Financial Intelligence Centre FAIS Workshop Presented by The Financial Intelligence Centre 3 December 2013
Agenda The FIC Functions of the FIC Value Chain FIC - 2012/2013 in review Compliance framework Duties of AI s Guidance issued by the FIC Amendments to the FIC Act -2-
Objectives of the FIC Established in terms of section 2 of the FIC Act The objectives of the FIC are: To assist in identifying proceeds of unlawful activities and combating of money laundering and terror financing To make information available to investigating authorities, SBs, intelligence services and SARS Exchanging AML/CFT information with bodies in other countries that have similar objectives Supervise and enforce compliance with the FIC Act -3-
Functions of the FIC Collect, process, analyse and interpret information Inform, advise and cooperate with investigating authorities, supervisory bodies, SARS and the intelligence services Monitor and give guidance to accountable institutions, supervisory bodies and other persons regarding FIC Act duties and responsibilities Retain information in a manner as set out in the FIC Act Implement a registration system in respect of all AIs and RIs Supervise and enforce compliance with the FIC Act -4-
Value Chain FIC AI, RI & businesses need to comply with FIC Act Compliance is monitored and enforced by FIC and/or SB Data base of FIC receiving reports / information (STRs & CTRs) Referring of relevant intelligence to LEA/SARS/SSA or receiving of requests from LEA/SARS/SSA Enrich the reports / information with other data Monitoring & Analysing of reports received Criminal investigation (Law Enforcement) Support LEA with analysing of evidence (reconstruction of financial side of the investigation)
FIC - 2012/2013 in review Increase in the value of cases referred for investigation - from R6.3bn in 2011/12 to R74bn in 2012/13 The FIC recovered R1.171bn in cash from the proceeds of crime during 2012/2013: Suspected proceeds of crime frozen using S34 of the FIC Act R334.8m Assets attached under POCA due to FIC support R631.3m State funds stolen and recovered R204.8m 47% increase in request for information by law enforcement and security agencies 980 to 1445 in 2012/2013FY 89 priority cases assisted in by the anti-corruption task team Cases referred by FIC for further investigation increased by 16% from 761 to 883 Requests by international FIUs for financial intelligence increased by 31% from 131 to 172 Identification and freezing of suspected proceeds of crime increased from R17.2m to R334.8m -6-
Compliance Framework Duty Section Applicable Regulations Applicable guidance notes or PCCs Applicable exemptions Administrative sanction Criminal sanction Establishment of identity of clients and other persons 21 3 to 19 & 21 GN 1, 2, 3 PCC03, 03A, 08, 09, 10, 11, 14, 15 2 to 16 Duty to keep records 22; 23 & 24 20 & 26 PCC02 3 TO 17 R50 million for legal person R10 million for natural person R50 million for legal person R10 million for natural person R100 million or 15 years imprisonment R100 million or 15 years imprisonment Reporting duties 28; 28A & 29 22; 22A; 22B; 22C; 23; 24; 27A; 27B & 27C GN 4 & 5 PCC04 N/A R50 million for legal person R10 million for natural person R100 million or 15 years imprisonment Formulating and implementing of internal rules Training of employees regarding the FIC Act and internal rules Appointment of the compliance officer Registration with the Centre 43B 27A 42 25; 26 & 27 N/A N/A 43(a) N/A N/A N/A 43(b) N/A PCC 12 N/A GN05 PCC05, 06, 07, 13-7- N/A R50 million for legal person R10 million for natural person R50 million for legal person R10 million for natural person R50 million for legal person R10 million for natural person R50 million for legal person R10 million for natural person R10 million or 5 years imprisonment R10 million or 5 years imprisonment R10 million or 5 years imprisonment R10 million or 5 years imprisonment
Duties of AI s in terms of FIC Act Duty to establish and verify the identity of clients (section 21) An accountable institution may not establish a business relationship or conclude a single transaction unless the prescribed steps have been taken to establish and verify the identity of: The client The person representing the client The person for whom the client may be acting (beneficial owner/person who has ultimate control) -8-
Duties of AI s in terms of FIC Act CIV process differs depending on the type of client: Natural person Company Close corporation Partnership Trust Legal entity Identification and verification requirements are listed in the Regulations to the FIC Act -9-
Duties of AI s in terms of FIC Act Duty to establish and verify the identity of clients (section 21) Documents acceptable for client verification: ID or other document, supported by reason; ID number, date of birth, photo, names and surname; Paragraph 6 of Guidance Note 3A; PCC 15 Documents acceptable for address verification: Paragraph 11 of Guidance Note 3A; Documents acceptable for third party verification: Paragraph 12 of Guidance Note 3A; -10-
Duties of AI s in terms of FIC Act Duty to establish and verify the identity of clients (section 21) CIV of non face-to-face clients: Regulation 18; Paragraphs 9 and 10 of Guidance Note 3A; Obtaining information on source of funds: Not compulsory in all instances; Regulation 21; Continued monitoring of client accounts; Role of risk-based approach in obtaining source of funds. -11-
Duties of AI s in terms of FIC Act Duty to keep records (section 22, 23 and 24) Documents that must be kept What procedure does an AI follow in terms of record keeping? Who has access to these records? Is it documented? Period to keep records Third parties Are records readily available? Is there a policy in place that outlines the access control to these records? -12-
Reporting Duties of AI s in terms of FIC Act Introduced for all AI s and RIs on 01 December 2010 Threshold amount is R24 999.99 Cash threshold reporting (section 28) Different reporting options Report within 2 business days after becoming aware Aggregation 24 hours Multiple reporting cash received and paid 2011/2012 FY 5.5 million CTRs received 2012/2013 FY more than 6 million CTRs received -13-
Duties of AIs in terms of FIC Act Section 4 of POCDATARA makes it an offence to be associated or connected to the financing of specified offences Section 28A of the FIC Act Accountable institution in possession or under its control property owned or controlled by or on behalf of, or at the direction of: Any entity which has committed or facilitated the commission of a specified offence as defined in POCDATARA A specific entity identified in a notice issued by the President, under section 25 of the POCDATARA Act No list in South Africa (UN1267) -14-
Duties of AI s in terms of FIC Act Section 29 - Suspicious Transaction Reports (STR s) Defining a suspicion Who must report? This obligation applies to: a person who carries on a business a person who is in charge of a business a person who manages a business or a person who is employed by a business Tax evasion (section 29 b iv) STR s have no cash threshold Time period for reporting ASAP (not later than 15 working days) Continue transaction (section 33) Protection of person making report (section 38) -15-
Suspicious and unusual transactions Also covers tax evasion section 29 (b)(iv) Tipping off is an offense section 53 Reporter may continue with transaction (section 33) unless section 34 intervention was issued by the Centre Protection of person making the report section 38
Duties of AI s in terms of FIC Act Complete prescribed form on the Centre s website Prefer internet based reporting How to report STRs Only in exceptional cases may report be faxed or hand delivered Regulation 22 24 of the Regulations May NOT be posted -17-
STRs - Comparative Graph: 10 Year Review
Duties of AI s in terms of FIC Act Section 42 Internal rules An AI must formulate and implement internal rules to document procedures for: The establishment and verification of client identities Regulation 25 Record keeping Regulation 26 Reporting of STR s Regulation 27 Reflection of processes and working methods The board of directors and senior management of an accountable institution are responsible for compliance with the FIC Act Internal rules should be approved by the board of directors and senior management and be made available to Centre and SB on request -19-
Duties of AI s in terms of FIC Act Section 43 Appointment of compliance officer An AI has a duty to formally appoint a compliance officer The compliance officer should have general knowledge of the overall operations of the institution Interact with all of the departments and branches to keep abreast of changes that may require action to manage perceived risk The compliance officer must have access to all areas of the institution s operations to effect corrective action -20-
Duties of AI s in terms of FIC Act Section 43 Training and monitoring of compliance AI must provide training to its employees on the FIC Act and internal rules A compliance officer is responsible for ensuring that training takes place Training manual must be frequently updated Training should be ongoing - regular refresher courses Assessments of employees Employees should not deal with clients if they have not yet received training -21-
Duties of AI s in terms of FIC Act Section 43B Registration Each AI to be registered separately (including under other items where applicable) Registration online unless impossible then manually Registration deadline was 1 March 2011 Still encouraged to register Contents of online registration form Validation process No registration fees MLROs Amendments to registration information Registrations grew 56% from previous FY - 21 866-22-
Guidance issued by the FIC Guidance Note 1 Guidance Note 2 Guidance Note 3 Guidance Note 3A Guidance Note 4 Guidance Concerning Identification of Clients Guidance to Financial Services Industries regulated by the Financial Services Board Concerning the meaning of the word "Transaction" Guidance for Banks on customer identification and verification and related matters Guidance for accountable institutions on client identification and verification and related matters Guidance on Suspicious Transaction Reporting Guidance Note 5 Guidance on Cash Threshold Reporting -23-
Guidance issued by the FIC PCC 01 PCC 02 PCC 03 & PCC 03A PCC 04 PCC 05 PCC 06 PCC 07 Establishment of the Public Compliance Communication Series Period for record keeping of matters reported to the Financial Intelligence Centre Identification and verification matters relating to account opening procedures for asylum seekers and refugees in terms of the FIC Act Taxpayers offered window to disclose and regularise their tax and exchange control matters through voluntary disclosure programme Registration of accountable and reporting institutions with the Financial Intelligence Centre Clarity on item 2 of schedule 1 of the FIC Act Definition of Motor Vehicle Dealer for the Purpose of Schedule 3 to the FIC Act PCC 08 Duties of Estate Agents including provisions of exemption 11 PCC 09 PCC 10 PCC 11 PCC 12 PCC 13 Identification and Verification of Loyalty Programme Members in the Casino Industry The client of an Estate Agent The closing of a client's account by an Accountable Institution amounts to a transaction Outsourcing of compliance activities to third parties Scope of Item 12 of Schedule 1 in relation to registered auditors. -24-
Guidance issued by the FIC PCC 14 PCC 15 Client Identification and Verification requirements when a person acts on the authority of another The acceptance by AIs of smart card identification documents issued by the DHA for the purpose of establishing and verifying of the identity of a client PCC 16 The interpretation of the term readily available in the context of reporting of cash transactions in terms of Section 28 PCC 17 The interpretation of a person who carries on the business of dealing in Kruger rands as specified in Item 2 PCC 18 PCC 19 PCC 20 PCC 21 PCC 22 Compliance obligations in terms of section 43 of the FIC Act. Compliance obligations of AIs in a complex group structure. The governance issues relating to the formulation and implementation of internal rules Non face-to-face transactions such as the opening of online betting accounts and the acceptance of betting transactions against funds deposited in a betting account prior to the full CIV. The scope and application of Exemption 17 of the exemptions to the FIC Act. CIV requirements in relation to international or foreign privacy and data protection laws. PCC 23 Scope of item 11 lending money against the security of securities PCC 24 Verification of the registration details of a company or close corporation prior to doing business with them. -25-
Amendment of FIC Act Risk Based Approach Customer due diligence measures Beneficial ownership Doubts about veracity of adequacy of previously obtained customer due diligence information Failure to satisfactorily complete CDD Ongoing CDD PEPs Record keeping Expanding functions of the FIC Amendment to Schedule 1-26-
Feedback and Enquiries Enquiries by e-mail: fic_feedback@fic.gov.za CAP Call Desk: +27 860 222 200-27-
Risk Based Approach for Accountable Institutions 3 December 2013
Introduction -29-
Introduction -30-
Introduction -31-
Introduction: Risk Based Approach Central theme of FATF s approach in revised Recommendations Applies across all relevant FATF Recommendations Understanding of risks should form basis for actions against money laundering and terror financing Financial and other institutions should be required to identify risks and take effective action to mitigate -32-
What is a risk based approach? Risk based approach requires institutions to have systems and controls that are commensurate with the specific risks of money laundering and terrorist financing facing them Institutions need to identify the ML/TF risks of facing their business As money laundering risks increase, stronger controls are necessary All categories of risk (low, medium & high) must, however, be identified and mitigated by the application of controls such as: Verification of customer identity CDD policies Suspicious activity monitoring and Economic sanctions screening -33-
The theory behind a risk based approach No financial institution can reasonably be expected to detect all wrongdoing by customers, including money laundering If an institution develops systems and procedures to detect, monitor and report higher risk customers and transactions, the chances of an administrative and criminal sanction being imposed are decreased -34-
The benefits of RBA Flexible ML/TF risks vary across jurisdictions, customers, products, delivery channels and over time Effective Institutions are better equipped than legislators to effectively assess and mitigate risks they face particularly ML/TF risks Proportionate More attention to high risk customers and less attention to low risk customers. Allocate resources more effectively -35-
Guidance from the Centre The Centre has issued Guidance note 1 and 3 on a risk based approach FATF s revised recommendations directs a risk based approach by AI s Legislation is currently being amended to make provision for a RBA Accountable institutions need to start working towards implementing a RBA -36-
Guidance Note 1 AI s should accurately assess the risk involved How a reasonable manager in a similar institution would rate the risk with regard to the client, product and transaction The likelihood of ML/TF in the client profile, product type or transaction RBA determines the appropriate methods and levels of verification An AI should have grounds to justify its decision The ML/TF risk should be based on all factors which may be relevant to the combination of a particular client profile, product type and transaction An institution s risk framework needs to be regularly updated and supported with documentation -37-
Application of a RBA RBA is applicable to CDD Obtain more information on higher risk clients High risk clients will be monitored more frequently AI s will have more information to determine STR s Obtain less information on low risk clients RBA will have little impact on reporting CTR is rule based and should not be affected TPR is rule based and no or very little discretion is allowed STR is also rule based with elements of a risk based -38-
Factors to determine risk Risks in your organisation depend on many factors i.e.: geographical regions involved customer types and the products and services offered Risk is dynamic and needs to be continuously managed A risk based approach must be documented -39-
Risk categories Prohibited AI will not deal with the customer (Countries subject to economic sanction, shell banks) High risk The risks are significant, but are not necessarily prohibited. To mitigate the heightened risk the AI should apply more stringent controls to reduce the risk (countries noted for corruption or drug trafficking, PEP s, correspondent banking, private banking) Medium risk Are more than standard or low risk and merit additional scrutiny, but do not rise to the level of high risk Standard or low risk Normal business rules apply -40-
Risk assessment -41-
Risk scoring model A risk scoring model generally uses numeric values to determine the category of risk (geography, customer type, products and services) as well as the overall customer risk Geography 1-3: Standard 4-8: Medium 9-10: High Customer Type 1-3: Standard 4-8: Medium 9-10: High Products/ Services 1-3: Standard 4-8: Medium 9-10: High -42-
Risk scoring model The three categories are combined to give a composite score Each factor may be weighted differently It is when the categories are combined that the customer s risk picture becomes clearer A high risk assessment number does not mean that a prospective customer should automatically be denied an account It is useful in determining which individuals or groups might require greater scrutiny -43-
Risk scoring model 1. Geographical location: In what countries or jurisdictions does your individual customer reside? What are the customers countries of citizenship? Where are your corporate customer s headquarters? There is no definitive or independent system for assessing the ML/TF risks of various territories and countries The terrorism and sanctions lists of governments and international organisations might be useful Is the country a member of the FATF or of a FATF style regional body Overall reputation of the country -44-
Risk scoring model 2. Customer type: Individuals, listed companies, private companies, joint ventures, partnership, trusts etc International PEP s are high risk Political figures or those in political organisations should score higher than officials of multinational corporations The more publicly available information on the customer the lower the risk Risks are generally higher if a money launderer can hide behind corporate veils such as trusts, charities, private companies -45-
Risk scoring model 3. Products or services: Products and services the institution offers that may be vulnerable to ML/TF (internet accounts, private banking, money remittals, stock brokering, annuities, insurance products, offshore services, correspondent banking) Likelihood that the product requested might be used for ML/TF Product scoring is not universal because different institutions face varying degrees of risk Does a product or service: Enable significant volumes of transactions to occur rapidly? Allow transactions with minimal oversight by the institution? Afford significant levels of anonymity to the users? Have an especially high transaction or investment value? Allow payments to third parties? -46-
Where to find risk guidelines. Supervisory Body National Standards ISO 3100 FIC National Associations FATF RBA International Associations -47-
High risk clients Regulation 21 of the FIC Act compels AIs to obtain the following information from high risk clients: The source of that client s income The source of the funds which that client expects to use Senior management approval for accepting the client Closer or more frequent monitoring Any additional information -48-
Money laundering in Insurance The most significant ML/TF risks in the insurance industry are found in long-term investment-type and annuity products Short term insurance is not regarded as high risk for ML/TF Vulnerabilities in the insurance/investment sector internationally include: Decentralised oversight over aspects of the sales force (independent brokers may fall between the cracks of multiple insurance companies or may work to find the company with the weakest AML oversight if they are complicit with the money launderer) Sales driven objectives (brokers focus on selling products and often overlook signs of money laundering) -49-
Money laundering in Insurance Examples of money laundering: Customers can overfund policies, borrow against policies and make early withdrawals. When such fund are reimbursed by the insurance company, the launderer has successfully obscured the link between the crime and the funds The purchase and redemption of single premium insurance investments are key money laundering vehicles Use of the cooling- off period Early redemption (the client is more interested in the cancellation terms of a policy than the benefits of the policy) Real Life Example -50-
Money laundering in Insurance When a company assesses ML/TF risks it must consider whether it permits customers to: Use cash or cash equivalents to purchase insurance/investments products Purchase an insurance/investment product with a single premium or lump-sum payment Borrow money against an insurance product s value -51-
Supervision of RBA Supervisors need to ensure that AI s are effectively implementing RBA ML/TF risk profiles and risk assessments prepared by AI s will be reviewed The Centre and Supervisory Bodies are working on a risk based approach to supervision -52-
Approval of RBA The Centre will adopt the same view with RBA as it did with internal rules: The Centre will not approve individual RBA of AI s The Centre will, however, assess RBA s during inspections and will make certain recommendations on the RBA The Centre may issue guidance on the compilation of RBA -53-
Evaluating a risk assessment Not expected to conduct an independent risk assessment, but should not necessarily accept a risk assessment as correct Test the rigour of the processes and procedures used and internal consistency of the assessment Focus on high-level issues, not fine details and should take a commonsense approach to whether the results are reasonable. Consider other credible or reliable sources of information to identify whether there might be any material differences that should be explored further -54-
Administrative Enforcement The decision to sanction or not will depend on the following factors: the willingness of the AI to comply the nature, duration, seriousness and extent of the non-compliance (systemic non-compliance) whether the AI has previously failed to comply with the FIC Act any remedial steps taken by the institution or person to prevent a recurrence of the non-compliance any other mitigating or aggravating factors -55-
Criminal Enforcement Following a RBA will not per se be a defense in a criminal court when charged with non-compliance with the FIC Act. It is submitted that the same test will apply on CDD as with the duty to file a STR: grounds upon which another person with the expertise and the background of the AI, would have conducted the necessary CDD -56-