The purpose of PCC103 is to provide guidance to non-profit organisations (NPOs), NPO regulators as well as third parties dealing with NPOs on combating terrorist financing (TF) and money laundering (ML) risks within the NPO sector. PCC103 also provides guidance on voluntary disclosure reporting (VDR) by NPOs, NPO regulators or third parties in instances where an NPO is known to be or suspected of being misused for TF or ML.
NPOs have been identified by the Financial Action Task Force’s (FATF) recommendation 8 as entities which are susceptible to abuse by criminals for TF and ML. South Africa is a member of FATF in terms of which it has expressed a level of commitment to anti-money laundering (AML) and counter-terrorist financing initiatives. FATF is an independent intergovernmental body, mandated to, amongst others, develop policies to combat ML and TF in the global financial system. FATF’s recommendations provide a comprehensive framework of AML and counter-terrorist financing measures which are recognised internationally as the AML standard of best practice.
South African legal framework
According to a national research study released in October 2017, titled Civil Society in South Africa, there were approximately 145,152 registered NPOs in South Africa as at October 2015. South African NPOs are governed by the Nonprofit Organisations Act 71 of 1997 (NPO Act) and the Companies Act 71 of 2008 (Companies Act).
In terms of the NPO Act, registration is not mandatory for NPOs, however, NPOs may register voluntarily with the Department of Social Development (DSD) which is mandated as the NPO regulator in terms of the NPO Act. NPOs may also register as a non-profit company (NPC) in terms of the Companies Act, which are subject to the provisions of the Companies Act and regulated by the Companies and Intellectual Property Commission (CIPC). NPOs may also be registered as trusts with the applicable master of the High Court (Master).
Whether registered with the DSD, CIPC or the Master (collectively, NPO Regulators), NPOs are required to register with the South African Revenue Services (SARS) which regulates NPOs from a tax perspective.
As NPO registration is done on a voluntarily basis, there are instances where NPOs are not registered with the DSD, CIPC or the Master. These NPOs are referred to as Voluntary Associations.
Since Voluntary Associations are not subject to any regulatory oversight or legislation aimed at mitigating ML or TF risk, such entities pose a heightened risk of ML and TF abuse. Criminals see Voluntary Associations as easy targets because the proceeds of unlawful transactions and activities have a minimal risk of detection.
In compliance with its international obligations to combat, amongst others, ML and TF, South Africa promulgated the Financial Intelligence Centre Act 38 of 2001 (FICA), the Protection of Constitutional Democracy against Terrorist and Related Activities Act 33 of 2004 (POCDATARA) and the Prevention of Organized Crime Act 121 of 1998 (POCA).
Section 26B of FICA relates to, amongst others, the prohibition on dealing with individuals and entities identified by the United Nations Security Council Resolutions (UNSC Resolutions). These are individuals or entities which are subject to financial sanctions that restrict those individuals and entities from having access to funds and property under their control and from receiving financial services in relation to such funds and property. The section applies to all individuals as well as individuals affiliated to NPOs.
Section 26B(1)(d) of FICA prohibits NPOs from, directly or indirectly, providing or making available or inviting a person to provide or make available economic support to the above individuals and entities. As a result, NPOs are prohibited from accepting or providing economic support to entities or persons identified in the UNSC Resolutions. A list of the above individuals and entities, titled the Consolidated Targeted Financial Sanctions is accessible on the FIC’s website.
Section 4 of POCDATARA specifies offences associated with TF. It prohibits either providing or making available or inviting a person to provide or make available economic support which, amongst others, could be used for:
- terrorism and related offences including TF; and/or
- for the benefit of individuals and entities which, amongst others, are identified in the UNSC Resolutions as entities against which action must be taken to combat TF or related activities.
This section applies to all individuals including individuals affiliated to NPOs.
A list of the above individuals and entities is accessible on the South African Police Service (SAPS) website.
Section 12 of POCDATARA places a duty on individuals, including individuals affiliated to NPOs, who have reason to suspect that an individual intends to commit or has committed terrorism or TF offences to report such suspicion to a SAPS official.
Individuals affiliated with NPOs who contravene the above provisions are liable to prosecution in terms of section 49A of FICA and/or section 18 of POCDATARA.
Sections 4, 5 and 6 of POCA specify offences relating to ML, assisting another to benefit from the proceeds of unlawful activities, and the acquisition, possession or use of proceeds of unlawful activities, respectively. The above provisions, including the corresponding penalties, apply to all individuals as well as individuals affiliated to NPOs.
Risk rating NPOs
An NPO may pose a higher risk of exposure to ML and TF depending on, amongst others, the sector in which it operates, the volume of cash with which it transacts and whether or not it is subject to regulatory oversight.
In terms of PCC 103, NPOs, NPO Regulators and third parties that deal with NPOs are recommended to risk rate NPOs to determine each NPO’s level of risk in relation to ML and TF in accordance with the risk-based approach to due diligence. The factors to be considered when risk rating an NPO, include its:
- goods and services provided;
- beneficiaries; and
Recommendations for NPOs
PCC103 recommends several measures, aimed specifically at NPOs, to mitigate their risk of exposure to ML and TF. These measures include:
- documenting the control structures and measures of the NPO, including the details of its founders, members and the like, in its organogram, policies and procedures;
- obtaining and reviewing major donor and beneficiary information to verify the legitimacy of its donors and beneficiaries, respectively. Information may include the intended use of funds by the beneficiary and the donor’s source of funds;
- maintaining records of all information obtained from its donors and beneficiaries including transaction records, which documentation should be made available to NPO Regulators for assessment as and when required;
- adequately documenting its operational processes including fundraising and beneficiary distribution processes, which documentation should be made available to NPO Regulators for assessment as and when required; and
- conducting inspections on beneficiaries where reasonable and requesting additional evidence from beneficiaries to determine whether funding has been used for the intended purposes.
In addition, entities, which are not registered as NPOs but operating as such, are advised to register with either the DSD or the CIPC to mitigate their risk of exposure to ML and TF.
Recommendations for NPO Regulators
PCC103 recommends several measures, aimed specifically at NPO Regulators, to mitigate the risk of exposure to ML and TF within the NPO sector. These measures include:
- providing ongoing guidance to the NPO sector on the TF and ML risks to which the sector is vulnerable, in the form of training, presentations and reading material;
- monitoring NPOs in order to detect possible ML and TF abuse as well as developing and implementing further controls that would assist in better regulating the NPO sector;
- requesting adequate information at the registration of an NPO, including the details of its affiliated individuals, to adequately risk rate the relevant NPO in relation to its risk of exposure to TF and ML;
- implementing enhanced measures to monitor activity when dealing with higher risk NPOs, in accordance with the risk based approach;
- conducting inspections on higher risk-rated NPOs with a view to determining whether the relevant NPO is operating legitimately in line with its stated purpose and dispersing funds to appropriate beneficiaries; and
- screening NPOs’ affiliated individuals, including the beneficiaries, against the lists of sanctioned individuals and entities referred to above.
Recommendations for third parties dealing with NPOs
Third parties that deal with NPOs include accountable and reporting institutions (AIs and RIs, as defined in FICA), donors, service providers and partners. When dealing with NPOs, third parties are required to exercise care to determine the legitimacy of the NPO concerned.
PCC103 recommends several measures aimed specifically at third parties dealing with NPOs to mitigate the risk of exposure to ML and TF. These measures include:
- determining whether the relevant NPO is registered with the DSD and/or the CIPC (the CIPC issues registration certificates to registered NPCs and the DSD allocates an NPO registration number which can be validated against the NPO database on the DSD website); and
- requesting adequate information from the relevant NPO regarding its affiliated individuals, its beneficiaries as well its operations.
In instances where the third party concerned is an AI or RI, they are also required to comply with the applicable requirements as set out in FICA.
NPOs and NPO Regulators who suspect or know that an NPO has been or is being misused for TF or ML purposes are advised to report to the FIC within a reasonable period by stating all the facts upon which the suspicion and/or knowledge is based in a VDR.
Filing a VDR is not mandatory and, as such, it is filed on a voluntary basis. In addition, filing a VDR is not a defence against prosecution for criminal activity, including TF or ML, or the institution of civil action against the reporter.
A person who submits a VDR is competent and compellable to give evidence in criminal proceedings arising from the VDR. Information concerning the identity of a voluntary reporter who has filed a VDR is admissible as evidence in criminal proceedings.
NPOs are recognised internationally as entities which are vulnerable to ML and TF abuse. This is especially so in South Africa, where registration of NPOs is not mandatory and, as such, NPOs are able to operate and transact without any regulatory oversight.
The implementation of AML and counter terrorist financing measures by NPOs, NPO Regulators and third parties dealing with NPOs is essential in addressing the risk posed by NPOs in relation to ML and TF abuse as well as strengthening the South African financial system against the dangers posed by ML and TF.