body was defined as a "functionary or institution referred
to in schedule 2" which, for example, included "[a] law society as contemplated in
section 56 of the Attorneys Act, 1979" as the supervisory body for attorneys.
Barring the reference to the Counter-Money Laundering Advisory Council, which
is axed by the amendment act,21 essentially the purposes stated above remain present
in the long title after the amendments. The amendment act, however, introduces
some new purposes, namely:
"(i) to provide for customer due diligence measures including with respect to beneficialownership
and persons in prominentpositions;
(ii) to provide for a risk based approach to client identification and verification;
2
19 www.treasury.gov.za/public%20comments/FIC2017/Draft%20withdrawal%notice%of% 0
exemptions %20FIN.pdf (29-12-2017).
20 (n 16) par 42.
21 The background to this decision and the envisaged future is stated as follows by the FIC in its
document A New Approach to Combat Money Laundering and TerroristFinancing 13 June 2017
(www.fic.gov.za/documents) (29-12-2017):
"The structure ofthe Counter Money Laundering Advisory Council (CMLAC) which was established
by the FIC Act, was too rigid and did not facilitate effective consultation between key stakeholders,
in order to promote the objective of combating money laundering and terrorist financing. As a result
the Amendment Act repeals the Chapter of the FIC Act which provided for the establishment and
functioning of the Council.
TSAR 2018.2 [ISSN 0257 - 7747]

(iii) to provide for the implementation offinancialsanctions and to administer measures pursuant
to resolutions adopted by the Security Council of the United Nations;
(iv) to provide for risk management and compliance programmes, governance and training
relating to anti-money laundering and counter terrorist financing . . .'.2
The purposes of the act emerge also from the objectives of the centre (stated in
section 3), which, prior to the amendments, read as follows:
"(1) The principal objective of the Centre is to assist in the identification of the proceeds of
unlawful activities and the combating of money laundering activities and the financing of terrorist
and related activities.
(2) The other objectives of the Centre are
-
(a) to make information collected by it available to investigating authorities, supervisory
bodies, the intelligence services and the South African Revenue Services to facilitate the
administration and enforcement of the laws of the Republic;
(b) to exchange information with bodies with similar objectives in other countries regarding
money laundering activities, the financing of terrorist and related activities and other similar
activities;
(c) to supervise and enforce compliance with this Act or any directive made in terms of this Act
and to facilitate effective supervision and enforcement by supervisory bodies."
The amendment act merely extends section 3(2)(a) (the list ofpersons and institutions
with whom the centre will share information). The following are now listed:
"(i) an investigating authority;
(ii) the National Prosecuting Authority;
(iii) an intelligence service;
(iv) the South African Revenue Service;
(v) the Independent Police Investigative Directorate;
(iv) the Intelligence Division of the National Defence Force;
Government is strongly committed to replacing CMLAC with more effective, and non-statutory,
consultation forums, to promote deeper collaboration and consultation in the implementation of the
framework to combat money laundering and terrorist financing. This requires that the CMLAC be
replaced by structures that are more 'fit for purpose' to support collaboration and consultation. To this
end Government will pursue the establishment within Government of an Inter-Departmental AML/
CFT Committee as a permanent structure with a mandate to promote collaboration, communication
and information sharing within and amongst the relevant law enforcement agencies, government
departments and regulatory authorities in order to maximise the effective implementation of the
trio the POC Act, the POCDATARA Act and the FIC Act. Government also intends to establish a
structure/structures to enable to promote engagement with accountable institutions in the private
sector.
The consultation structures at the two levels must be connected to and supported by sector or
sub-sector bodies that will facilitate consultation at appropriate levels, most importantly with
supervisory authorities as well as with accountable institutions. Other country experiences with
such consultation mechanisms (e.g. Joint Money Laundering Intelligence Taskforce (JMLIT) in the
UK) should also be taken into account when finalizing the consultation mechanisms.
It is important that the envisaged structures are designed in such a way that they will contribute
towards the development and evaluation of financial sector policy, and other relevant policy areas in
the broader context of fighting crime.
Government would welcome comments on the following:
The consultation mechanisms to replace CMLAC
The nature of engagement that is necessary to improve relationships between accountable institutions
and supervisors
The issues that should be discussed by the envisaged structures?"
See also the presentation by National Treasury and FIC FinancialIntelligence Centre Amendment
Act [Act No ] of2017] Implementation Workshop with Industry 12 May 2017.
22 our numbering and italics. Special attention is given below to each of the italicised issues.
[ISSN 0257 - 7747] TSAR 2018.2

232 HUGO AND SPRUYT
(vii) a Special Investigating Unit;

(viii) the office of the Public Protector;
(ix) an investigative division in an organ of state; or
(x) a supervisory body."
Especially noteworthy in this regard is the inclusion of the supervisory bodies and
the public protector.
Further perspectives on the purpose of the legislation emerge from the media
statement by the minister of finance in relation to the amendment act (on 13 June
23
2017 - the first implementation date). The following quotes are noteworthy:
"(i) it was critical for government to accelerate the implementation of the Act as it demonstrated
government's commitment to the fight against corruption, money laundering and illicit flows.
(ii) The key objective of this law is to improve the protection of the integrity of South Africa's
financial system and strengthen its ability to prevent and punish financial crimes like
money laundering, illicit capital flows, tax evasion, corruption and bribery, and financing of
terrorism.
(iii) The commencement of the FIC Amendment Act, both today and on 2 October 2017 confirms
South Africa's commitment to improve compliance with the Financial Action Task Force
international standards in respect of measures on foreign Politically Exposed Persons,
Beneficial Owners and record keeping. South Africa is expected to report on progress on
these measuers [sic] to the FATF Plenary next week and possibly October 2017.'24
The final quote listed above relates to the international background of the legislation
- the next topic under consideration.
4 Background to the act and the amendment act: internationalstandards

emanatingfrom the FinancialAction Task Force
The Financial Action Task Force (henceforth "the task force") is a global standards-
setting body established in 1989 during the G-7 World Economic Summit25 funded
26
by the Organisation for Economic Co-operation and Development. Its work is to
promote effective legal, regulatory and operational measures for combating money
laundering, the financing of terrorism and other threats to the international financial
system. More than 190 countries around the world subscribe to these standards.
In its home page the task force describes itself, inter alia, as "a 'policy-making
body' which works to generate the necessary political will to bring about national
27
legislative and regulatory reforms in these areas". It consists of 35 member states
and two regional organisations. South Africa has been a member state as from 2003
23 National Treasury and FIC Minister Signs FIC Amendment Act into Operation (www.fic.gov.za/
Documents/FICActCommencement_14June2O7.pdf) (29-12-2017).
24 our numbering.
25 White "The anti-money laundering complex in the modern era - part 11" 2017 The Banking Law
Journal 44-45; Revell (Freshfields Bruckhaus Deringer LLP) The FinancialAction Task Force
-
Lawyers as Gatekeepers: Risk-Based Approach Guidancefor Legal Professionalspresentation on

22-05-2009 ( (29-12-2017).
26 See Revell (n 25).
27 http://www.fatf-gafi.org/about/ (29-12-2017).
TSAR 2018.2 tlSSN O257 - 7747]

(the only African member state).28 The task force has no independent legislative
powers and relies on political pressure and the highly interconnected nature of
correspondent banking to achieve its goals: task force members must endorse its
recommendations and policies at a political level and agree to attain acceptable
29
ratings.
In February 2012 the task force published a comprehensive document, namely:
International Standards on Combating Money Laundering and the Financing
of Terrorism and Proliferation - The FATF Recommendations (the task force
recommendations).3 0 The task force recommendations contain a comprehensive and
consistent framework of measures which countries should implement in order to
combat money laundering and terrorist financing. They are alive to the reality that
different countries have diverse legal, administrative and operational frameworks,
and different financial systems, and, accordingly, cannot take identical measures
to counter the threats. Hence, they set an international standard, which countries
should implement through measures appropriate for their particular circumstances.'
The task force measures effective implementation of its standards through peer
reviews. In this manner it monitors the progress of its members in implementing
necessary measures and promotes the adoption and implementation of appropriate
measures globally.32 A comprehensive peer review of South Africa was done in
2009, which led to a report identifying areas in which South Africa was compliant,
largely compliant,3 partially compliant or non-compliant with the task force
recommendations.
The amendment act is in essence an attempt to deal with the problems identified in
the report. On 20 April 2017 BusinessDay reported on the tardiness of the president
to sign the Financial Intelligence Centre Amendment Bill in the following terms:
"[The signing of the bill] is required for SA to meet its international commitments to the Financial
Action Task Force .... If SA does not get the FICA bill on its statute books by June it could be
declared delinquent by task force, creating difficulties for SA's banks in their relationships with
foreign banks. Such relationships are vital to effect payment for imports and exports."
28 The members are the following: Argentina, Australia, Austria, Belgium, Brazil, Canada,
China, Denmark, the European Commission, Finland, France, Germany, Greece, the Gulf
Co-operation Council, Hong Kong: China, Iceland, India, Ireland, Italy, Japan, the Republic
of Korea, Luxembourg, Malaysia, Mexico, the Netherlands, New Zealand, Norway, Portugal,
the Russian Federation, Singapore, South Africa, Spain, Sweden, Switzerland, Turkey, the United
Kingdom, and the United States.
29 See Revell (n 25).
30 There are currently 40 recommendations encompassing both money laundering and terrorist
financing. A previous version was sometimes referred to as the "40+9 Recommendations" - the "40"
relating to money laundering and the "9", which were added in October 2001 after the II September
2001 terrorist attack on the World Trade Centre, to terrorist financing. See White (n 25) 45; Revell
(n 25). In the current version the 9 recommendations aimed at terrorist financing were subsumed in
the 40 recommendations.
' See, in general, www.fic.gov.za/International/FATF/Pages/FATF.aspx; and the links "Who we are",
"What we do" and "History of the FATF" at http://www.fatf-gafi.org/about/ (29-12-2017).
32 See, in general, www.fic.gov.za/lnternational/FATF/Pages/FATF.aspx; and the links "Who we are",
"What we do" and "History of the FATF" at http://www.fatf-gafi.org/about/ (29-12-2017).
http://www.fatf-gafi.org/media/fatf/documents/reports/mer/MER%20South%20Africa%20ES.pdf
On a similar report relating to Jordan see Dabit and Barilaro "Legal assessment of anti-money
laundering law in Jordan" 2014 JIBLR 265-267. Compliance with international standards in the fight
against money laundering and terrorist financing is sometimes done independently of the task force.
See in this regard Aristotelous and Kollatou "Cyprus scores high in unprecedented audit on the
national application of anti-money laundering legislation" 2014 JIBLR 267-269 writing on an audit
conducted in that country by Deloitte.
{lSSN 0257 - 7747] TSAR 2018.2

234 HUGO AND SPRUYT
The dire consequences of such delinquency were emphasised by Business Day on

24 April when it headlined: "Failure to sign FICA amendment bigger threat than
downgrades". Two deadlines were set for South Africa by the task force: (i) in mid-
June South Africa had to report on the assent and commencement of the amendment
act; and by October South Africa needed to report on "all outstanding deficiencies
relating to CDD and recordkeeping through the implementation of the Amendment
Act".14 This provides the context to the implementation dates of 13 June and 2
October referred to in paragraph 2 above.
In the introduction we stated that the aim of the act and amendment act was
to deal with different aspects of financial crime (domestically). From the above,
however, it is clear that this is not its only (and perhaps even not its most important)
aim. The changes introduced by the amendment act provide critical assurance to
the international financial community that South Africa's financial systems and
institutions are safe, trustworthy and resistant to abuse by criminals - an assurance
which is immensely important in the context of international trade and finance, and
for relationships between correspondent banks internationally. If the risks posed
by South African institutions were to be regarded as unacceptable, this could lead
to "de-risking", that is the termination or restriction of business relationships with
South African institutions due to such relationships being too difficult or expensive
to manage and mitigate effectively. In a worst-case scenario this could lead to South
Africa being isolated from the international financial system with obvious dire
35
consequences relating to trade, economic growth and financial inclusion.
Before moving off the task force and its work, one aspect of particular importance
in relation to attorneys, conveyancers and estate agents is of interest. We have already
remarked on the withdrawal of exemption 10, which brought attorneys fully under
the provisions of the act. This is clearly in accordance with what has become known
as the "gatekeeper initiative", which focuses on the important role of, inter alia,
attorneys in the fight against financial crime. Shepherd sketches the background:
"A decade after FATF's creation, the G-8 interior and justice ministers met during three snowy days
in Moscow in mid-October 1999 and adopted what is known as the Moscow Communiqu6. United
States Attorney General Janet Reno represented the United States at this 'little noticed conference,'
which was hosted by Russian Prime Minister Vladimir V. Putin. The Moscow Communique, which
specifically employed the term 'gatekeeper,' gave rise to the Gatekeeper Initiative. The Gatekeeper
Initiative ... is an effort by governmental authorities to enlist the support of gatekeepers to combat
money laundering and terrorist financing. Gatekeepers include lawyers, notaries, trust and
company service providers (TCSPs), real estate agents, accountants, auditors and other designated
nonfinancial businesses and professions (DNFBPs) who assist with transactions involving the
36
movement of money in domestic and international financial systems."
FIC presentation Compliance ObligationsofAccountable Institutions in terms ofthe FICAmendment

Act 31-07-2017.
* See Durner and Shetret Research Report: Understanding Bank De-risking and its Effects on
FinancialExclusion (2015) Global Centre on Cooperative Security, Oxfam; World Bank Brief
De-risking in the Financial Sector (2017) (https://www.worldbank.org/en/financialsector/brief/
de-risking-in-the-financial-sector) (29-12-2017).
6 "Guardians at the gate: The gatekeeper initiative and the risk-based approach for transactional
lawyers" 2009 Real Property, Trust and Estate Law Journal607 610-611 - footnotes omitted.
TSAR 2018.2 [ISSN 0257 - 7747]

5 Key elements and changes introducedby the amendment act

The amendment act is aimed at strengthening the South African regulatory
framework for anti-money laundering" and the combating of the financing of
terrorism." It further ensures that the South African framework.is more closely
aligned to the task force recommendations - the global standard for measures
combating money laundering and the financing of terrorism, risk management and
enforcement."
Although the scope of the amendments is wide and the introduced requirements
are diverse and varied, most can be categorised as relating to client (or customer) due
diligence. 4 0 The purpose of customer due diligence is for an accountable institution
to know who its clients are and to understand their business with it.41 This is achieved
42
through client identification and verification measures - commonly also known
as "know-your-client' 3 requirements - as well as ongoing due diligence, which
includes ongoing monitoring, the periodic refreshing of client information and the
regular review of certain categories of clients, such as those representing a higher
risk of money laundering, terrorism financing and related forms of financial crime.4 4
In a media release relating to the amendment act the centre accordingly stated that
it contains a "[f]ull range of customer due diligence ... requirements which are
focussed on understanding customers better rather than simply identifying and
verifying their identities.'
Specifically now included in the scope of customer due diligence are: the
identification of beneficial owners (to prevent natural persons from abusing legal
entities for purposes of money laundering and terrorism financing);46 requirements
relating to business relationships with foreign prominent public officials and
domestic prominent influential persons respectively; and additional controls to
ensure that accountable institutions fully understand the nature and potential risk
posed by their clients.4 8
Amendments were also introduced to provide for the implementation of the
United Nations Security Council Resolutions on the freezing of assets of persons
associated with terrorism,4 9 the safeguarding of personal information (in line with
3 The common acronym is AML.

3 The common acronym is CFT.
3 Spruyt (n 10) 20.
40 The common acronym is CDD.
41 See FATF Recommendation 10 and the interpretive note relating to it. See also Guidance Note 7 (n
16) par 71.
42 The common acronym is CIV.
43 The common acronym is KYC.
44 s 21-21H of FICA.
45 Minister signs FIC Amendment Act into operation (https://www.fic.gov.za/Documents/ FICAct
Commencement_14June2017.pdf) (29-12-2017).
46 See the discussion below. The term "beneficial owner" is defined in s I of FICA. See also s 21B.
47 See the discussion below. See further s 21F and 21G of FICA. These are individuals who are or
have in the past been entrusted with prominent public functions in a particular country. The FATF
recognises that such persons, as well as their immediate family and close associates, may be in a
position to abuse their public office for private gain and may use the financial system to launder
the proceeds of this abuse of office. For these reasons they should be subjected to enhanced risk
mitigation controls and measures. See the FATF guidance document PoliticallyExposed Persons
(Recommendations 12 and 22) (2013) in this regard ("politically exposed person" (PEP), the term
favoured by FATF, encompasses both "domestic prominent influential person" (PIP) and "foreign
prominent public officials" (PPO), the terms used in FICA as amended).
48 s 21A.
49 s 26A-26C.
[ISSN O257 - 77471 TSAR 2018 -2

236 HUGO AND SPRUYT
the requirements of the Protection of Personal Information Act),o inspection powers

for regulatory compliance purposes" and enhanced administrative and enforcement
mechanisms.
Without doubt, however, the most significant amendment is the introduction of
52
the risk-based approach (as opposed to the former rule-based approach) to the
identification and assessment of money-laundering and terrorist-financing risks.
This aspect is analysed in greater depth immediately below.
Before moving on to a closer scrutinisation of the risk-based approach, one point
must be emphasised: the centre is on record that it is fully aware of the fact that it
53
cannot be expected of accountable institutions to comply fully with the amendments
to the act and regulations as from 2 October 2017. In an implementation workshop
under the joint banners of National Treasury and the Financial Intelligence Centre
dated 12 May 2017, the following was stated:
"There is no expectation that accountable institutions will fully comply with all new requirements
at the time when they take effect or soon thereafter.... Each supervisory body [for example the law
societies and Estate Agency Affairs Board] will need to engage with accountable institutions in
setting out their expectations concerning timeframes, roadmaps, action plans etc. for achieving
compliance with the new requirements .... Baseline as a point of departure should be to establish the
readiness of institutions to implement the new amendments.'4
Hence, sanctioning non-compliance with the new provisions of the act and
regulations will be delayed to enable accountable institutions to make the necessary
adjustments for their implementation. The enforcement of provisions that were not
amended (for example those relating to registration and certain reporting obligations)
will continue." However, against this background, the following strong statement
from the centre must be noted: "At no point should accountable institutions not
know who they are doing business with and must ensure that proper records are kept
of transactional activities at all times.',56
6 The risk-based approach

6.1 Introduction
The risk-based approach is based on the fact that no resources, controls or preventative
measures can ensure completely that money laundering and terrorist financing do
not occur. Hence, it makes sense to channel resources to, and concentrate attention
on, areas of high risk." This means, conversely, that simplified or less stringent
SO 4 of 2013. See s 41A of FICA.

51 s 45A-B.
52 The rule-based approach is the application of prescriptive regulations and comprehensive risk
management and compliance requirements irrespective of the risk related to the particular
transactions or individual. See White (n 25) 46-47.
53 The common acronym is Als.
I See (n 21) the penultimate slide. See further FIC (n 21) in which it is also stated that "it is important
to note that the financial sector is to be prioritized for implementation, as it is deemed to be the
most risky sector, particularly the banking sector". See also the more comprehensive FIC document
Roadmapfor the Short Term Implementation of the FinancialIntelligence Centre Amendment Act,
2017 (Act No 1 of2017) for Supervisors and Accountable Institutions (www.fic.gov.za/Documents/)
(29-12-2017).
* See FIC (n 21).
s6 FIC (n 54).
51 Guidance Note 7 (n 16) par 30. The risk-based approach can be traced back to a guidance paper
issued by the FATF in 2007. See in this regard White (n 25) 46.
TSAR 2018.2 [ISSN O257 - 7747]

controls can be employed where the risks are low. The risk-based approach therefore
enables the application of resources commensurate to the risks being managed and
mitigated. In a media release by the centre following the announcements of the
implementation of the amendment act, the risk-based approach was accordingly
described as "customer-friendly" since the approach is "based on a risk-based CDD
[which] enables efficient utilisation of resources and should make compliance easier
for low risk clients".58 Making compliance easier for low-risk clients, moreover,
serves an ancillary purpose of the amendment act, namely that of financial inclusion
(addressing the problem of the large number of persons who are unbanked as a
consequence of not being able to satisfy a rule-based customer due diligence). In
this regard the centre has stated:
"Customers should not be burdened unnecessarily with a bureaucratic or tick-box approach to
compliance, and should not be excluded from the financial system solely because the customer is
unable to produce a particular document that may not be readily available or easily accessible. ...
Financial inclusion is a key objective for Government and must be taken into account, and no
category of customers should be denied services because of unreasonably high barriers put in place
by accountable institutions before doing business with that customer.
The application of a risk-based approach to customer due diligence could support financial
inclusion objectives by providing for a more flexible application of customer due diligence measures
to certain categories of financial products or customers who might otherwise struggle to meet rigid
59
identification and verification requirements."
The risk-based approach is accordingly the antithesis of a rules-based approach.6 0

Instead of setting absolute minimum requirements, the risk-based approach serves
to enable an accountable institution to make risk-informed decisions with regard to
the management of its unique risks. It does not, however, exempt it from mitigating
money-laundering or terrorist-financing risks when these risks have61 been assessed
as low, or from complying with minimum regulatory requirements.
The risk-based approach, moreover, is not entirely new. Although the requirements
of the act and its regulations (prior to the amendments) were highly prescriptive, the
centre issued two guidance notes that provided limited scope for the application of
a risk-based approach. In terms of Guidance Note 1,62 institutions were not required
to follow a one-size-fits-all approach in the methods they used and the levels of
63
verification they applied to all relevant clients. Guidance Note 3A, moreover,
provided further guidance as to how this limited measure of judgement should
" Minister Signs FICAmendment Act into Operation(n 45).

* FIC (n 21) par 4. See also GuidanceNote 7 (n 16) par 30. The tension between financial inclusion and
money-laundering and terrorist-financing risks is a major topic in own right. See in this regard Lee
"Financial inclusion: a challenge to the new paradigm of financial technology, regulatory technology
and anti-money laundering law" 2017 JBL 473 et seq.
* Guidance Note 7 (n 16) par 73 states the following in regard to the rule-based approach of the past:
"Previously accountable institutions were required to establish and verify the identity of a client
in accordance with the . . [Money Laundering and Terrorist Financing Control Regulations]. The
principle of client identification and verification is now expanded significantly with the introduction
of the obligation to conduct CDD. As a result, the regulations and exemptions relating to client
identification and verification have been amended significantly to align with the amendments to the
FIC Act, with most of the regulations having been repealed and exemptions having been withdrawn."
61 See Spruyt (n 10) 21. See also GuidanceNote 7 (n 16) par 53.
62 Guidance Note 1: General Guidance Note ConcerningIdentification of Clients 2 (https://www.fic.
gov.za/Compliance/Pages/Guidance-Notes.aspx) (29-12-2017).
63 GuidanceNote 3A: Guidancefor Accountable Institutions on ClientIdentification and Verification
and Related Matters 4-8 (https://www.fic.gov.za/Compliance/Pages/Guidance-Notes.aspx)
(29-12-2017).
[ISSN O257 - 7747] TSAR 2018.2

238 HUGO AND SPRUYT
be applied. Nevertheless, the strictly formulated requirements of the act and its
regulations (prior to the amendments) limited significantly the application of a true
risk-based approach and risk-informed decision-making.
This position has changed fundamentally. As mentioned above, the long title
of the act (as amended) now specifically states that it provides for a risk-based
approach.64 It is of interest to note that the act itself contains very little detail on the
risk-based approach. However, Guidance Note 76 deals with it in detail.
The risk-based approach implies less regulation and prescriptive requirements. It
allows for more flexibility. This, however, brings a measure of uncertainty and a need
for guidance. Risk-based decision-making calls for a clear application of the mind
and thorough documenting of all decisions, including the rationale on which they
are based. As Spruyt states, "[tihe risk-based approach therefore does not constitute
a free-for-all in terms of AML/CFT risk management and compliance" but "implies
the need for maturity and rational thought".6 6 Against this background it is clear
that different industries or sectors are exposed to different money-laundering and
terrorist-financing risks and that their respective (risk-based) approaches will differ.
The centre accordingly foresees "specific guidance to address industry or sector
specific challenges" in future.6 7 The role of law societies and the Estate Agency
Affairs Board may be pivotal in this regard.
6.2 Application
The application of a risk-based approach is largely intuitive and simple.68 The
core of the methodology is the identification and assessment of money-laundering
and terrorist-financing risk. "Risk" in this context relates to possible threats and
vulnerabilities that could lead to an accountable institution's systems, processes or
other elements of the business being abused for purposes of money laundering,
terrorism financing, and/or international sanctions circumvention.
By understanding the scope and nature of these risks, accountable institutions
can make informed decisions as to the appropriate methods and controls that should
be applied in any given circumstance to deal with the risks. The following distinct
steps form the basis for the application of a risk-based approach:
6.2.1 Identification and assessment of inherent risk

First, the inherent risk must be assessed. Inherent risk is the risk of an event or
circumstance that exists before controls or mitigation measures are applied. 70 It is
a function of both the likelihoodand impact of uncertain events on set objectives.
The likelihood and impact of such events, in turn, should be analysed in terms
72
of threats, vulnerabilities and consequences. Guidance Note 7 accordingly sees
risk, in the money-laundering and terrorist-financing context, in the first place as
64 See par 3.
65 (n 16) par 7-29.
66 (n 10) 22.
67 Guidance Note 7 (n 16) par 32.
66 See Spruyt (n 10) 22 who cites, inter alia, FINTRAC Guidance on the Risk-Based Approach to
Combatting Money Laundering and Terrorist Financing(2016); FATF Guidancefor a Risk-based
Approach: The Banking Sector (2014).
61 See Guidance Note 7 (n 16) par 19. White (n 25) 52.
7o Guidance Note 7 (n 16) par 14.
' Guidance Note 7 (n 16) par 8.
12 Guidance Note 7 (n 16) par 9-12.
TSAR 2018.2 [ISSN O257 -7747J

"the likelihood and impact of money laundering or terrorist financing activities

that could materialise because of a combination of threats" and vulnerabilities 74
manifesting in an accountable institution".
In the second place, however, it includes anything that may jeopardise the
detection, investigation or prosecution of these activities or the possibility of the
76
forfeiture of proceeds of unlawful activities.
There is no prescribed methodology for the assessment of these risks. However,
the assessment of money-laundering and terrorist-financing related risks is typically
done on the basis of specific risk variables or factors, including the following:
(i) The nature of the accountable institution's product or service, and, specifically,
the potential for such product or service to be abused for money-laundering
and terrorist-financing purposes (for example by enabling the placement of
money into the financial system and/or the cross-border transfer of money);n
(ii) the geographic areas in which the business operates, or in which its clients
are based (jurisdictions with poor anti-money laundering and combatting the
financing of terrorism regulation, tax havens or those subject to international
sanctions pose higher risks);
(iii) the delivery channels utilised by the accountable institution for purposes of,
inter alia, client contact or client on-boarding (face-to-face interaction posing
the lower risk);79
(iv) the industry in which the accountable institution or its clients operate (cash
intensity, client anonymity and high transfer value are indicators of higher
risk - this includes the sale of real estate);so and
(v) the inherent risk profile of the accountable institution's client base (for example
clients that are corporate vehicles that are part of a multi-layered structure
of ownership or control, prominent influential persons or persons subject to
adverse media pose a higher risk)."
These factors are relevant for purposes of two distinct types of risk assessments,
namely business-based assessments and relationship-based assessments.
7 Guidance Note 7 (n 16) par 10 defines a threat as "a person or group of people, object or activity with
the potential to cause harm. In the context of money laundering and terrorist financing this includes
criminals, terrorist groups and their facilitators, their funds, as well as any past, present and future
money laundering or terrorist financing activities."
7 With reference to vulnerabilities GuidanceNote 7 (n 16) par 11 reads: "The concept of vulnerabilities
comprises those things that can be exploited by the threat or that may support or facilitate its
activities. Identifying vulnerabilities, as distinct from threats, means focusing on, for example, the
factors that represent weaknesses or features that may be exploited in any given system, institution,
product, service, etc."
(n 16) par 13 (our footnotes).
76 Guidance Note 7 (n 16) par 17; Spruyt (n 10) 23.
' Spruyt (n 10) 23 n 31. For an extensive tabled list of risk indicators relating to products and services
see Guidance Note 7 (n 16) par 37.
7 Guidance Note 7 (n 16) par 19; Spruyt (n 10) 23 n 32. For an extensive tabled list of risk indicators
relating to geographic location see GuidanceNote 7 (n 16) par 38.
7 Spruyt (n 10) 24 n 33. For an extensive tabled list of risk indicators relating to delivery channels see
Guidance Note 7 (n 16) par 38.
* Spruyt (n 10) 24 n 34. Other risky industries are dealers in precious metals, stones, scrap metal and
second-hand goods; correspondent banking; and the sale of art.
a Spruyt (n 10) 24 n 35. For an extensive tabled list of risk indicators relating to clients see Guidance
Note 7 (n 16) par 40.
[ISSN 0257 - 7747J1 TSAR 2018.2

240 HUGO AND SPRUYT
6.2.1.1 Business-based risk assessments

The purpose of a business risk assessment is to assess the inherent money-laundering
and terrorist-financing risks faced by the specific accountable institution, in order
to design effective and appropriate controls to avoid or mitigate this risk. The
outcome of the assessment will therefore have a significant impact on the policies,
procedures and processes adopted in the accountable institution's risk management
and compliance programme.
A business risk assessment can utilise a combination of internal subject-matter
experts, available publications, and external advice. It can also incorporate any
future initiatives, as well as previously reported money-laundering or terrorist-
financing incidents or events, issues and identified control failures. The assessment
must be dynamic and responsive to current and emerging risks."
6.2.1.2 Relationship-based risk assessments

The money-laundering and terrorist-financing risk posed by each client relationship
should be assessed on an ongoing basis. Relationship-based risk assessments (or
client-risk profiling) should, where possible, be done at the commencement of the
relationship, or as soon as possible thereafter, as well as on a periodic basis for the
duration of the relationship.
The assessment requires the profiling of client risk into one of several possible
categories (for example low, medium or high). The complexity of the risk scale that
should be used, however, should reflect the size and complexity of the accountable
institution involved. In this regard Guidance Note 7 states:
"Accountable institutions offering a relatively homogenous range of products and services, using
a limited range of delivery channels, operating on one or a few geographic location(s) or engaging
with a homogenous range of clients require relatively simplistic risk scales distinguishing only
between two or three risk categories."m
The initial risk assessment should at a minimum incorporate all relevant and
available static client data obtained through the application of the required client
due diligence measures (that is, factors relating to inherent client risk; product;
geography; industry; and distribution channels). However, in the case of a business
relationship 6 (as opposed to a single transaction ) the assessment performed at the
inception of the relationship, should be augmented with reference to information
acquired in the course of the business relationship. The monitoring of transactions,
other client behaviour, and the business relationship as a whole, are therefore
important elements of a well-designed risk-based approach. Once a client has been
risk rated, this rating must therefore be continuously re-assessed for the duration of
the client relationship's life-cycle.
8 See par 6.3.4 below in this regard.

* Spruyt (n 10) 24.
84 (n 16) par 45.
85 Spruyt (n 10) 25.
86 defined in s 1 of FICA as "an arrangement between a client and an accountable institution for the
purpose of concluding transactions on a regular basis".
" defined in s I of FICA as "a transaction- (a) other than a transaction concluded in the course
of a business relationship; and (b) where the value of the transaction is not less than the amount
prescribed [R5000 - see reg IA], except in the case of section 20A". (S 20A prohibits the conclusion
of a single transaction with an anonymous client or one with an apparent false or fictitious name.)
81 Spruyt (n 10) 25; GuidanceNote 7 (n 16) par 46.
TSAR 2018-2 [
[ISSN 0257 - 7747]
It is also imperative that the money-laundering and terrorist-financing risk in any

given circumstance be determined on a holistic basis. In other words, the ultimate
risk rating accorded to a client relationship or transaction must be a function of all
factors that may be relevant to the combination of a client profile, product type and
transaction.89
6.2.2 Risk management and mitigation

Once the applicable inherent risks have been identified and assessed, these
risks must be managed. Risk management can entail the avoiding, transferring,
tolerating, treating or terminating of risks." Guidance Note 7 states in respect of
risk management and mitigation:
"Treating ML/TF risk entails that the accountable institution develops systems and controls
to manage the risks identified. These systems and controls should comprise all the relevant risk
mitigation measures at the accountable institution's disposal. The mechanisms which an accountable
institution may include in its risk management systems and controls should relate to the nature of
particular risks. These mechanisms include the application of customer due diligence measures,
the monitoring of business relationships with clients, managing delivery channels for particular
products and services, structuring the features of particular products and services, etc.""
The potential risk mitigation measures include: increased automated transaction

monitoring; increased intensity of customer due diligence measures; increased
review periods of client information; utilising better quality sources for the vetting
of information; involving senior management in decisions to take on clients;
dedicated specialist staff managing enhanced due diligence for specific clients; and
limited reliance on another accountable institution's controls. 92
Whether the risk(s) have been adequately mitigated or addressed depends upon
whether or not the residualrisk (that is the risk that remains after the mitigation) is
at an acceptable level. This, of course, requires an assessment of the residual risk.
Where the level ofresidual risk falls outside of the scope of acceptable risk, additional
controls and measures must be adopted to mitigate the risk to an acceptable level.93
It is important to note that the centre supports treatment of risk (the employment of
mitigation measures) rather than avoidance of risk (refusing services or terminating
business relationships). Risk avoidance in this form "should be used as a last resort
where an accountable institution has reached a conclusion that ML/TF risks relating
to specific clients cannot be mitigated adequately or effectively".94 The problem
with such "de-risking" is that it "poses a threat to financial integrity in general
and to the risk-based approach, specifically, as it creates opacity in the affected
persons' or entities' financial conduct and it eliminates the possibility to treat ML/
TF risks".95 Hence, the centre views "the wholesale termination or restriction of
business relationships to avoid risk, rather than treat the risk, as an example of
inadequate risk management".96
" Spruyt (n 10) 25. Guidance Note 7 (n 16) par 48 states the principle as follows: "The assessment of
ML/TF risk should ultimately draw together all the factors that are relevant".
o Guidance Note 7 (n 16) par 23 and 24.
9 (n 16) par 25.
92 Guidance Note 7 (n 16) par 64. See also Spruyt (n 10) 26.
93 Spruyt (n 10) 27.

[ISSN 0257 - 7747] TSAR 2018.2

242 HUGO AND SPRUYT
6.2.3 Reviewing the risk-based approach

The risk-based approach implemented by an accountable institution should be
subject to periodic review, to evaluate the effectiveness of the compliance regime.
The review should consider (but is not limited to) the policies and procedures
applied, the risk assessment relating to money-laundering and terrorist-financing
risk, including the adequacy of controls and other risk mitigation measures, and the
training of employees and senior management.
It should be noted in this context that the implementation of risk mitigation
controls and measures may well introduce another risk, emergent risk - that is,
risk that materialises due to the implementation of the controls concerned. Spruyt,
writing from the perspective of banks as accountable institutions, mentions, for
example, that the use of technology for risk mitigation could introduce cyber-
security or similar risks, or the use of third-party data Rroviders when verifying
client information could introduce privacy concerns. The management and
mitigation of emergent risk is an important component of the ongoing review of the
risk-based approach and the way in which an accountable institution applies this
approach.
6.3 Impact of the risk-based approach

On a practical level the risk-based approach imposed on accountable institutions by
the act as amended has a twofold impact. The first relates to customer due diligence
in the context of the risk-based approach, and the second on the design of a Risk
Management and Compliance Programme. The requirements of each are dealt with
below.
6.3.1 Customer due diligence requirements

Part one of chapter three of the act (sections 20A-21H) deals exhaustively with
customer due diligence requirements, that is requirements aimed at ensuring that
an accountable institution knows and understands who its clients are and what their
business is.9 This knowledge should enable the accountable institution to identify
behaviour or transactional activity that does not align to its knowledge of that client,
and that could therefore be indicative of an abuse of the accountable institution's
products for the purposes of money laundering, terrorism financing or related forms
of financial crime. Instead of relying on rigid requirements in regulations and
exemptions, the application of the risk-based approach now enables accountable
institutions to exercise a greater discretion in determining the appropriate due
diligence requirements to meet these objectives. 00 The centre, in Guidance Note
7, states in this regard: "This means that accountable institutions now have the
flexibility to choose the type of information by means of which it [sic] will establish
(n 10) 27.
* Guidance Note 7 (n 16) par 71.
' Spruyt (n 10) 28-29; GuidanceNote 7 (n 16) par 72. The advent and growth of mobile payments hold
challenging problems in this regard. See Luzadder and St Clair Long "Do I know you? Consumer
due diligence, mobile payments, and AML/CFT" 2017 The Banking Law Journal250 ff.
I00 Spruyt (n 10) 29. In this regard he points out that financial institutions apply three standards of due
diligence: simplified due diligence (SDD), standard due diligence (CDD) and enhanced due diligence
(EDD).
TSAR 2018.2 [ISSN 0257 - 7747]

clients' identities and also the means of verification of clients' identities, instead of
following the rigid steps provided for in the MLTFC Regulations."''
The act differentiates between business relationships and single transactions.103
A (single) transaction the value of which is under R5000 does not meet the definition
of "single transaction" in the act, 0 4 and an accountable institution involved in such
a transaction does not need to carry out the full scope of customer due diligence
in respect of the client concerned. However, even in respect of such transactions,
section 20A still prohibits the conclusion of such a transaction with an anonymous
client or one with an apparently fictitious name.
The act then deals in detail with customer due diligence requirements relating to
in the sequence followed in the act, "identification of clients and other persons",'l
"understanding and obtaining information on business relationship",'06 "additional
due diligence measures relating to legal persons, trusts and partnerships", o0
"ongoing due diligence",'0o "doubts about veracity of previously obtained
information", 09 "inability to conduct customer due diligence", 0 "foreign prominent
public official","' "domestic prominent influential person"," 2 and, finally, "family
members and known close associates [of a person in a foreign or domestic prominent
position]".'
The sections of the act dealing with these issues are detailed and speak for
themselves. We make just a few points in this respect. Regarding client identification
it should be noted that if an accountable institution was already in a business
relationship with a client when the amendment act came into operation, in terms
of section 21(2) no further transaction may be concluded with the client concerned
until proper customer due diligence has taken place. The information required
regarding the business itself includes information on the nature and purpose of the
business relationship, as well as of the source of funds which the prospective client
expects to use." 4 If the client is a legal person, trust or partnership, section 21B
imposes additional customer due diligence measures many of which are focused on
information regarding beneficial ownership - an issue to which we return below."'
Section 21C makes clear that due diligence is an ongoing exercise which entails the
monitoring of transactions in the course of the relationship, including gathering
information on the source of funds used and the background to all complex or
large transactions. If at any stage an accountable institution doubts the veracity
of previously obtained information, it must in terms of section 21D repeat the
customer due diligence process. The inability to conduct customer due diligence
as contemplated in sections 21-21C acts as an insurmountable barrier to the lawful
establishment of a business relationship or the lawful conclusion of a transaction
10' (n 16) par 74.

102 S I.
103 s 1.
10s 1 of FICA read with reg lA.
os s 21.
106 s 21A.
107 s 21B.
08 s 21C.
10 s 21D.
110s 21E.
t" s 21F.
11Z s 21G.
" s 21H.
[I4 s 21(a)-(c).
"' See par 6.3.2 below.
[ISSN O257 - 7747J1 TSAR 2018 -2

244 HUGO AND SPRU YT
in a business relationship." 6 The remaining provisions referred to above". relate

to prominent persons and those close to them - a topic dealt with under a separate
heading below.
We conclude this sub-paragraph with the following two important general points:
(i) Regarding the identification of natural persons, one can distinguish between
basic identifying information (the person's full names, date of birth, and,
in most cases, a unique identifying number issued by a government source)
and supplementary information (for example, physical appearance or
other biometric information, place of birth, family circumstances, place of
employment or business, residential address, contact particulars, and contacts
with the authorities or with other accountable institutions). 'Although it is
expected that the basic attributes will always be required by accountable
institutions, they have, in accordance with the risk-based approach, more
discretion in determining what supplementary information is necessary or
desirable."'
(ii) The risk-based approach should also inform what information should be
verified, as well as the appropriate verification mechanisms, of which there
are many, that should be applied. However, the centre regards it as important
that "verification be done using information obtained from a reliable and
independent third-party source, and, as far as possible, the original source
of the information". 2 0 This approach improves the efficacy of measures to
combat money laundering and terrorist financing, while promoting financial
inclusion without compromising anti-money laundering objectives or those
combating the financing of terrorism.
6.3.2 Beneficial ownership

Section 21B of the act, introduced by the amendment act, contains comprehensive
additional customer due diligence measures that need to be complied with by
accountable institutions where the client is a legal person, trust or partnership.
Accountable institutions are required, in relation to such clients, to establish, in
addition to the normal customer due diligence requirements applicable to natural
persons, (i) the nature of the client's business, (ii) the ownership and control
structure of the client, and (iii) the beneficial ownership of the client.
6.3.2.1 Legal persons

A "legal person", for the purposes of the act, is a person other than a natural person
that establishes a business relationship or concludes a single transaction with an
accountable institution and includes "a person incorporated as a company, close
116 s 21E.
" s 21F-H.
"1 GuidanceNote 7 (n 16) par 86-87.
"' See GuidanceNote 7 (n 16) par 87; Spruyt (n 10) 29.
120 See GuidanceNote 7 (n 16) par 87-88; Spruyt (n 10) 29.
121 GuidanceNote 7 (n 16) par 95. It is of interest to note that "provisions on identifying the beneficial
owners of legal entity customers" also form a major focus of changes to CDD rules in the US that
became operative in July 2016. See in this regard Silvia "The fifth pillar and FinCEN's new rules on
customer due diligence" 2017 The Banking Law Journal57.
TSAR 2018-2 [lSSN 0257 - 7747]

corporation, foreign company, or any other form of corporate arrangement or
association" excluding trusts, partnerships and sole proprietors.12
The act defines a beneficial owner of a legal person as the "natural person who,
independently or together with another person, directly or indirectly, (a) owns the
legal person; or (b) exercises effective control of the legal person". 123
The percentage of shareholding with voting rights is a good indicator of control.
In this regard the centre takes the view that 25% or more of the shares with voting
rights is usually sufficient to exercise control.124 If such direct ownership interests
do not indicate a clear beneficial owner, the accountable institution must resort to
other means to determine beneficial ownership, "for example, persons exercising
control through voting rights attaching to different classes of shares or shareholders
agreements". If no natural person can be identified who exercises control through
such other means, the accountable institution "must determine who the natural
person is who exercises control over the management of the legal person, including
in the capacity of an executive officer, non-executive officer non-executive director,
independent non-executive director, director or manager".' 1
It is of interest to note that the centre, in regard to the determination of beneficial
ownership in general, and more specifically the determination of who controls a
legal person, refers accountable institutions to guidance developed by the task force,
as follows:
"The FATF's guidance distinguishes between the concepts of legal ownership and control. On the
one hand, legal ownership means the natural or legal persons who own the legal person. On the
other hand, control refers to the ability to take relevant decisions within the legal person and impose
those resolutions. For example, if a company is a subsidiary of a second company, the beneficial
owners are the natural persons who are behind that second company (or ultimate holding company
in the chain of ownership) and who are controlling the holding company. Likewise, persons who are
actually acting on behalf of someone else, cannot be considered beneficial owners because they are
ultimately being used by someone else to exercise effective control over the company. An essential
element of the FATF definition of beneficial owner is that it extends beyond legal ownership and
control to consider the notion of ultimate (actual) ownership and control. In other words, the FATF
definition focuses on the natural (not legal) persons who actually own and take advantage of capital
or assets of the legal person; as well as on those who really exert effective control over it (whether
or not they occupy formal positions within that legal person), rather than just the (natural or legal)
persons who are legally (on paper) entitled to do so.""2
Once the beneficial owner has been determined, the act requires of the accountable
institution "to take reasonable steps to verify the identity of the beneficial owner of
the client" in order to satisfy itself "that it knows who the beneficial owner is".12 8
6.3.2.2 Partnerships and trusts

The terminology of "beneficial owner" is not used in the act in relation to
partnerships and trusts, but the notions of control and benefit are very much
122 s 1.
123 s 1. Ownership and control are also the two prongs of the definition of beneficial ownership
in the
new CDD rules applied in the US. See in this regard Silvia (n 121) 61-62.
127 GuidanceNote 7 (n 16) par 105.
28 s 21B(2)(b). See also Guidance Note 7 (n 16) par 104.
[lSSN 0257 - 7747] TSAR 2018.2

HUGO AND SPRUYT
246
present. It is accordingly unsurprising that the centre in its Guidance Note 7 uses
the term also in relationship to trusts. The underlying thinking in the act regarding
partnerships and trusts is similar to that applicable to legal persons. The following
brief comments suffice to outline this issue:
Beneficial ownership in relation to partnerships encompasses all the partners
in the partnership. The act refers specifically to en commandite and anonymous
partnerships,'2 which indicates the clear intention that accountable institutions
9
must establish the identity of every person who contributes to a partnership or may
benefit from a partnership." Accountable institutions are also required to establish
the identity of any person who "exercises executive control over the partnership"'
if there is such a person.13 As in the case of legal persons, the identities of the
13 3
beneficial owners must then also be verified.
"Trust" is defined as follows in the act:
"'trust' means a trust defined in section I of the Trust Property Control Act, 1988 (Act 57 of 1988),
other than a trust established- (a) by -virtue of a testamentary disposition; (b) by virtue of a court
order; (c) in respect of persons under curatorship; or (d) by the trustees of a retirement fund in
respect of benefits payable to the beneficiaries of that retirement fund, and includes a similar
arrangement established outside the Republic."
The provisions of the act in this regard are accordingly directed at inter vivos trusts.
Such trusts must be registered at the master of the high court and are assigned a
unique reference number, which will be an important element in the identification of
the trust for customer due diligence purposes. As regards foreign trusts, an official
document from a competent trust registering authority in the jurisdiction concerned
should be obtained. Beneficial ownership in the trust context encompasses all
the natural persons who may benefit from the trust or may control decisions in
relation to the management of trust property or are otherwise associated with the
trust. This includes the founder, every trustee, every natural person who purports
to be authorised to enter into a single transaction or business relationship on behalf
of the trust, every beneficiary referred to by name in the trust deed or founding
instrument, and, if they are not referred to by name, the particulars as to how the
beneficiaries are determined. As in the case of legal persons and partnerships the
37
identities of the "beneficial owners" must then also be verified.
6.3.3 Politically exposed persons

If a client is a politically exposed person, due diligence measures may be enhanced.
Politically exposed persons consist of two defined groups namely "domestic
prominent influential persons", (defined in the act as persons referred to in schedule
129 s 21B(3)(b).
131 s 21B(3)(c).
133 s 21B(3)(f).
1 1.
13 s 21B(4)(a); GuidanceNote 7 (n 16) par 114.
136 s 21(4)(b); GuidanceNote 7 (n 16) par 115.
13 s 21B(4)(c)-(e); Guidance Note 7 (n 16) par 117.
138 s 21B(4)(f).
TSAR 2018 - 2 [ISSN 0257 -7747]

3A) and "foreign prominent public officials" 40 (defined in the act as persons
referred to in schedule 3B).141 Domestic and foreign politically exposed persons, are
not, however, regarded in an identical light. Business relationships with domestic
politically exposed persons are not "inherently high risk", while those with their
foreign counterparts "must always be considered high risk". In relation to domestic
politically exposed persons, accountable institutions must assess the risk, and
only if the risk as assessed "entails higher risk",1 42 is an enhanced due diligence
triggered. If enhanced, however, the required measures for both categories are
identical. The act provides that if the accountable institution is contemplating a
business relationship 43 with such a politically exposed person,
"the accountable institution must- (a) obtain senior management approval for establishing the
business relationship; (b) take reasonable measures to establish the source of wealth and source of
funds of the client; and (c) conduct enhanced ongoing monitoring of the business relationship".1 44
The decision whether to enter into a business relationship with such a politically
exposed person should be based on the level of money-laundering or terrorist-
financing risk to which the accountable institution will be exposed if it were to
enter into the business relationship, and how well equipped it is to manage that risk
effectively. 14 It is of interest to note that the centre "recommends as good practice"
to make use of the internet and other available information sources in relation to
client information.1 4 6
The long list, paraphrased, includes leading positions in the national, provincial and municipal
governments; leaders of political parties; members of a royal family and senior traditional leaders;
senior executives of public entities listed in schedule 2 or 3 of the Public Finance Management Act;
judges; ambassadors; officers of the South African National Defence Force above the rank of major-
general; senior positions in a company as defined in the Companies Act if the company provides
goods or services to the state above a certain annual transactional value; and senior positions in
an international organisation based in the Republic. In accordance with the definition the person
concerned must be an individual "who holds, including in an acting position for a period exceeding
six months, or has held at any time in the preceding 12 months" any of the positions referred to
above.
140 s 1.
141 "A foreign prominent public official is an individual who holds, or has held at any time in the preceding
12 months, in any foreign country a prominent public function including that of a- (a) Head of State
or head of a country or government; (b) member of a foreign royal family; (c) government minister
or equivalent senior politician or leader of a political party; (d) senior judicial official; (e) senior
executive of a state-owned corporation; or (f) high-ranking member of the military."
142 s 21G.
143 and not a single transaction. The reason for this differentiation is unclear.
14 s 21F and s 21G. See also Guidance Note 7 (n 16) par 140.
146 GuidanceNote 7 (n 16) par
152.
[ISSN 0257 - 7747] TSAR 2018.2

HUGO AND SPRUYT
248
In accordance with the act 1 the requirements quoted above extend also to the
47
48 49
"immediate family members and known close associatesl " of such a politically
exposed person. It should be stressed that a person can be an "immediate family
member" or a "known close associate" of a politically exposed person irrespective of
whether thepolitically exposed person himself or herself is a client of the accountable
institution.' It also stands to reason that this is a highly dynamic area. Someone
who entered into a business relationship with an accountable institution may have
done so when he was not a politically exposed person, but may subsequently have
become one; or someone who was at one time not an "immediate family member" or
"close associate" may become one."' This underscores the importance of ongoing
customer due diligence.
6.3.4 The risk management and compliance programme

The comprehensive new section 42 of the act, which became operative on 2 October
2017, introduces an important and far-reaching practical obligation on accountable
institutions. The section relates to the development, documenting, maintaining and
implementation of a programme to deal with money laundering and combating the
financing of terrorism (a risk management and compliance programme). The heart
is contained in the first two sub-sections in which the following is stated:
"(1) An accountable institution must develop, document, maintain and implement a programme for
anti-money laundering and counter-terrorist financing risk management and compliance.
(2) A Risk Management and Compliance Programme must ... enable the accountable institution
to- (i) identify; (ii) assess; (iii) monitor; (iv) mitigate; and (v) manage, the risk that the provision
by the accountable institution of products or services may involve or facilitate money laundering
activities or the financing of terrorist and related activities."
The programme, moreover, must be approved by "the highest level of authority"

in the accountable institution,' must be reviewed "at regular intervals" by the
52
accountable institution,' and must be made available to all employees in the

accountable institution that are involved in transactions to which the act may
1s 21H.
14 An immediate family member is defined in s 21H(2) as (a) the spouse, civil partner or life partner;
and
(b) the previous spouse, civil partner or life partner, if applicable; (c) children and step children
their spouse, civil partner or life partner; (d) parents; and (e) sibling and step sibling and their spouse,
civil partner or life partner".
49 "Known close associate" is not defined in the act. In GuidanceNote 7 (n 16) par 155, however, the
FIC states that the term refers to a social or professional connection. Examples borrowed from
FATF guidance are "Known sexual partners outside the family unit (e.g. girlfriends, boyfriends,
mistresses); Prominent members of the same political party, civil organisation, labour or employee
union as the prominent person; Business partners or associates, especially those that share
(beneficial) ownership of corporate vehicles with the prominent person, or who are otherwise
connected (e.g. through joint membership of a company board) ... [;] Any individual who has sole
beneficial ownership of a corporate vehicle set up for the actual benefit of the prominent person."
" Guidance Note 7 (n 16) par 156.
...GuidanceNote 7 (n 16) par 159.
152 s 42(2)B. Par 181 of GuidanceNote 7 (n 16) reads as follows: "It is important also that [Als] ... note
that the board of directors, senior management or the person with the highest level of authority
is ultimately responsible for ensuring that the institution maintains an effective internal AML/
CFT control structure through a RMCP." Hence, senior management "must create a culture of
compliance" within the AI (par 182) and should be "fully engaged in decision making processes"
in this regard and "take ownership of the risk-based measures adopted" (par 183). See in this regard
also Bruemmer and Alper "AML: a corporate governance issue" 2013 The Banking Lawyer 867 ff.
s 42(2)C. See also GuidanceNote 7 (n 16) par 190.
TSAR 2018.2 [ISSN 0257 - 7747]

apply.154 A major part of the programme consists of the accountable institution
documenting how it complies with the due diligence requirements of the act. Stated
in simple terms, the programme should indicate how an accountable institution
applies the risk-based approach, complies with the requirements of the act, and
effectively manages its money-laundering and terrorist-financing risk. As such it
can be described as the foundation of an accountable institution's compliance with
the requirements and obligations contained in the act, as well as its risk-management
controls and measures. A risk-management and compliance programme, therefore,
could constitute a collection of documents, including all policies, procedures,
processes, controls and systems used for risk-management and compliance purposes
in relation to money laundering and the financing of terrorism.
It is clear from the above that it is important for every accountable institution
to develop a good risk-management and compliance programme. In fact, as the
centre states in Guidance Note 7, the accountable institution's "ability to apply a
risk-based approach effectively is largely dependent on the quality of its RMCP".'
Appropriate training of employees on money laundering and terrorist financing
should also form part of the programme.
In Guidance Note 7 the centre also acknowledges that an accountable institution's
programme must be commensurate with the size and complexity of the institution
and the nature of its business. Therefore "a RMCP for an accountable institution
which does not provide a wide range of products or services, or deal with a diverse
range of clients, could be relatively simple, while that of a complex financial
institution would be expected to be much more complex". 57 Against this background
it is important to note that an accountable institution is required to indicate in its
programme which, if any, of the provisions of section 42 of the act do not apply to
it, and to state why it is of this view.'
Based on the above, it is clear that the development of a risk-management and
compliance programme cannot be done in isolation of the risk-based approach - the
scope and content of the programme are inherently and intrinsically informed by the
application of a risk-based approach.' 59
7 Financialsanctions (freezing of assets)

The act as amended now administers the targetedfinancial sanctions' adopted
in United Nations Security Council resolutions (henceforth "the sanctions"). This
gives effect to Recommendations 6 and 7 of the task force. The main, but not only,
context is combating the financing of terrorism and the proliferation of weapons
154 s 42(3). Guidance Note 7 (n 16) par 189 requires that it be "communicated widely
throughout the
institution".
(n 16) par 180.
6 (n 16) par 184.
(n 16) par 185; Bruemmer and Alper (n 152) 882.
S5 s 42(2A).
" Spruyt (n 10) 28.
160 The common acronym is "TFS".
ClSSN 0257 - 7747] TSAR 2018.2

250 HUGO AND SPRUYT
of mass destruction.'"' The sanctions generally restrict the sanctioned persons or

entities from accessing funds and property under their control or receiving financial
62
services in relation to such funds and property.1
The practical implementation of the sanctions entails the publication by the
minister of finance of a notice of the adoption of the United Nations Security
63
Council resolution, and the publication of a notice by the director of the financial
intelligence centre of persons who are subject to sanctions.164 These notices are
public statements intended to advise both the sanctioned persons and accountable
institutions of the sanctions. The centre will maintain on its open website a current
sanctions list containing the identity particulars of sanctioned persons and entities.
Accountable institutions are not allowed to transact with the listed persons or entities
or to process transactions for them. 16 The status quo in relation to their property
and funds must accordingly be maintained, subject only to specific instances which
66
the minister of finance has permitted.' Accountable institutions, moreover, must
report such property to the centre. The sanctions provisions introduced by the
amendment act accordingly bring international financial-sanctions compliance
under the supervisory purview of the centre. Section 26 of the act, however, does
not apply to resolutions of the Security Council of the United Nations contemplated
161 FAFT Recommendation 6: "Targeted financial sanctions related to terrorism and terrorist financing"
reads as follows: "Countries should implement targeted financial sanctions regimes to comply with
United Nations Security Council resolutions relating to the prevention and suppression of terrorism
and terrorist financing. The resolutions require countries to freeze without delay the funds or other
assets of, and to ensure that no funds or other assets are made available, directly or indirectly, to
or for the benefit of, any person or entity either (i) designated by, or under the authority of, the
United Nations Security Council under Chapter VII of the Charter of the United Nations, including
in accordance with resolution 1267 (1999) and its successor resolutions; or (ii) designated by
that country pursuant to resolution 1373 (2001)." FAFT Recommendation 7: "Targeted financial
sanctions related to proliferation" reads as follows: "Countries should implement targeted financial
sanctions to comply with United Nations Security Council resolutions relating to the prevention,
suppression and disruption of proliferation of weapons of mass destruction and its financing. These
resolutions require countries to freeze without delay the funds or other assets of, and to ensure
that no funds and other assets are made available, directly or indirectly, to or for the benefit of, any
person or entity designated by, or under the authority of, the United Nations Security Council under
Chapter VII of the Charter of the United Nations" (http://www.fatf-gafi.org/media/fatf/documents/
recommendations/pdfs/FATFRecommendations.pdf) (29-12-2017).
162 Guidance Note 7 (n 16) par 191-193.
163 s 26A(l).
64 s 26A(3).
65 S 26B contains a comprehensive list of specific prohibitions in this regard.
166 In accordance with the provisions of s 26C the minister can permit a sanctioned person access to
property or finances to meet detailed basic living expenses, or others necessary in the normal course
of business (for example the accrual of interest), or that are necessary to avoid prejudice to third
parties (for example contractual payments that were due prior to the imposition of the sanctions).
The permission is granted by the minister in writing to the sanctioned party and may contain exact
details (for example in relation to the precise expenses concerned) and conditions to be met. Als
have access to this information since the permissions are published by the director of FIC on the FIC
website in accordance with s 26C(4).
'67 Guidance Note 7 (n 16) par 195-197.
2 - 7747]
TSAR 2018 -2 [ISSN O257
in section 25 of the Protection of Constitutional Democracy against Terrorist and
Related Activities Act.'
Accountable institutions must accordingly screen clients and prospective clients
against the sanctions list, both when taking on a new client and as and when new
sanctions are adopted or current ones extended. Against this background the centre
provides the following guidance:
"Accountable institutions must therefore determine the likelihood that their client base and intended
target market may include sanctioned persons or entities. This should assist the accountable
institution in determining the amount of effort and resources it requires in order to determine
whether they have sanctioned persons or entities as a clients [sic] or whether prospective clients
are sanctioned persons or entities. Accountable institutions that have business relationships with
foreign persons and entities are more vulnerable to dealing with sanctioned persons and entities."l6
It is important to note that failure to comply with sanctions obligations is a

criminal offence under the act1o and that reliance by an accountable institution on
a commercially available screening capability or the fact that it had considered the
risk of being exposed to sanctions-related obligations to be low does not constitute
a defence. 7
The sections of the act relating to financial sanctions have not yet come into
operation for the reason that mechanisms required for these sections have not yet
been developed finally and put in place.172
8 Record-keeping and reportingduties

The act and the regulations contain detailed provisions relating to the obligation
of accountable institutions to keep records and on reporting institutions' and
other businesses and persons to report certain information to the centre. An in-
depth consideration of these provisions falls outside the scope of these notes. The
following observations will suffice in this regard.
Sections 22 to 24 of the act deal with the obligations on accountable institutions
in relation to record keeping. Section 22 relates to the obligation to keep customer
due diligence records and section 22A to the obligation to keep transaction records.
Section 23 deals with the period for which the records must be kept (five years from
a specifically defined relevant date relating to the record concerned), and section
66 33 of 2004. Prior to the amendment act the only statutory provisions relating to the domestic
enforcement of financial (and other) international sanctions were those in the Protection of
Constitutional Democracy against Terrorist and Related Activities Act 33 of 2004. S 25 of this
act requires of the president to give notice, by proclamation in the Government Gazette, of the
identification by the UNSC of specific entities that have committed or have attempted to commit
terrorist or related activities or who have participated in or facilitated the commission of such
activities, and of any UNSC resolutions requiring member states to take specified actions to combat
or prevent further terrorist or related activities. S 4, moreover, prohibited any person from dealing
with property that is associated with terrorism or with persons or organisations that carry out such
acts. The prohibition also extends to property associated with entities sanctioned in accordance with
s 25.
49A.
s70
.. Guidance Note 7 (n 16) par 200.
172 FIC (n 54) par
1.8.
" In terms of s 1 read with schedule 3 of the act, these are motor dealers and persons dealing in Kruger
rands.
[ISSN 0257 - 7747] TSAR 2018.2

252 HUGO AND SPRUYT
24 with the manner in which they may be kept (which permits them to be kept
74
electronically or by a third party' provided they are freely and easily accessible).
Reporting obligations in terms of the act arise from suspicious or unusual
transactions or activities (dealt with in section 29 of the act), cash transactions
beyond a certain threshold (dealt with in section 28 of the act), information relating
to terrorist financing and terrorist property (dealt with in section 28A of the act), and
international funds transfers (dealt with in section 30 of the act). As regards these
reporting duties"' the centre has provided extensive guidance in three guidance
notes:
(i) Guidance Note 4Al76 provides "general guidance on the nature of reporting
under section 29177 [of the act] and explains reporting timelines, how reports
are to be submitted to the FIC, what information has to be included in these
reports and how to use the electronic reporting platform". 17 It should be
read in conjunction with the comprehensive regulation 23 ("Information
to be reported concerning a suspicious or unusual transaction report") and
regulation 23A ("Information to be reported concerning a suspicious or
unusual activity report"). In accordance with regulation 24 the reporting must
occur within fifteen days (of the relevant stipulated moment).
Guidance Note 5Bl 7 assists accountable and reporting institutions in meeting
9
(ii)
their cash threshold reporting obligations. It provides general guidance on
these obligations in terms of section 28 of the act, and, specifically, explains
reporting timelines, the manner in which reports are to be submitted to
the centre, what information must be included in the reports and how to
use the electronic reporting platform. It should be read in conjunction with
regulation 22B (which sets the threshold above which the duty to report arises
at R24,999.99so), and the comprehensive regulation 22C ("Information to be
reported concerning a cash threshold report"). In accordance with regulation
24 the reporting must occur within two days (of a relevant stipulated moment).
(iii) Guidance Note 6 provides guidance on terrorist financing and terrorist
property reporting obligations in terms of section 28A of the act. It should
be read in conjunction with the comprehensive regulation 23B ("Information
to be reported concerning a terrorist financing transaction report") and 23C
("Information to be reported concerning a terrorist financing activity report").
In accordance with regulation 24 the reporting must occur within five days (of
a relevant stipulated moment).
It should be noted that reporting obligations in relation to the combating of terrorism
is not confined to the circumstances mentioned in section 28A (which applies only
if the accountable institution concerned knows that it possesses or controls property
174 See in this regard also reg 20 ("Particulars of third parties keeping records").
' See, on the manner of reporting, reg 22, which favours electronic reporting.
76 (n 17).
1' S 29 relates to the reporting of suspicious and unusual transactions. The amendments introduced to
it in the amendment act are not voluminous.
'" FIC notice 02/2017 A New Guidance on the Amended Reporting Requirements in terms of the
Money Laundering and Terrorist Financing Control Regulations (www.fic.gov.za/media/Pages/
General%20Notices.aspx) (29-12-2017) par 1.
1 (n 17).
0 "or an aggregate of smaller amounts which combine to come to this amount if it appears to the
accountable institution or reporting institution concerned that the transactions involving those
smaller amounts are linked to be considered fractions of one transaction" (see reg 22B).
TSAR 2018.2 [1SSN 0257 - 7747]

linked to terrorist activities).' Even if no reporting obligation arises under section
28A, however, it may still arise under section 29 of the act in the context of suspicious
and unusual transactions and activities.18
9 Source material
The act and regulations are, of course, the most authoritative sources that need to be
considered by accountable institutions in implementing their obligations under the
act. These are supplemented by authoritative guidance notes issued by the centre
under the act and regulations. Although the guidance notes do not, as such, constitute
binding law, non-compliance with a guidance note may well lead to administrative
sanctions. The centre, itself, states the position as follows:
"Guidance issued by the Centre is authoritative in nature which means that [Als] ... must take
the guidance issued by the Centre into account in respect of their compliance with the relevant
provisions of the FIC Act and the MLTFC Regulations. If an accountable institution does not follow
the guidance ... it should be able to demonstrate that it nonetheless achieves an equivalent level of
compliance with the relevant provisions of the FIC Act and the MLTFC Regulations. It is important
to note that enforcement action may emanate as a result of non-compliance with the FIC Act and the
MLTFC Regulations where it is found that an accountable institution has not followed the guidance
issued by the Centre."' 83
The guidance notes are not only important but often very helpful indeed. However,
as appears from these notes, the act, regulations and guidance notes, are not the
consequence of a sole effort from South Africa, but an attempt by South Africa
to conform to international standards set, and commented on, by the task force.
The wide discretionary nature of the risk-based approach opens up not only the
task force's recommendations and related comments and material, but also those
emanating from different bodies, in other countries, striving to counter money
laundering and terrorist financing, which, it is suggested, will often be very
valuable. Such material may, for example, be of much assistance for accountable
institutions (such as attorneys and estate agencies) when drafting their respective
risk management and compliance programmes.
On 26 June 2017, for example, the Money Laundering, Terrorist Financing
and Transfer of Funds (Information on the Payer) Regulations 2017 came into
operation in the United Kingdom. 1 84 The similarities between these regulations
(intended to ensure compliance by the United Kingdom with both the task force's
recommendations and the Fourth Money Laundering Directive' of the European
Union) and the South African legislation considered above is striking. The risk-
based approach, as well as the underlying thinking for the South African risk
management and compliance programmes, emerge from them.186 Moreover, the
concept of politically exposed persons is no longer confined to foreigners as under
the previous regulations. All politically exposed persons must be assessed on a case-
by-case basis to determine the extent of enhanced due diligence required, although,
Guidance Note 6 (n 17) par 5-13.

182 This can be either a terrorist financing transaction report (TFTR) or a terrorist financing activity
report (TFAR).
8 Taken from GuidanceNote 7 (n 16) preface par (iii). See also the preface par (iv) of both Guidance
Note 4A and 5B (n 17).
84 These regulations replaced those of 2007, which supplemented the Proceeds of Crime Act, 2002.
'8 2015/849 (the common acronym is MLD4).
186 See s 18-22.
[ISSNO0257 -7747] TSAR 2018-2

254 HUGO AND SPRUYT
as in South Africa, domestic politically exposed persons are generally regarded

87
as lower risk than their foreign counterparts.' The 2017 regulations have a more
detailed approach to customer due diligence than those they replaced - and show
much similarity to the position set out in the South African legislation and Guidance
Note 7.
The United Kingdom's regulations contain two elements which, if extended to
South Africa, could be highly beneficial: (i) In accordance with the Fourth Money
Laundering Directive of the European Union,"' member states are required to
introduce a central register of beneficial ownership of legal entities incorporated
in that jurisdiction. The United Kingdom's publicly accessible register is already
90
in operation. 9 As noted above,1 determining beneficial owners can be highly
problematic in South Africa. (ii) The United Kingdom's regulations provide that,
where appropriate to the size and nature of the business, institutions must assess
the skills, knowledge, conduct and integrity of those employees who are involved
in identifying, mitigating, preventing or detecting money laundering and terrorist
financing.' This requirement is likely to have significant beneficial consequences
in relation to skills development, expertise and specialisation in the compliance
industry - something which we believe is much needed in South Africa.
SAMEVATTING
GELDWASSERY, DIE FINANSIERING VAN TERRORISME EN FINANSIELE
SANKSIES: SUID-AFRIKA SE ANTWOORD BY WYSE VAN DIE WYSIGINGSWET OP
DIE FINANSIELE INTELLIGENSIESENTRUM 1 VAN 2017
Inhierdieartikel worddie ingrypende impakvandieWysigingswetop dieFinansiele Intelligensiesentrum
1 van 2017 op die stryd teen geldwassery en finansiering van terrorisme aan die orde gestel. Die outeurs
skets in die eerste plek die geskiedenis (en toekoms) van die inwerkingstelling van die verskillende
aspekte van die wet (en gepaardgaande regulasies) asook die internasionale agtergrond daarvan (die
aanbevelings van die sogenaamde "Financial Action Task Force").
Die belangrikste veranderings wat ingevoer is, en staan te word, word bespreek. Die kern hiervan
is die verskuiwing vanaf 'n realgebaseerde na 'n risiko-gebaseerde benadering tot die identifikasie
en verifiaring van kliante in die stryd teen geldwassery en die finansiering van terrorisme (wat
'n beter verspreiding van die beperkte middele beskikbaar vir hierdie stryd bemagtig). Hierdie
benadering vereis onder andere verhoogde kliant-omsigtigheidsmaatreels ten opsigte van persone in
vooraanstaande posisies (sowel binnelands as buitelands), asook ten opsigte van regspersone en trusts
veral met betrekking tot die uiteindelik geregtigde natuurlike persoon agter die betrokke entiteit, asook
die opstel van 'n risikobestuurs- en nakomingsprogram deur alle verantwoordingspligtige instellings.
Aan die ander kant magtig die risiko-gebaseerde benadering ligter maatreels ten opsigte van lae risiko
kliante - wat die belangrike nasionale strewe na finansiele insluiting ondersteun.
Ten slotte word aandag geskenk aan die bepalings van die wet wat die administrasie van finansiele
sanksies wat in die konteks van die stryd teen terrorisme deur die Veiligheidsraad van die Verenigde
Nasies opgel6 is, op die intelligensiesentrum afwentel. Die outeurs beklemtoon deurgaans die waarde
daarvan om kennis te neem van soortgelyke regulering in ander lande wat, soos hier te lande, ook effek
probeer gee aan die aanbevelings van die "Financial Action Task Force".
187 s 35(12). See also Financial Conduct Authority (FCA) Finalised Guidance: The Treatment of
PoliticallyExposed Personfor Anti-money LaunderingPurposes (2017) and, especially, par 2.29.
18 MLD4 (n 185) a 30.
'" See the Information about People with Significant Control (Amendment) Regulations 2017 which
came into operation on 26 June 2017.
190 See par 6.3.2.
191 s 21(l)(b) read with s 21(2).
TSAR 2018-2 [ISSN 0257 - 7747]

Acronyms and abbreviations
Al Accountable institution
AML Anti-money laundering
CDD Customer due diligence
CFT Combatting of the financing of terrorism
CIV Client identification and verification
CMLAC Counter Money Laundering Advisory Council
FATF and the task force Financial Action Task Force
FCA Financial Conduct Authority (United Kingdom)
FIC and the centre Financial Intelligence Centre
FICA and the act Financial Intelligence Centre Act
FICAA and the amendment act Financial Intelligence Centre Amendment Act
KYC Know your client
ML Money laundering
MLD4 Fourth Money Laundering Directive of the European Union
MLTFC Regulations and the Money Laundering and Terrorist Financing Control Regulations
regulations
PEP Politically exposed person
PIP Prominent influential person
POC Act Prevention and Combating of Corrupt Activities Act 12 of 2004
POCDATARA Protection of Constitutional Democracy against Terrorist and Related
Activities Act 33 of 2004
RMCP Risk management and compliance programme
TF Terrorist financing
TFAR Terrorist financing activity report
TFTR Terrorist financing transaction report
TFS Targeted financial sanctions
UN United Nations
UNSC United Nations Security Council
[ISSN 0257 - 7747] TSAR 2018.2

2018JSAfrL227 (Spruit Article)

Uploaded by

Copyright:

Available Formats

2018JSAfrL227 (Spruit Article)

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2018JSAfrL227 (Spruit Article)

Uploaded by

Copyright:

Available Formats

DATE DOWNLOADED: Sun Nov 5 01:59:57 2023

SOURCE: Content Downloaded from HeinOnline

Bluebook 21st ed.

ALWD 7th ed.

APA 7th ed.

Chicago 17th ed.

McGill Guide 9th ed.

AGLC 4th ed.

MLA 9th ed.

OSCOLA 4th ed.

6 The common acronym is FATF.

TSAR 2018.2 [iSSN 0257 - 7747]

[ISSN 0257 - 7747] TSAR 2018.2

3 Purposes of the act and the amendment act

TSAR 2018.2 [ISSN 0257 - 7747]

[ISSN 0257 - 7747] TSAR 2018.2

(vii) a Special Investigating Unit;

4 Background to the act and the amendment act: internationalstandards

Lawyers as Gatekeepers: Risk-Based Approach Guidancefor Legal Professionalspresentation on

TSAR 2018.2 tlSSN O257 - 7747]

{lSSN 0257 - 7747] TSAR 2018.2

The dire consequences of such delinquency were emphasised by Business Day on

FIC presentation Compliance ObligationsofAccountable Institutions in terms ofthe FICAmendment

TSAR 2018.2 [ISSN 0257 - 7747]

5 Key elements and changes introducedby the amendment act

3 The common acronym is AML.

[ISSN O257 - 77471 TSAR 2018 -2

the requirements of the Protection of Personal Information Act),o inspection powers

6 The risk-based approach

SO 4 of 2013. See s 41A of FICA.

TSAR 2018.2 [ISSN O257 - 7747]

The risk-based approach is accordingly the antithesis of a rules-based approach.6 0

" Minister Signs FICAmendment Act into Operation(n 45).

[ISSN O257 - 7747] TSAR 2018.2

6.2.1 Identification and assessment of inherent risk

TSAR 2018.2 [ISSN O257 -7747J

"the likelihood and impact of money laundering or terrorist financing activities

[ISSN 0257 - 7747J1 TSAR 2018.2

6.2.1.1 Business-based risk assessments

6.2.1.2 Relationship-based risk assessments

8 See par 6.3.4 below in this regard.

It is also imperative that the money-laundering and terrorist-financing risk in any

6.2.2 Risk management and mitigation

The potential risk mitigation measures include: increased automated transaction

93 Spruyt (n 10) 27.

[ISSN 0257 - 7747] TSAR 2018.2

6.2.3 Reviewing the risk-based approach

6.3 Impact of the risk-based approach

6.3.1 Customer due diligence requirements

TSAR 2018.2 [ISSN 0257 - 7747]

10' (n 16) par 74.

[ISSN O257 - 7747J1 TSAR 2018 -2

in a business relationship." 6 The remaining provisions referred to above". relate

6.3.2 Beneficial ownership

6.3.2.1 Legal persons

TSAR 2018-2 [lSSN 0257 - 7747]

6.3.2.2 Partnerships and trusts

[lSSN 0257 - 7747] TSAR 2018.2

identities of the "beneficial owners" must then also be verified.