This directive requires accountable institutions to periodically assess both current and prospective employees for their competence and integrity, in a risk-based manner, as well as scrutinise employee information against targeted financial sanctions lists. The purpose of this, according to the directive, is to identify, assess, monitor, mitigate and manage the risk of money laundering, terrorist financing and proliferation financing. The directive seeks to ensure that accountable institutions not only have measures that manage the risks associated with money laundering, terrorist financing and proliferation financing in respect of external parties, clients and external stakeholders, but also in relation to the risks that may arise internally in respect of its employees.

In conducting this assessment, in compliance with section 26A(3) of FICA, an accountable institution must determine whether any current or prospective employee has been the subject of a resolution adopted by the Security Council of the United Nations, where it is identified as a target for financial sanctions which entail member states of the United Nations to take the actions specified in the resolution.

Accountable institutions are required to document how the evaluation was carried out and preserve records of the findings, which should be accessible to the FIC upon demand.

The guiding document

In addition to the directive, the FIC has issued a guiding document (PCC 55) that furnishes guiding documents on compliance with the directive. The guiding document is authoritative and accountable institutions are required to comply with the guidelines unless they can demonstrate they have complied with the relevant obligation under FICA in an equivalent manner. The guiding document furnishes minimum standards of compliance and if employers have enhanced standards of screening it is recommended that they retain these enhanced standards.

According to the guiding document, a risk-based approach to screening of employees entails an assessment of employee roles in relation to the risks that present in respect of those roles. Therefore, higher risk roles require more frequent screening, and the FIC recommends at least an annual screening for high risk roles, at the minimum. In respect of prospective employees, the screening must be conducted prior to appointment.

Further to the above, the guiding document furnishes practical advice to employers on how to conduct the screening. Screening for competence refers to determining whether the employee has the necessary skills, knowledge and expertise to perform their functions effectively and this screening should be aligned with the organisation’s risk-based approach. Screening for integrity relates to the honesty and moral principles of an employee and includes a previous criminal record particularly relating to crimes of a financial nature, or where someone has been associated with an accountable institution that was not compliant, or where the employee was found to contravene relevant procedures and standards. In addition, an enhanced screening would take into account an employee’s association with high risk clients or persons, or if they are a national of a geographical territory that is identified as high risk for terrorist funding and financial proliferation.

Effective date and non-compliance

The directive is effective from 31 March 2023 and accountable institutions are required to comply as soon as possible. Non-compliance may lead to penalties of up to R50 million.

Accountable institutions

Accountable institutions, both natural and juristic persons, in terms of FICA, includes the following:

• Attorneys, advocates, or a commercial juristic entities established to conduct a legal practice.
• A person who carries on the business of preparing for, or carrying out, transactions for a client that involve the organisation of contributions necessary for the creation, operation or management of a company, or of an external company or of a foreign company or the operation or management of a close corporation.
• A person who carries on the business of acting for a client as a nominee or arranging for another person to act for a client as such nominee, or a person who carries on the business of creating a trust arrangement for a client or a person who carries on the business of preparing for or carrying out transactions related to the investment, safe keeping, control or administering of trust property.
• An estate agent.
• Financial operators and institutions, including the following:
• An authorised user of an exchange as defined in the Financial Markets Act 19 of 2012 (Financial Markets Act).
• A manager registered in terms of the Collective Investment Schemes Control Act 45 of 2002.
• A person who carries on the “business of a bank” as defined in the Banks Act 94 of 1990.
• A mutual bank as defined in the Mutual Banks Act 124 of 1993.
• A co-operative bank as defined in the Co-operative Banks Act 40 of 2007.
• A person who carries on a “life insurance business” as defined in the Insurance Act 18 of 2017 (excluding reinsurance businesses).
• A person who carries on the business of dealing in foreign exchange.
• A person who carries on the business of a credit provider as defined in the National Credit Act 34 of 2005 (National Credit Act).
• A person who carries on the business of providing credit in terms of any credit agreement that is excluded from the application of the National Credit Act.
• A person who carries on the business of a financial services provider requiring authorisation in terms of the Financial Advisory and Intermediary Services Act 37 of 2002, to provide advice or intermediary services in respect of the investment of any financial product (but excluding a non-life insurance policy, reinsurance business as defined in the applicable legislation and the business of a medical scheme as defined in the Medical Schemes Act 131 of 1998.
• A person who issues, sells or redeems travellers’ cheques, money orders or similar instruments.
• A person who carries on the business of making available a gambling activity in respect of which a license is required to be issued by the National Gambling Board or a provincial licensing authority.
• The South African Postbank Limited.
• A person who carries on the business of a money or value transfer provider.
• A person who carries on the business of dealing in high-value goods in respect of any transaction where such a business receives payment in any form to the value of R100,000 or more, whether the payment is made in a single operation or in more than one operation that appears to be linked, where “high-value goods” means any item that is valued in that business at R100,000 or more.
• The South African Mint Company (RF) (Pty) Ltd, only to the extent that it distributes non-circulation coins in retail trade and where in respect of such transactions it receives payment in any form to the value of R100,000 or more, whether the payment is made in a single operation or in more than one operation that appears to be linked.
• A person who carries on the business of one or more of the following activities or operations for or on behalf of a client:
  • Exchanging a crypto asset for a fiat currency or vice versa.
  • Exchanging one form of crypto asset for another.
  • Conducting a transaction that transfers a crypto asset from one crypto asset address or account to another.
  • Safekeeping or administration of a crypto asset or an instrument enabling control over a crypto asset.
  • Participation in and provision of financial services related to an issuer’s offer or sale of a crypto asset.
  • Where “crypto asset” means a digital representation of perceived value that can be traded or transferred electronically within a community of users of the internet who consider it as a medium of exchange, unit of account or store of value and use it for payment or investment purposes, but does not include a digital representation of a fiat currency or a security as defined in the Financial Markets Act.
  • A clearing system participant as defined in section 1 of the National Payment System Act 78 of 1998 that facilitates or enables the origination or receipt of any electronic funds transfer and or acts as an intermediary in receiving or transmitting the electronic funds transfer.

Compliance with employment legislation and POPI

The guiding document states that the directive and the guiding document must be applied in compliance with applicable labour laws including but not limited to the Labour Relations Act 66 of 1995, the Basic Conditions of Employment Act 75 of 1997. However, neither the directive nor the guiding document mentions the implications of the Protection of Personal Information Act 4 of 2013 (POPI).

Employers must ensure that when collecting and processing protected personal information, that they are always compliant with their obligations in terms of POPI. Below is a list of some important factors for accountable institutions to consider when conducting the type of screening that is required in terms of the directive and the guiding document.

In terms of POPI, a current or prospective employee holds various rights with respects to the processing of their personal information. This includes, inter alia, the right to be notified that personal information relating to them is being collected, and grants them the right to request information about the identity of any or all third parties who have had access or can access their personal information. Furthermore, all personal information collected must be for a specific, explicitly defined and lawful purpose related to a function or activity of the entity collecting the data. In order to comply with this section, employers must ensure that the data collected from their current or prospective employees is for an explicitly defined and specific reason which is lawful and legitimate. Employers must therefore ensure that they do not overreach in collecting and processing personal information and data about current and prospective employees and implement mechanisms to protect the personal information from unauthorised access.

It would be prudent for accountable institutions to ensure that in giving effect to the requirements of the directive and guiding document, that their obligations in terms of POPI and employment legislation are maintained and include these components in their risk assessment plans.