Business sector needs to get its compliance ducks in a row

South Africa is in a race against time to fix its anti-money laundering and counter-terrorist financing regulations so that the period spent on the Financial Action Task Force’s dreaded “greylist” is as limited as possible.

The Financial Intelligence Centre (FIC) – who is responsible for ensuring the integrity of the financial systems in SA – has taken a significant step towards addressing and combatting identified deficiencies through the implementation of Directive 8. This directive relates to the screening of employees for their competence and integrity and scrutinising employees against applicable sanctions lists. It serves as a measure to control money laundering, terrorist financing and proliferation financing.

“This is an important new compliance development aimed at addressing and mitigating potential risks and shortcomings within accountable institutions,” explains Marelize Uys from background screening and vetting company Managed Integrity Evaluation (MIE).

The directive’s primary objective is to safeguard against the exploitation of vulnerable institutions by individuals like prospective employees, current employees, or those exerting influence over employees.

An accountable institution refers to a broad range of entities or individuals engaged in specific businesses or professions that are susceptible to money laundering and terrorist financing activities.

“These institutions are required to implement anti-money laundering (AML) and counter-terrorist financing (CTF) measures to prevent, detect, and report any suspicious activities. There are serious consequences for non-compliance, including fines, penalties, and sanctions imposed by regulatory authorities and in some cases, criminal charges may be filed,” says Uys.

Other financial consequences for failure to comply would range from loss of access to correspondent banking relationships to increased compliance costs, and restrictions on conducting certain types of transactions.

“Furthermore, non-compliant entities may face enhanced regulatory scrutiny, including increased supervision, monitoring, and reporting requirements. Then there is the reputational damage to consider, which could be significant,” she adds.

It is therefore imperative that accountable institutions act without delay to get their compliance ducks in a row.

Uys explains that once a business falls within the definition of “accountable institution”, they need to understand how the risk-based approach to testing works – and implement it properly to avoid problems down the line.

The first place to start on achieving this heightened level of compliance is to determine if you fall within the bracket of “accountable institution”. At the moment the Directive mentions banks, long-term insurers, short-term insurers, pension funds, collective investment schemes, attorneys, and other entities engaged in financial activities. But other designated institutions are still likely to be added.

If you do fall within this bracket, you will need to implement far more detailed Know Your Employee (KYE) processes than before. Directive 8, for instance, requires accountable institutions to screen prospective employees and current employees for competence and integrity periodically, in a risk-based manner. Third party experts like MIE have the track record here, for instance checking sanctions lists, or international crime databases, as part of this broader KYE process.

“The FIC Directive 8 emphasizes the adoption of a risk-based approach by accountable institutions. This means that institutions should assess the risks they face regarding money laundering and terrorist financing and tailor their AML/CTF measures accordingly. This is aligned to the KYE process,” explains Uys.

An individual employee can potentially compromise the integrity of an entire organisation in terms of Anti-Money Laundering (AML) efforts in several ways. These can include insider threats, negligence or lack of awareness, collaboration with external parties, weak internal controls and, failure to report suspicious activities.

“To prevent such employees from compromising the integrity of the organisation’s AML efforts, it is crucial for companies to establish a strong compliance culture that promotes ethical behaviour, provides regular training and awareness programs, implements robust internal controls, encourages employees to report suspicious activities without fear of retaliation, and enforces strict disciplinary measures for non-compliance with AML policies and regulations,” explains Uys.

She therefore recommends that accountable institutions establish a “systematic and documented approach” to testing, with clear procedures and schedules in place.

“Regular risk assessments, monitoring of internal controls, and independent reviews should be conducted to identify any weaknesses or deficiencies in the AML/CTF framework and take appropriate corrective actions. Ultimately, the frequency of testing should be tailored to the specific circumstances and risks faced by each accountable institution,” she says.

“Essentially, it is vital that regular testing and continuous monitoring is in place to ensure ongoing compliance with the requirements of Directive 8. These are all important developments in the evolution of South Africa’s financial regulatory standards. It is important businesses do their part to ensure our time on the FATF greylist is as short as possible. A good place to start will be getting all their Directive 8 compliance ducks in a row.”