The Minister of Finance, Enoch Godongwana, has published the draft amendments to the Money Laundering and Terrorist Financing Control Regulations that set out the requirements for the sharing of information between accountable institutions.
Section 41A(3) of the Financial Intelligence Centre Act (FICA) was amended by the General Laws (Anti-Money Laundering and Combating Terrorism Financing) Amendment Act. This provision empowers the Minister of Finance to make regulations that will facilitate the sharing of information between accountable institutions when information-sharing is necessary for the purposes of carrying out the provisions of section 29 – the filing of Suspicious Transaction Reports.
The Notice (No. 3922) inviting comments on the draft amendments was published in the Government Gazette on 29 September.
The draft amendments insert a Regulation 27E and amend Regulation 29 to the effect that any person or institution that fails to act in accordance with Regulation 27E is non-compliant and subject to an administrative sanction.
The five-page Explanatory Memorandum to the draft amendments begins by setting out why accountable institutions should share information.
The work of the Financial Intelligence Centre (FIC) in reconstructing financial flows depends mainly on the information contained in the reports filed by accountable institutions in terms of FICA.
The information that a single accountable institution can report to the FIC in respect of a transaction is only one piece of a puzzle. This puzzle may turn out to be a large and complex web of transactions, involving any number of counterpart institutions.
Those involved in money laundering and other financial crimes usually do not target one business. Frequently, they open and maintain many accounts at different institutions. Without information-sharing, it is difficult for accountable institutions to recognise whether transactions are part of an economic crime because institutions cannot connect their customers’ transactions within the overall pattern of transactions at other institutions.
The FIC believes that further enhancements to information-sharing can help accountable institutions to understand the full picture relating to scenarios that may lead to reporting suspicious or unusual transactions or activities to the Centre. These enhancements relate to bringing together information from different sources in responsible ways through information-sharing arrangements between accountable institutions.
Key aspects of the draft amendments
The Explanatory Memorandum goes on to state that sharing customers’ identity and transaction information raises policy and operational considerations and triggers privacy concerns. The draft amendments propose to address these considerations and concerns.
In this regard, the key points made by the Explanatory Memorandum are:
Information-sharing must be in accordance with FICA and POPIA
The prohibitions on the unauthorised disclosure of a suspicious or unusual transaction report, as contained in section 29(3) and (4) of FICA, apply to information-sharing.
The principles relating to the protection of personal information, as set out in the Protection of Personal Information Act (POPIA), must be adhered to when customers’ personal information is shared in terms of the Regulations.
Accountable institutions must protect shared personal information
Accountable institutions that share customer information must ensure that unauthorised persons cannot access the data. They should design a platform where they can engage and exchange information.
Accountable institutions should seriously consider using technologies such as the encryption of communication and the pseudonymisation of data when they develop the infrastructure that they will use to pool and share customer information.
Information may be shared only in accordance with a written agreement
Accountable institutions that enter information-sharing arrangements should agree on the scope of the customer information that will be shared between them. This is particularly relevant when the information is shared when an accountable institution is in the process of forming a suspicion.
All the participants in an information-sharing arrangement must understand and share the same expectations as to the limitations on the extent to which customer information is to be shared, to aid them in understanding suspicious transactions that take place across different institutions.
Participants in an information-sharing arrangement should be able to provide each other with reasonable assurances of the reliability of the customer information that they will share.
An accountable institution must notify the FIC when it shares information
FICA does not require that accountable institutions obtain the FIC’s permission to share customer information with each other. However, given the sensitivity of the information that is likely to be shared between accountable institutions when one or more of them is contemplating the reporting of a suspicion to the FIC, and the impact that sharing such information may have on the FIC’s operations, it is important that the FIC is made aware of any initiative between accountable institutions to share information in this context.
The draft amendments provide that an accountable institution that shares personal information for the purposes of reporting under section 29 must notify the FIC as soon as possible of that sharing of information.
Once the FIC is made aware that an accountable institution is sharing personal information with another institution for the purposes of reporting under section 29, it will work with the relevant institutions to facilitate the making of a report.
However, the decisions as to the making of the report and co-ordination between the relevant institutions in this regard remain the responsibility of the institutions that are involved in the information-sharing arrangement.
Proper co-ordination will avoid the situation of one institution presuming that the responsibility to report is that of the other institution and failing to make a report to the FIC.
Accountable institutions must keep a record of the information that they share.
De-risking and defensive reporting
The sharing of information is likely to bring information about an institution’s client to the attention of that institution, which may require the institution to re-assess the money laundering and terrorist financing risks relating to that client.
In doing so, an accountable institution should apply its normal risk-assessment processes and consider the additional information about its client in the context of all the information at its disposal that may be relevant to its classification of the money laundering, terrorist financing and proliferation financing risks pertaining to its relationship with that client.
Overreliance on information about potentially suspicious behaviour of a client that is shared by another institution could potentially lead to an accountable institution basing a decision to limit or deny a client’s access to the institution’s products and services solely on third-party information, which may be inaccurate.
The FIC believes that accountable institutions should avoid situations where the sharing of information in the context of reporting under section 29 leads to the termination of business relationships with clients or the limitation or denial of services to clients.
Apart from the policy considerations relating to inappropriate de-risking, a decision by an accountable institution to deny or limit the services provided to a client may have negative operational consequences if they interfere with the FIC’s ability to monitor a person’s financial activity through continued reporting under FICA.
The mere existence of a suspicion in one institution does not, in and of itself, necessitate the systematic reporting of the same suspicion by another institution that receives such information.
However, the shared information may be an important element of an institution’s own analysis, which may result in increased instances of identified suspicions. This may provide opportunities for accountable institutions to co-ordinate the filing of suspicious or unusual transaction reports. However, these arrangements need to be clearly understood and agreed between institutions that participate in an information-sharing arrangement.
Comments on draft amendments must be submitted to commentdraftlegislation@nationaltreasury.org.za by 29 October.