News / Legal Brief
Sep 2,2020
by Tracy-Lee Janse van Rensburg, Director and Juliet Siwela, Candidate Attorney
On 21 July 2020, the Financial Intelligence Centre (“FIC“) published the draft public compliance communication, communication number 12A (“PCC12A“) for comment by members of the public. The submission date for comments was 11 August 2020. As has historically been the position, any guidance provided by the FIC is authoritative in nature and accountable institutions must comply with the guidance issued or will have to explain their reasons for non‑compliance if requested by the FIC. Enforcement action may also be instituted against an accountable institution for failure to comply with the provisions of the Financial Intelligence Centre Act, 38 of 2001, as amended (“FICA“), in areas where there has been non‑compliance with the guidance provided by the FIC.
As was previously indicated by the FIC, pursuant to the publication of public compliance communication 12 on 25 January 2012 (“PCC12“), accountable institutions remain responsible for their compliance obligations under FICA, irrespective of any internal arrangements which such accountable institutions may make relating to the manner in which those obligations are met. In terms of FICA, an accountable institution may not establish a business relationship or conclude a single transaction with a client, unless such accountable institution has established and verified the identity of that client. Whilst under PCC12, the FIC provided that an accountable institution may utilise the services of a third party to perform activities relating to establishing and verifying client identities, including in relation to the collection of documentation to establish and verify the identity of such clients and for record keeping purposes, an accountable institution will ultimately always remain liable for any compliance failures associated with and/or caused by any such outsourcing arrangement.
Accordingly, it is common cause that an accountable institution may employ the services of a third party to perform certain activities in fulfilling their compliance obligations under FICA and the regulations promulgated thereunder.
Pursuant to the provisions of PCC12A, it is evident that the FIC does not necessarily promote, dissuade or endorse any outsourcing arrangements. Should an accountable or reporting institution opt to make use of a third party service provider, this should be done at their own discretion. Ultimately, the relevant accountable institution will remain liable for any compliance failures which may arise as a result of any such outsourcing and this responsibility cannot be passed by the accountable institution to the third party service provider.
It is further pertinent to note that under PCC12A, the FIC is of the view that only certain compliance obligations may be outsourced by an accountable institution to a third party service provider and is further of the view that an accountable institution may not utilise the services of a third party service provider to risk rate their clients, nor to fulfil or discharge their reporting and registration obligations under FICA. Set out below is an analysis of some of the guidance contemplated in PCC12A by the FIC.
When considering whether to outsource its compliance activities, an accountable institution should take note of the following factors:
Accordingly, accountable institutions should carefully consider the above factors prior to concluding any outsourcing arrangement in relation to their obligations to identify and verify clients in terms of FICA.
The FIC has also identified defined parameters in relation to various activities which may not be outsourced by an accountable institution to a third party service provider. These include, inter alia,
Whilst records relating to information and/or documentation obtained through an accountable institution’s FICA processes may be stored by a third party service provider, the FIC does not recommend that an accountable institution outsource the requirement to retain regulatory reports which are to be submitted to the FIC nor any records of information relating to the contents or such reports. In particular, the FIC does not recommend that any reports required to be provided under sections 28, 28A and 29 of FICA should be outsourced to a third party service provider;
As such, an accountable institution must take cognisance of the various activities which simply may not be outsourced to a third party service provider and in respect of which they will ultimately remain responsible for in fulfilling their obligations under FICA.
Finally, insofar as an accountable institution does outsource certain of its functions to a third party service provider, it would be good practice for such accountable institution to conduct quality assessments of their third party service providers at various intervals. Such quality assessments may be done through the use of an internal audit function or external auditors to ensure that adequate levels of service offered by a third party service provider are in fact being met.
In conclusion, whilst the identification and verification of the identity of clients and certain record keeping activities may be outsourced to third parties, an accountable institution will always remain liable for any compliance failures relative to such outsourced function and under PCC12A an accountable institution may not, under any circumstances, outsource specific identified functions.
NEWS / Legal Brief
Blackouts, further tariff hikes point to ‘inevitable’ financial distress for SA businesses this yearNEWS / Legal Brief
An exercise in Restraint of trade agreements, what not to do!NEWS / Legal Brief
Crypto asset regulation gaining traction in South Africa