Section 29 of FICA relates to reporting suspicious or unusual transactions. It requires any person carrying on, managing or employed by a business to report certain transactions to the FIC. These transactions are listed in s29 and include, amongst others, those:
- where the business has received or is about to receive the proceeds of unlawful activities;
- which have no apparent business or lawful purpose;
- which are facilitated or likely to facilitate the transfer of the proceeds of unlawful activities;
- conducted to avoid a reporting duty in terms of FICA; or
- by which the business has been used or is about to be used in any way for money laundering purposes.
The obligation to report these types of transactions is placed on a person “who knows or ought reasonably to have known or suspected” such transactions. In terms of FICA, a reporter is not required to have actual proof of a suspicious transaction and a mere reasonable suspicion is sufficient for reporting purposes. The reporter’s suspicion ought to be based on an assessment of all the known circumstances relating to the relevant transaction including, for example, knowledge of the client’s business, financial history, background and behaviour.
On 29 March 2019, the FIC published directive 5/2019 in Government Gazette No 42357, relating to the use of automated transaction monitoring systems (Monitoring Systems) for detecting and submitting regulatory reports to the FIC as required in terms of s29(2) of FICA.
This directive applies to all accountable institutions (AIs) and reporting institutions as defined in FICA, and other persons who use Monitoring Systems to enable them to discharge their obligation of submitting regulatory reports to the FIC in compliance with their reporting obligations (collectively “reporters”).
The directive establishes conditions for the use of Monitoring Systems by reporters to identify potentially suspicious and unusual activities or transactions, or a series of transactions, and to ensure that proper governance arrangements are implemented to enable reporters to fully comply with their reporting obligations.
In terms of the directive, reporters are required to attend to all alerts generated by the relevant Monitoring System within 48 hours of an alert being generated with a view to determining whether a report should be submitted to the FIC.
According to the directive, reporters are deemed to have knowledge of the possible suspicious and unusual activity when an alert is generated by the relevant Monitoring System. Suspicious and unusual transaction or activity reports must be submitted to the FIC in accordance with regulation 24(3) of the Money Laundering and Terrorist Financing Control Regulations as soon as possible but not later than 15 days after the alert has been generated by the Monitoring System.
Reporters are also required to comply with, amongst others, the following conditions for using a Monitoring System:
- the persons/group of persons exercising the highest level of authority in an AI, and who are responsible for ensuring the effectiveness of the compliance function of an AI, must have adequate oversight over the process of implementing the Monitoring System, alert management, the adequacy of rules and/or scenarios implemented including testing and reports arising from alerts generated by the Monitoring System;
- ensuring that all alerts are timeously investigated to ensure that reports are submitted to the FIC within the prescribed period;
- clearly allocating responsibilities for reviewing, investigating and reporting alerts generated by the Monitoring System within their respective organisations. These responsible persons are required to have the appropriate level of skill required to perform this function and must be regularly trained to identify unusual and suspicious activities;
- all investigations and decisions taken relating to alerts generated by the Monitoring System must be adequately documented and kept in a manner which is readily accessible to the reporter’s relevant supervisory body and/or the FIC;
- adequately skilled staff must be appointed by reporters to deal with volumes of alerts generated by the Monitoring System;
- ensuring that there are adequate resources to report timeously and not create a backlog of unattended alerts;
- in instances where a suspicious or unusual transaction activity is detected by a reporter, other than through a Monitoring System, the reporter must ensure that the Monitoring System detection rules are developed and implemented to enable future detection of similar scenarios by the Monitoring System; and
- ensuring that the detection methodology and effectiveness of the Monitoring System are validated and tested to ensure detection of potentially suspicious and unusual transactions or a series of transactions, resulting in the generation of high-quality alerts which are effectively utilised by the reporter.
The use of a Monitoring System by a reporter must not prevent it from receiving manual reports from internal stakeholders regarding suspicious and unusual activity or transactions.
In instances where reporters are AIs, the investigation of automated alerts as well as the process for reporting information to the FIC must be included in the AI’s risk management and compliance program (RMCP). The effectiveness of a Monitoring System must be periodically reviewed and approved, at least annually, by persons exercising the highest level of authority in an AI as well as in accordance with the relevant RMCP.
Where several Monitoring Systems operate independently from one another, reporters are required to ensure that the systems are integrated to provide a holistic view of both the alerts generated and the total number of suspicious and unusual transactions or activity reports submitted in respect of a specific customer. In instances where reporters have branches, departments and partnering agents, a Monitoring System is required to monitor client transactions across all products and services including those transactions effected by agents.
In instances where the reporter is a subsidiary or branch of a foreign organisation which uses a Monitoring System, the reporter is required to have procedures in place to ensure that its usage of a Monitoring System is adequately customised to mitigate domestic money laundering and terrorist financing risks.
FIC’s directive 5/2019 is effective from 29 March 2019 and failure to comply with it may result in the imposition of administrative sanctions on reporters, as contained in s45C of FICA. When determining an appropriate administrative sanction, the FIC or the relevant supervisory body must consider, amongst others, the nature, duration, seriousness and extent of non-compliance by the reporter, whether the reporter has previously failed to comply with any law as well as the remedial steps, if any, taken by the reporter to prevent a recurrence of the non-compliance.
Non-compliance may result in an imposition of any one or more of the following administrative sanctions:
- a caution not to repeat the conduct which led to the non-compliance;
- a reprimand;
- a directive to take remedial action or to make specific arrangements;
- a restriction or suspension of certain specified business activities; or
- a financial penalty not exceeding R10 million in respect of natural persons and R50 million in respect of any legal persons.
FIC’s directive 5/2019 appears to establish uniform guidelines for the use of Monitoring Systems by reporters, whilst integrating aspects of the risk-based approach to customer due diligence (relating to ongoing due diligence of client transactions as well as monitoring client transactions across a variety of products and services).