The Financial Intelligence Centre (FIC) has released Guidance Note 7A (GN 7A) to help accountable Institutions comply with the risk management and compliance programme (RMCP) requirements.
According to Sholane Sathu, Managing Director of Navigate Compliance, the new GuidanceNote 7A aims to provide clearer directives and practical approaches for accountable institutions to comply with the risk management and compliance programme (RMCP)requirements.
This guidance aims to enhance the effectiveness of anti-money laundering(AML) and counter-financing of terrorism (CFT) controls, ensuring that institutions adopt a more rigorous risk management framework.
Sathu recommends that Accountable Institutions take the following steps to comply with the new Guidance Note:
1. Review and Update RMCP:
Ensure that the Risk Management and Compliance Program (RMCP) is updated to align with the new guidance. This includes documenting systems and controls for managing money laundering (ML) and terrorist financing (TF) risks.
The RMCP must be customised for each business context taking into consideration the nature, size, industry and jurisdictions in which the businessoperates. The RMCP should be practical and explain “how” the business will comply with the FIC Act and supporting legislation.
Sathu cautions institutions from purchasing off-the-shelf RMCP templates as these will not meet the Regulator's expectations.
2. Board and Senior Management Approval:
The RMCP must be approved by the board of directors or senior management, and this responsibility cannot be delegated to any other person or committee. The Board must be enabled to approve the RMCP and understand its content and overall risk appetite and exposure.
3. Align with Treating Customer Fairly Principles:
Ensure that the application of guidance on ML/TF risk issues aligns with Treating Customer Fairly principles. Avoid wholesale de-risking and freezing of non-compliant accounts without offering the client an opportunity to submit documentation, where needed.
4. Effective AML/CFT Controls:
Apply effective anti-money laundering (AML) and counter-financing of terrorism (CFT) controls, even when using a risk-based approach. Low risk does not mean that no controls are needed.
5. Document Compliance with Section 20A:
Record how the institution complies with section 20A of the FIC Act for business relationships and single/once-off transactions below and over the R5000 threshold.
6. Use Public Sector Information:
Recommended to use information from public sector sources, such as the Companies and Intellectual Property Commission, to corroborate company attributes.
7. Define Beneficial Owners:
Identify and document beneficial owners while evidencing the 3-tier approach.
8. Comply with the POPI Act:
Ensure that the processing of personal information for FICAct compliance is within the confines of the Protection of Personal Information Act(POPI Act).
9. Assess High-Risk Relationships:
Consider business relationships with foreign-prominent public officials as high-risk and apply appropriate due diligence.
10. Document Decisions:
Clearly document final decisions on business relationships with prominent persons, including approvals or refusals by senior management.
*Navigate Compliance is an award-winning firm specializing in digital compliance, project management, learning, resourcing, and outsourced compliance.
Since 2016, they have been assisting organizations globally in implementing new regulations, deploying compliance software and project management compliance services.
Recognized as one of the leading turn-key compliance practices in Southern Africa. Learn more at www.navigatecompliance.ioand www.navigatelearning.io