KYC is a business principle within the Financial Intelligence Centre Act, 2001 (FICA) that encourages qualifying companies and entities to establish and verify the identity of their clients before or during the time they do business (LexisNexis Digest 10-Dec-18).
Background to FICA
The FICA was promulgated on the 1st of February 2002 and came into effect on 1 July 2003, intending to regulate South Africa’s anti-money laundering and counter-terrorism financing programmes. FICA was then further amended on the 27th of April 2017 and signed into law as the Financial Intelligence Centre Amendment Act, 2017.
In terms of FICA, all accountable institutions have specific duties to help prevent money laundering. FICA imposes certain obligations on accountable institutions as listed in Chapter 3 of the FICA and are, inter alia:
- the duty to identify clients:
- the duty to keep records:
- reporting duties and access to information (Part 3); and
- measures to promote compliance by accountable institutions (Part 4).
The KYC principle focuses on the first duty, the duty to identify all clients for every transaction or business relationship entered. The KYC principle plays a crucial role in compliance with the FICA requirements and responsibilities. Amongst others, it provides for controls which usually include the below (LexisNexis Digest 10-Dec-18):
- collection and verification of identity documentation;
- screening against warning lists;
- client risk assessment; and
- investigations into clients’ financial transactions.
Moonstone describes the KYC requirements to include the following:
- for individuals: “proof of identification and address through to understanding a person’s source of wealth, business interests and family connections, especially if they have politically active family relations.”
- for businesses: “to understand the business, the entity structure, history, directors and shareholders, how the business operates and makes money”
Non-compliance with FICA
Sections 45C (3), 68(1) and 68(2) of FICA confirm the two types of penalties for non-compliance, they are:
The administrative sanction includes:
- a caution not to repeat the conduct which led to the non-compliance referred to in subsection (1);
- a reprimand;
- a directive to take remedial action or to make specific arrangements;
- the restriction or suspension of certain specified business activities; OR
- a financial penalty not exceeding R10 million in respect of natural persons and R50 million in respect of any legal person.
The criminal sanction includes:
- a maximum penalty of 15 years or a fine not exceeding R100 million; or
- a maximum sentence of five years or a fine not exceeding R10 million for certain lesser offences.
The Financial Intelligence Centre provides further guidance to companies in Guidance Note 3A on the identification and verification of their clients and confirms that a “one size fits all” approach in the methods and levels of verification is not required. A targeted approach must be taken when determining the money laundering risk, including a combination of methods that will assist in the differentiation between low, medium and high risk.
The key amendment to FICA was a shift from a rules-based approach to a risk-based approach to ensure FICA compliance. Meaning that accountable institutions must know their clients to consider the potential risk involved with establishing a business relationship or concluding a single transaction with them.