News / E-Bulletin

Large fines show FSCA is focused on enforcement to leave the grey list – a red flag for non-compliant financial services providers as more fines likely

Apr 15,2024

Hilah Laskov - Director

Gone are the days of box-ticking.

The FSCA has imposed penalties on financial services providers for non-compliance with FICA

The Financial Sector Conduct Authority (FSCA) has recently imposed administrative sanctions on three financial services providers (FSPs), in each case for failing to comply with certain provisions of the Financial Intelligence Centre Act (FICA).

The fines range from R400,000 to a staggering R16 million.

In each case, Risk Management and Compliance Programmes (RMCP) for Anti-Money Laundering and the Combating of the Financing of Terrorism (AML/CFT) were in place, however, the FSCA found these RMCPs to be inadequate. Further, in each case there were failures to implement the RMCP. Deficiencies in the RMCPs included that the FSP failed to set out how it would comply with FICA as it relates to, among other things: (a) examining complex or unusually large transactions and unusual transaction patterns; (b) performing customer due diligence when, during the course of a business relationship, the FSP suspects that a transaction or activity is suspicious or unusual; (c) terminating business relationships; (d) enabling the FSP to determine when a transaction or activity is reportable to the Financial Intelligence Centre (FIC); and (e) the implementation of its RMCP. The FSCA consistently highlighted the vital role that RMCPs play in mitigating money laundering and terrorist financing risks.

Other grounds for imposing the fines included that FSPs failed to identify and verify the identity of some clients, including the beneficial owners of some clients, failed to provide evidence of having conducted ongoing due diligence for some client and failed to screen clients, including beneficial owners, against the Targeted Financial Sanctions Lists (TFSL) issued by the United Nations Security Council.

What this reveals is that the expectations of the FSCA on FSPs have increased. It is inadequate that an FSP ticks the box and merely has an RMCP in place. Failure to fully comply carries serious consequences.

SA addressed technical deficiencies in its AML/CFT regime owing to grey listing

South Africa was placed on the grey list by the Financial Action Task Force (FATF) in February 2023. An Action Plan was adopted listing 22 action items. South Africa is required to address all 22 to exit the FATF grey list.

The deadlines for addressing the action items fall between January 2024 to January 2025.

Even before being grey listed, efforts were made to address the technical deficiencies in South Africa’s AML/CFT regime. The hope at that time was to avoid grey listing. For example, the General Laws (Anti-Money Laundering and Combating Terrorism Financing) Amendment Act (GLAA) was adopted. The GLAA amended no fewer than five pieces of legislation, including the Trust Property Control Act and the Companies Act, requiring gathering beneficial ownership information and submitting this beneficial ownership information to the relevant regulators.

Notwithstanding that many of the technical deficiencies had already been addressed, South Africa’s efforts to avoid grey listing were unsuccessful.

Since having been grey listed, various regulators, including the FIC and National Treasury as well as the FSCA, which is responsible for supervising and enforcing FSPs’ compliance with FICA, have been addressing the items in the Action Plan.

South Africa saw a flurry of legislative amendments and regulations to fill remaining technical lacunae in South Africa’s AML/CFT regime. This included expanding the mandate of the FIC under FICA to allow for more effective monitoring and detection capabilities and the fortification of administrative sanctions for non-compliance (which have now been put to good use).

The FSCA shifts its focus to enforcement to leave the FATF’s grey list

Enforcement of FICA and other legislation and regulations, such as the GLAA, now appear to be the prime objective.

This focus on enforcement appears to be much in line with the FATF’s progress evaluation, as reported on 23 February 2024.

In its report, the FATF indicates that South Africa should continue to work on implementing its Action Plan to address its strategic deficiencies, which includes (amongst others) (a) improving risk-based supervision and demonstrating that all AML/CFT supervisors apply effective, proportionate, and effective sanctions for noncompliance; (b) ensuring that competent authorities have timely access to accurate and up-to-date beneficial ownership information and apply sanctions for breaches of violation of beneficial ownership obligations; (c) ensuring the effective implementation of targeted financial sanctions.

FSPs should expect more fines from the FSCA

While some have commented that the penalties imposed on the penalised FSPs seem steep in the context of their contraventions, the FSCA has made it plain that they regard the contraventions to be serious. The FSCA has stated that –

“[a]ll accountable institutions are urged to continue reviewing and strengthening their anti-money laundering and terrorist financing risk and control environments. Failure to do so will result in firm regulatory action.”

FSPs should expect firm enforcement action from the FSCA, including more fines being imposed on non-compliant FSPs.

FSPs should guard against enforcement actions by the FSCA: compliance and integration

Given the strong desire for South Africa to be removed from the grey list, the outstanding items in the Action Plan and the FATF’s most recent progress review, not to mention the administrative sanctions already imposed on FSPs by the FSCA, FSPs should certainly heed these words of warning from the FSCA.

FSPs must verify clients (including beneficial owners), conduct ongoing due diligence and  perform screenings against the TFSL.

FSPs must ensure not only that they have an RMCP, but that it is up to date with current regulations, that it is complete, customised to the risks of that FSP and that it provides for the means by which it will be implemented within the organisation. The RMCP must then, in fact, be implemented.

FSPs must prioritise engendering a culture of widespread AML/CFT awareness within their organisations and meaningful AML/CFT compliance if they wish to avoid undesirable attention from the FSCA.