Learn about South Africa’s FICA law and how to comply with it
South Africa is taking steps to improve its anti-money laundering regulatory framework. In spite of the country’s Financial Intelligence Centre Act (FICA), South Africa still has work to do in order to strengthen the effectiveness of its AML/CFT regime.
South Africa has been a member of the Financial Action Task Force (FATF) since 2003. According to the FATF’s mutual report of 2021, the country has the potential to fight the spread of money laundering and terrorism financing, but it lacks in implementing its regulations. Realizing this issue, the government of South Africa has been continuously working towards creating a more efficient set of laws by amending FICA.
To give you a head start on South Africa’s AML laws, we at Sumsub prepared this guide explaining the structure of FICA.
The Financial Intelligence Centre Act (FICA) is the main Anti-Money Laundering (AML) law of South Africa. The act was first introduced in 2001 and amended in recent years to align with Financial Action Task Force (FATF) Recommendations. The Act tackles the following criminal activities:
The goal of FICA is to make South Africa a safe space to do business and ensure that companies comply with AML standards.
FICA is an essential element of the AML system in South Africa, as it outlines the requirements for companies to confront money laundering activities. The Act also grants the Financial Intelligence Center (FIC) the ability to oversee the affected companies.
According to FICA, companies have to check the identities of their customers and conduct ongoing monitoring afterwards. On top of this, companies have to register with the The Financial Sector Conduct Authority (FSCA) and provide reports on suspicious activities.
The following institutions have to comply with FICA in South Africa:
The above entities have to implement efficient AML policies into their workflow. Otherwise, they risk all sorts of penalties, including fines and imprisonment.
To comply, companies first have to register with the Financial Sector Conduct Authority (FSCA). After that, they need to submit regulatory reports to the institution. Failure to register will result in a financial penalty which shouldn’t exceed R10 million (approximately $522,900).
In order to successfully register and operate in South Africa, the following AML measures must be implemented:
Now, let’s talk about some of these steps in further detail.
Every company should appoint a compliance officer/MLROe in charge of implementing AML policies and providing necessary training to staff members. This includes educating employees on collecting and verifying information, ongoing monitoring, recordkeeping, and reporting.
FICA adopts a risk-based approach, which means that the extent of a given verification measure should fit the risk level of the client. By applying this approach, companies take measures that are commensurate with the identified risks. This allows companies to be more flexible when onboarding new clients. Thus, stricter verification measures may be applied for high-risk clients, and vice-versa.
Companies have to establish and verify the identities of new customers. The verification process must take place before the first transaction.
The exact information and documents needed for verification may vary, but at least the following information should be collected and checked for their authenticity:
Due to the rise of digital financial services, remote identity verification has become essential nowadays. According to FICA, South Africa accepts remote verification as supplements to physical verification.
This can include digital verification of identification documents, biometric recognition softwares such as liveness, or verification via reliable data sources.
As a part of the verification process, companies should check whether a person is present on any sanctions lists (e.g, OFAC, UN, HMT, EU, DFT). Companies should also check lists of adverse media and Politically Exposed Persons (PEPs). Companies can do so by using external services or available databases to ensure authenticity.
Affected entities must monitor the actions of their customers during the customer lifecycle. The goal of these procedures is to identify activities that are not consistent with pre-established patterns. This includes both transactions and behavioral patterns. As such, information on the customers should be updated regularly, while all records should be kept in databases.
Depending on the risk level identified, a company may subject a customer to different procedures.
Companies have to record the following information about their clients:
It’s also necessary to record the name of the employee that collected required information about the client.
All this information must be kept throughout the business relationship and for the next five years after the end of the relationship or last transaction.
Companies must submit Suspicious Transaction Reports (STRs) when suspicions arise, such as unusual transactions (e.g., atypically large ones or several small transactions with a specific pattern) or unusual behavior (e.g., change of geolocation). STRs must be submitted within 15 days from the moment the suspicion arose.
Another type of report that companies have to submit is the Cash Threshold Report (CTR). This one applies if a transaction exceeds R49,999.99 (approximately $2,614). Failure to submit an STR or CTR may result in financial penalties not exceeding R100 million (approximately $5.2 million) or imprisonment for up to 15 years.
Learn more about KYC in South Africa here.
The Financial Intelligence Centre Act (FICA) is the main Anti-Money Laundering (AML) legislation of South Africa. The Act outlines all the regulations companies have to follow in order to confront the spread of money laundering and terrorism financing.
The following institutions have to comply with FICA in South Africa:
Companies have to register with the Financial Intelligence Center and implement AML policies. These policies include:
Companies have to identify and verify their customers before establishing a business relationship or carrying out a transaction above a certain threshold. They also have to check the customer against lists of sanctions, adverse media, and PEPs. Companies also need to continue monitoring customer transactions and behavioral patterns on an ongoing basis.
The list of documents that can qualify as proof of residence is long and depends on the company. Acceptable documents should typically be issued within the last six months (the exact amount of time may vary). Some of the most common documents are: