The KPMG Africa AML Survey 2012 showed that AML is a high priority within banks and AML Compliance in the future will continue to enjoy prominence, with the investment in AML predicted to increase over the next 3 years, in some cases between 21 and 50 percent. “It has to do with more than just legislative obligations. The bank’s reputation is at risk and the consequences of major financial penalties being borne by the bank should be kept in mind.”
Having recently being involved in the set up of a local branch and AML function of a foreign bank in South Africa, the following key areas of focus in implementing an effective and compliant AML function are to be noted.
- Registration with the FIC (“Financial Intelligence Centre”):
As a starting point, the local branch will be required to register with the FIC as an Accountable Institution in terms of Section 43B of FICA. Registration is required within 90 days of the day the business opened. The branch will be an Accountable Institution under Schedule 1 of FICA, item 6 “a person who carries on the business of a bank as defined in the Banks Act, 1990” and may also be classified under item 10 as “a person who carries on the business of dealing in foreign exchange”, should the Branch have obtained an Authorised Dealers’ Licence from National Treasury. If this is the case, two separate registrations with the FIC would be required.
- Appointment of MLRO (“Money Laundering Reporting Officer”)
Section 43(b) of FICA requires the branch to appoint an MLRO who will ensure compliance by the employees of the branch and the branch itself with the provisions of FICA and the internal AML/CFT policies and procedures. The MLRO should have the correct level of seniority within the Branch. While it is not a specific legislative requirement, the SARB has made its intention clear that the positions of MLRO and general Compliance Officer of the branch should be filled by two independent people to ensure adequate segregation of duties between the functions. Should this not be fulfilled it could lead to fines being imposed on the Branch from the SARB.
- Policies and procedures
The local branch will be required by Section 42 of FICA to implement internal rules or policies and procedures for AML and KYC (“Know Your Client”) which must be made available to all employees. It is important to note that the local MLRO of the South African branch will need to do a detailed gap analysis between the group AML / CFT procedure of the bank globally and the local FICA and related legislation. Where gaps exist between the two, the more stringent requirement must be applied. The branch should have a local KYC / AML policy as an addendum to the group procedure. This must be approved by the Executive Management Committee and if requested, a copy must be provided to the FIC or Supervisory Body.
Section 43 of FICA requires training to be provided to the Branches employees. The training should be comprehensive and evidence of the training should be maintained. Evidence would include meeting requests in the Outlook calendar of staff and a signed attendance register. These would ordinarily be inspected by the SARB during an on-site review. Furthermore the SARB have indicated that they expect branches to conduct an evaluation test at the end of training.It is suggested that the branch should keep evidence of this too in preparation for on-site visits.
- Customer Due Diligence and KYC process
An effective and comprehensive KYC programme is not only a legal and regulatory requirement but also provides the Branch with the first line of defence in combating financial crime.The Customer Identification and Verification rules of FICA should be strictly implemented. Furthermore, a Risk Based Approach should be followed to ensure that high risk clients are identified, such as Politically Exposed Persons (“PEPs”) and clients involved in risky industries and jurisdictions, amongst others. Additional due diligence procedures should be applied to high risk clients or when there has been no face to face meeting with the prospective client.The SARB is now emphasizing the importance of customer due diligence at the “coal face” or front line of the business.
- Cash Threshold Reporting (“CTR”) and Suspicious Transaction Reporting (“STR”)
The Branch will have an obligation to report all cash transactions paid or received above the threshold of R24 999 to the FIC within 2 days as well as any suspicious or unusual transactions conducted by clients. Failure to report as required will result in penalties not exceeding R100 million or imprisonment not exceeding 15 years.
- Transaction and payment monitoring
Sufficient monitoring tools must be implemented by the Branch in order to monitor transactions and payments to detect potential money laundering as well as reportable transactions. Screening tools such as Reuters Worldcheck and Lexus Nexus should be subscribed to in order to ensure sufficient background checks and sanctions checks are performed on company names, directors, authorised persons and individuals.
- Tone at the top
In Guidance Note 10 of 2012, the Registrar of Banks stated that the SARB requires the board of directors of a bank (and the executive management in the case of a branch) to emphasise and prioritise the nature and extent of AML/CFT controls applicable to its bank’s relevant operations. From this it can be seen that it is imperative for the executive management of the branch to set the tone at the top with regards to the importance of AML/CFT controls. Compliance should have direct access to the CEO of the branch and AML compliance should be a recurring agenda point at the Executive Management Committee meetings.