Fica verification: can accountable institutions ask for too much information?

Posted on

The recent Supreme Court of Appeal (SCA) case of Nedbank Limited v Houtbosplaas (Pty) Ltd and Another raises interesting considerations for accountable institutions aiming to comply with their obligations under the Financial Intelligence Centre Act (Fica).

We discuss the case in detail below, asking:

  • Is there a danger in an accountable institution asking for more than they strictly require in terms of Fica?
  • Do customers have an obligation to provide verification documentation to accountable institutions upon request?
  • As an accountable institution has an ongoing due diligence obligation to verify the identity of a customer with whom it has established a relationship, may an accountable institution refuse to act on an instruction (implementing a transaction) if due diligence requests have not been met by a customer?

Fica is aimed at the identification of the proceeds of unlawful activities, combating money laundering and combating the financing of terrorist and related activities. To give effect to these objectives, Fica creates a legal framework for the effective identification and verification of clients. Regulations issued under Fica set out a number of procedural elements that financial institutions ought to give effect to, in order to implement Fica.

Background

The Pretoria High Court in Houtbosplaas (Pty) Limited and another v Nedbank held that customers of banks are under no statutory obligation under Fica to provide documents to a bank for verification purposes, upon request from a bank.

Nedbank applied for leave to appeal to the Pretoria High Court, but this was dismissed. Nedbank subsequently applied for leave to appeal to the SCA, which was granted.

The dispute at the heart of this case arose as a result of Nedbank refusing to close the bank accounts of Houtbosplaas and TBS Alpha pursuant to their written instructions.

The relevant facts in this matter were:

  • Houtbosplaas and TBS Alpha had a longstanding relationship with Nedbank. Four trusts each held one preference share and ordinary shares in the companies.
  • In 2016, Nedbank requested certain information from the companies pursuant to the provisions of Fica. Some of the information was provided but the companies contended that the request constituted an unjustifiable intrusion into the trusts’ right to privacy.
  • A dispute arose between Nedbank and the companies’ representative in respect of the request for information, which ultimately led to the companies giving written notice to Nedbank in January 2017 to close their accounts and transfer the credit balances of those accounts to Absa Bank Limited.
  • Nedbank refused to close the accounts on the basis that the companies failed to comply with Nedbank’s request and consequently, the accounts were restricted based on Fica.
  • In July 2017, the accounts were closed after Nedbank received the outstanding information it requested from Houtbosplaas and TBS Alpha.

The companies viewed Nedbank’s conduct as unjustifiable and unlawful and instituted proceedings to claim damages in the amount of R181 103.31, together with interest and costs.

Application to established relationships only

In determining the question of whether Nedbank was entitled to the requested documents, specifically the trust deeds, the SCA had regard to various provisions in Fica.

Section 21(2) of Fica, prior to its amendment, read as follows:

“If an accountable institution had established a business relationship with a client before this Act took effect, the accountable institution may not conclude a transaction in the course of that business relationship, unless the accountable institution has taken the prescribed steps–

(b) to establish and verify the identity of the client”

The SCA held that section 21(2) of Fica applied to existing clients of an accountable institution who had already established a business relationship before Fica took effect.

At the inception of Fica, Nedbank was required to comply with the prescripts, and once this had occurred, it was not necessary for Nedbank to verify the companies in respect of each and every transaction concluded during the relationship, provided there is an ongoing obligation to ensure that the verification information is up to date.

Similarly, the SCA found that regulation 7, which at the relevant time required financial institutions to obtain various particulars of trusts holding 25% or more of the voting rights at a general meeting of a company, only applies when an accountable institution is establishing a business relationship or concluding a single transaction.

The SCA held that the preference shareholders had untrammelled voting rights and consequently would have every right to vote at general meetings of the companies. Consequently, each trust that held shares in the companies held less than 25% of the voting rights.

Nedbank should have closed the accounts

The SCA dismissed Nedbank’s appeal and held there was no basis for Nedbank concluding that it was justified in refusing to give effect to the companies’ instructions to close the bank accounts, given that, in accordance with the law at the time, Nedbank was not required to verify the identity of the trusts, because they did not hold more than 25% of the voting rights.

The SCA concluded that the refusal by Nedbank to give effect to the instructions to close the bank accounts shortly after receiving the instruction from the companies constituted Nedbank breaching its obligations to act in accordance with instructions from its customer.

Consequently, the SCA held that the Pretoria High Court was correct in also awarding mora interest in favour of the companies from 20 January 2017 (the date of demand) to 10 July 2017 (the date on which Nedbank closed the accounts of the companies and transferred the funds in the accounts to Absa).

Customers cannot refuse to provide documents

The Pretoria High Court’s statement that customers of a bank are not obliged under Fica to provide the bank, upon request, with documents to verify their identity is surprising, but it must be considered in light of regulation 7.

Regulation 7 (prior to it being repealed) referred to a 25% threshold for triggering identification and verification. On application of this rule, Nedbank was not obliged to request documents from the trusts, and the trusts were within their rights to refuse providing the information.

However, in our view, this should not be read as suggesting that in terms of current legislation an accountable institution would be precluded from, in terms of their risk management and compliance programme (RMCP), noting a customer as high-risk or non-compliant if that customer refused to provide information which had been requested by the bank in accordance with its RMCP, whether that information was requested in establishing a relationship or pursuant to that accountable institution’s ongoing due diligence obligations.

We do not believe that a customer would be entitled to raise as a defence that the information could be obtained from a third party. An accountable institution would be permitted to initiate its high-risk policy if a customer refused to provide the requested information.

Limits on the information an accountable institution can request

This judgment does, however, highlight the importance of an accountable institution only requesting information that it is entitled to under Fica and its RMCP.

Bearing in mind the principle of minimality, as set out in section 10 of the Protection of Personal Information Act (Popia), an accountable institution may only request (and subsequently process) information if it is adequate, relevant and not excessive.

Asking for too much information, or information not required in terms of Fica or the RMCP, creates a risk, because failure to provide information not strictly required does not found a basis for refusing to act on the instruction of a customer.

Failure to act in accordance with the terms and conditions applicable to a particular customer, such as refusing to implement an instruction when not strictly entitled to do so, could expose a financial institution to a claim for interest, or possibly an offence under the Financial Institutions (Protection of Funds Act).

Bearing the provisions of Popia in mind, a bank may also expose itself to proceedings that arise as a result of a breach of Popia.

Financial sector laws are rapidly evolving as regulators seek to ensure fair outcomes for customers while ensuring financial stability and the integrity of the South African financial markets. It can be difficult for financial institutions to ensure that their operations remain compliant. Case law such as this demonstrates this difficulty, and also serves as a caution to financial institutions to continuously review and reconsider their procedures and policies with their advisers in light of developments.

This article was written by Aslam Moosajee, an executive, and Shenaaz Munga, a senior associate, in ENSafrica’s Dispute Resolution department, and by Jessica Blumenthal and Era Gunning, who are executives in ENSafrica’s Banking and Finance department.

This article was first published by ENSafrica.

Disclaimer: The views expressed in this article are those of the writers and are not necessarily shared by Moonstone Information Refinery or its sister companies.