Recent fines with a combined value of R2.2 million on two licensed financial services providers underscore the Financial Sector Conduct Authority’s zero-tolerance stance towards non-compliance with the Financial Intelligence Centre Act (FICA).
In a statement last week, the FSCA announced administrative sanctions against Sunlight Financial Services (Pty) Ltd and Tana Africa Capital Managers (Pty) Ltd for failing to meet key requirements of FICA. These penalties stem from inspections conducted as part of the FSCA’s ongoing supervisory duties. In February 2023, a virtual inspection of Tana revealed non-compliance, while Sunlight’s violations were identified in a report finalised in June 2023.
Administrative sanction notices were issued to Tana on 27 March and Sunlight on 3 July. Tana was fined R2.9m, with R1m conditionally suspended for three years, while Sunlight received a fine of R600 000, with R300 000 conditionally suspended.
Both institutions appealed the FSCA’s decisions to the FICA Appeal Board. Sunlight settled by agreeing to pay the penalty in monthly instalments, while Tana contested the severity of the fine.
On 6 November, the Appeal Board upheld the FSCA’s full penalty against Tana.
Read: Shareholder ties don’t lessen FICA compliance obligations
Risk Management and Compliance Programmes
The FSCA’s role in enforcing compliance with FICA – designed to combat money laundering, terrorism financing, and other financial crimes – was underscored by the findings of these inspections. Both institutions were found in breach of several critical provisions of the Act:
- RMCPs (sections 42(1) and (2), read with section 21(1)): Both institutions failed to develop, document, and implement adequate RMCPs to address money laundering and terrorism financing risks. Their programmes were found to be insufficient and poorly executed.
- Scrutiny of sanctions lists (section 28A, read with sections 26A to 26C): Both institutions neglected to verify client information against the United Nations Security Council Targeted Financial Sanctions Lists, as required by the Protection of Constitutional Democracy Against Terrorist and Related Activities Act.
- Staff training (section 43): Sunlight also failed to provide its employees with ongoing training, a fundamental requirement for ensuring compliance with FICA.
The FSCA stated that these compliance failures are serious breaches of the Act. The Authority noted that implementing robust RMCPs is essential not only to protect the institutions themselves but also to safeguard the integrity of South Africa’s financial system.
“An effective RMCP assists accountable institutions to protect and maintain the integrity of their own businesses while contributing to the broader integrity of South Africa’s financial system,” the Authority asserts.
The FSCA also emphasised the importance of thorough client due diligence: “Proper due diligence of all clients is crucial to help identify and mitigate against suspicious and criminal elements from infiltrating the financial system.”
Key points from the Appeal Board’s ruling
The FSCA urges FSPs to take note of several important points underscored by the Appeal Board in relation to their compliance obligations under FICA:
- The Act’s objectives extend beyond South Africa, making it essential for accountable institutions to mitigate the risk of exposure to unlawful financial activities in foreign jurisdictions.
- Administrative sanctions serve both a punitive and deterrent function, even in cases where compliance risks are perceived as minimal.
- Customer due diligence applies to all clients, regardless of the institution’s familiarity with them. A single client does not absolve an institution from the requirement to conduct thorough due diligence.
- Corrective actions taken after an inspection do not reduce the need for sanctions. Past remediation efforts do not negate compliance failures or diminish the necessity of imposing administrative sanctions.
- Screening clients against sanctions lists is mandatory to prevent the financial system from being infiltrated by illicit actors.
The FSCA noted that the penalties imposed on Sunlight and Tana should serve as a reminder to all accountable institutions: “All accountable institutions are reminded to continually review and enhance their anti-money laundering and terrorist financing controls and to conduct thorough risk assessments on a regular basis. Failure to do so will result in firm regulatory action,” the Authority warned.
Reliance on third-party providers for compliance advisory services
One significant point raised during Tana’s appeal was the argument that its non-compliance was not wilful but the result of incorrect advice from an external compliance service provider. The FSCA noted that this defence has been raised by other institutions during supervisory engagements and inspections.
However, the Appeal Board was firm in its position: reliance on third-party compliance providers does not absolve an institution of its responsibility to meet regulatory obligations. As the FSCA states, “Accountable institutions that outsource their compliance support and advisory functions are reminded to exercise heightened caution when placing exclusive reliance on third parties for the discharge of their compliance responsibilities.”
The FSCA also urged third-party compliance providers to ensure they have a thorough understanding of the specific risks and circumstances relevant to the institutions they serve, beyond just general knowledge of FICA.
