South Africa
Financial Intelligence Centre Act, 2001
Guidance Note 1: General guidance concerning identification of clients, 2004
Government Notice 534 of 2004
- Published in Government Gazette 26278 on 30 April 2004
- Commenced on 30 April 2004
- [This is the version of this document from 30 April 2004.]
Introduction
Money Laundering is criminalised in section 4 of the Prevention of Organised Crime Act, 1998. The money laundering offence can basically be described as the performing of any act which may result in concealing the nature of the proceeds of crime or of enabling a person to avoid prosecution or in the diminishing of such proceeds.Apart from criminalising the activities constituting money laundering, South African law also contains a number of control measures aimed at facilitating the detection and investigation of money laundering. These are contained in the Financial Intelligence Centre Act, 2001.These measures are based on three basic principles of money laundering detection and investigation i.e. that:intermediaries to the financial system must know with whom they are doing business,the paper trail of transactions through the financial system must be preserved, andpossible money laundering transactions must be brought to the attention of investigating authorities.The control measures introduced by the Financial Intelligence Centre Act, 2001 (“the Act”) include requirements for institutions to establish and verify the identities of their clients, to keep certain records, to report certain information and to implement measures that will assist them in complying with the Act.The majority of obligations under the Financial Intelligence Centre Act apply to “accountable institutions”. These are institutions which fall within any one of the categories of institutions listed in Schedule 1 to the Act.The Act also established the Financial Intelligence Centre as the agency responsible for the collection, analysis and disclosure of information to assist in the detection, prevention and deterrence of money laundering in South Africa.The Act empowers the Centre to provide guidance in relation to a number of matters. This Guidance Note has been prepared by the Centre to assist accountable institutions and supervisory bodies with the practical application of the client identification requirements of the Act. It is provided as general information only. This Guidance Note is not legal advice and is not intended to replace the Act and Money Laundering Control Regulations (“the Regulations") issued under the Act in December 2002.Establishing and verifying identity — a risk-based approach?
The Act prevents accountable institutions from establishing business relationships or entering into single transactions with their clients unless they have established and verified the identities of the clients concerned and of the agents and principals of their clients. The Act also requires institutions to verify and agent’s authority to act on behalf of a principal.The Regulations provide some detail on the identification and verification of most classes of clients an institution is likely to deal with. These are, for instance, natural persons, companies and close corporations, other legal persons, partnerships and trusts.The Regulations require institutions to obtain specific information concerning the identities of each these categories of clients. The Regulations also indicate the manner in which the basic client identification particulars should be verified. For instance, an individual’s name and identity number should be verified by reference to an identity document. Other forms of verification are only acceptable if a person is, for a reason which is acceptable to the institution, unable to produce an identity document. Additional identification particulars, such as residential addresses, may be verified by reference to any information which can reasonably be expected to serve as verification for the particulars in question.The combination of the Act and the Regulations require that accountable institutions identify all clients with whom they do business unless an exemption applies in a given circumstance. However, institutions are not required to follow a one-size-fits-all approach in the methods they use and the levels of verification they apply to all relevant clients.In many instances in the Regulations reference is made to the fact that accountable institutions must verify certain particulars against information which can be reasonably expected to achieve such verification and is obtained by reasonably practical means, taking into account any guidance notes concerning the verification of identities which may apply. This means that in these specific instances an institution must assess what information may be necessary in order to achieve verification of the particulars in question and the means by which it can be obtained. The institution must then exercise its judgment and decide what the appropriate balance is between the level of verification and the most practical means to obtain such verification.The use of expressions in the Regulations such as “can reasonably be expected to achieve such verification” and “is obtained by reasonably practical means” may therefore be taken as an indication that in those specific instances a risk-based approach to the verification of the particulars in question may be applied. This implies that the greater the risk, the higher the level of verification, and the more secure the methods of verification used, should be. In other words, in the instances where expressions such as “can reasonably be expected to achieve such verification” and “is obtained by reasonably practical means” are used in the Regulations, the balance between the accuracy of the verification required on the one hand, and the level of effort invested in the means to obtain such verification on the other, has to be commensurate with the nature of the risk involved in a given business relationship or transaction.Applying a risk-based approach to the verification of the relevant particulars implies that an accountable institution can accurately assess the risk involved. It also implies that an accountable institution can take an informed decision on the basis of its risk assessment as to the appropriate methods and levels of verification that should be applied in a given circumstance. An accountable institution should therefore always have grounds on which it can base its justification for a decision that the appropriate balance, referred to above, was struck in a given circumstance.Accurately assessing the relevant risk means determining, firstly, how the reasonable manager in a similar institution would rate the risk involved with regard to a particular client, a particular product and a particular transaction, and secondly, what likelihood, danger or possibility can be foreseen of money laundering occurring with the client profile, product type or transaction in question. It is imperative that the money laundering risk in any given circumstance be determined on a holistic basis. In other words, the ultimate risk rating accorded to a particular business relationship or transaction must be a function of all factors which may be relevant to the combination of a particular client profile, product type and transaction.The assessment of these risk factors should best be done by means of a systematic approach to determining different risk classes and identify criteria to characterise clients and products. In order to achieve this an accountable institution would need to document and make use of a risk framework.A risk matrix could serve as a tool to provide an objective basis to the assessment of several risk indicators. An example of a risk matrix which may be used in relation to banking services is provided below. (Please note that this is an example of the format of a risk matrix which might be used by accountable institutions. The contents of this example might not suit your institution without further customization and should not be regarded as complete or final. It is important that the weightings enable adequate segmentation and prioritization of risk which will depend on the customer and product profile of each institution.) Once a proper risk assessment is done an institution must put in place measures to isolate the different risk classes and to ensure that procedures which are appropriate only for lower risk classes are not applied in relation to higher risk classes. Due regard needs to be paid to the practicability of segregating different risk categories. As with all risk management, an institution's risk framework needs to be regularly updated and supported with documentation to enable and ensure compliance within each institution.Risk Indicators Concerning Products
History of this document
30 April 2004 this version
Commenced