Moonstone has drawn accountable institutions’ attention to the directive issued by the Financial Intelligence Centre (FIC) that requires these individuals and entities to screen current and prospective employees for competence and integrity and ensure employees are not being sanctioned by the United Nations.
The FIC also issued Public Compliance Communication 55 (PCC 55) to provide guidance to accountable institutions on how to apply Directive 8.
In their commentary on important aspects of the directive and PCC 55, law firms have noted that screening must comply with labour legislation and the Protection of Personal Information Act (Popia).
Accountable institutions must screen prospective and current employees so they can identify, assess, monitor, mitigate, and manage the risks associated with illegal activities related to money laundering (ML), terrorist financing (TF), and proliferation financing (PF), the PCC says.
Accountable institutions are required to have measures in place to manage the ML/TF/PF risks associated with their clients and external parties. It is equally important that they understand how these ML/TF/PF risks can arise internally through their relationship with their employees.
Application
Directive 8 applies to all natural and juristic persons that are accountable institutions as defined in Schedule 1 of the Financial Intelligence Centre (Fica). Click here to check whether the directive applies to you.
Commencement
Directive 8 took effect from 31 March. ENSafrica advises accountable institutions, without delay, to review and update their current employee screening policies and procedures, to ensure they align with the requirements of the directive and PCC 55.
PCC 55 says accountable institutions should screen employees in higher-risk positions “as soon as possible” and then focus on employees in lower-risk roles.
Status of PCC 55
PCC 55 is authoritative, and accountable institutions are required to comply with the guidelines unless they can demonstrate they have complied with the relevant obligation under Fica in an equivalent manner, says Cliffe Dekker Hofmeyr (CDH).
The document furnishes the minimum standards of compliance, and if accountable institutions have enhanced standards of screening, it is recommended that they retain these enhanced standards, CDH says.
Risk-based approach
A risk-based approach to screening entails an assessment of employee roles in relation to the risks that present in respect of those roles, CDH says. The frequency and the extent of the screening will depend on the level of risk associated with the employee’s position or role within the entity.
According to PCC 55, the following roles may present a heightened ML/TF/PF risk:
- Senior management, including employees who are members of committees that approve the establishment of business relationships or single transactions with high-risk clients, such as domestic politically exposed persons or foreign politically exposed persons.
- Any employee who can take decisions that change the anti-money laundering, counter terrorist financing and counter proliferation regime of the entity.
Based on the outcome of the screening of prospective and current employees, an accountable institution must take a risk-based decision to ensure the ML/TF/PF risk is mitigated and managed.
Frequency of screening
The use of the word “periodically” in Directive 8 means the screening of employees must be ongoing, with the frequency determined by the ML/TF/PF risk posed by the employee’s role.
The FIC recommends that employees in positions that pose a higher ML/TF/PF risk should be screened at least once a year.
Prospective employees must be screened before they are appointed.
‘Competence’ and ‘integrity’
Directive 8 requires accountable institutions to screen prospective employees and current employees for competence and integrity. What does this mean?
Competence
Screening for competence entails determining whether an employee has the necessary skills, knowledge, and expertise to perform their functions effectively. It includes scrutinising, among other information, the employee’s previous employment history, employment references, qualifications, and relevant accreditations.
Integrity
Screening for integrity involves scrutinising the morality and integrity of the employee, which may include considering a previous criminal record, particularly relating to crimes of a financial nature, money laundering or other financial crimes.
Such screening should be more stringent in respect of employees in roles that pose a greater risk of ML/TF/PF. An enhanced screening includes determining whether an employee:
- Conducted themselves in accordance with the generally accepted conduct requirements as applied by the accountable institution.
- Held a senior decision-making role in relation to anti-money laundering, terrorist financing or proliferation financing at an accountable institution that was found to have contravened Fica, the Prevention and Combating of Corrupt Activity Act, the Prevention of Organised Crime Act, or the Protection of Constitutional Democracy against Terrorist and Related Activity Act.
- Is a close associate or immediate family member of a high-risk client (for example, high-risk domestic politically exposed persons or foreign politically exposed persons).
- Is a national of a territory that is identified as high risk for TF/PF.
Is the employee subject to UN sanctions?
Fica requires accountable institutions to freeze property and transactions pursuant to sanctions imposed by resolutions adopted by the UN Security Council. The FIC releases notices listing the people and entities that have been sanctioned by the UN. These notices are called the Targeted Financial Sanctions (TFS) lists.
As part of their screening, accountable institutions must check whether prospective and current employees appear on the TFS lists. This applies to all employees, irrespective of the level of ML/TF/PF risk the employee’s role presents.
Screening must comply with labour laws
Directive 8 and PCC 55 must be applied in compliance with the applicable labour laws, including the Labour Relations Act and the Basic Conditions of Employment Act.
Webber Wentzel says complying with the laws governing the employment relationship would include ensuring that:
- Screening does not fall foul of anti-discrimination requirements in terms of the Employment Equity Act; and
- Following a fair procedure when dealing with any adverse findings.
Compliance with Popia
Neither the directive nor the guiding document explicitly mentions the implications of screening on employees’ right to privacy. However, several law firms say accountable institutions must ensure they comply with their obligations in terms of Popia when collecting and processing protected personal information.
Webber Wentzel points out that Popia classifies details of criminal behaviour, among other information, as special personal information. Employers are prohibited from processing this information unless employee consent has been obtained or if legal necessity requires it.
CDH says accountable institutions should be aware that Popia gives current and prospective employees various rights with respect to the processing of their personal information. These include the right to be notified that their personal information is being collected, and to ask for information about the identity of any third parties that have accessed or can access their personal information.
Furthermore, accountable institutions must ensure that the data collected from their current or prospective employees is for an explicitly defined and specific reason that is lawful and legitimate. Accountable institutions must therefore ensure they do not overreach when collecting and processing personal information and data, CDH says.
They must also implement mechanisms to protect the personal information from unauthorised access.
Record-keeping
Accountable institutions must document how the screening was conducted and preserve records of the findings, which should be accessible to the FIC upon demand.
Penalties for non-compliance
An accountable institution that fails to comply with Directive 8 may face a fine of up to R10 million if it is a natural person, or R50m if it is a juristic person.
Feeling overwhelmed by Fica?
If thinking about what your business must do to comply with the FIC’s directive leaves you feeling overwhelmed, then help is at hand.
Moonstone Compliance offers compliance, consulting, and training options for accountable institutions of all types and sizes to help them implement anti-money laundering procedures and meet the requirements of Fica. Our expertise extends to privacy governance and employment law, so we can provide expert guidance on how considerations relating to both must be integrated into complying with the directive.
We provide a wide range of services, from providing documentation to implementing a full compliance framework. You can select a combination of services and have them customised according to your needs.
Click here to read more about Moonstone Compliance’s suite of Fica services or send us an online enquiry.