The Financial Intelligence Centre (FIC) has published a document setting out what crypto asset service providers (Casps) must do to comply with the Financial Intelligence Centre Act (Fica).
Entities that meet the definition of a Casp in Schedule 1 of Fica became accountable institutions on 19 December 2022, when the latest amendments to the schedule took effect.
Persons that are established, registered, incorporated, or licensed in South Africa to provide activities or operations referred to in Item 22 of Schedule 1 are required to register as Casps with the FIC.
Public Compliance Communication 57 was published on 3 July. The front page of the document is incorrectly labelled as “draft”. The draft document (PCC 120) was published on 15 December last year, and the deadline for comments closed on 20 January 2023.
FIC’s guidance communications are authoritative and must be considered when interpreting the provisions of Fica or assessing compliance with the Act. Non-compliance with the guidance provided by the FIC may result in enforcement action.
What follows is an overview of the main issues addressed in PCC 57.
Who is a Casp for the purposes of Fica
The PCC discusses the terminology used in the definition in Item 22 to clarify which Casps are accountable institutions.
A person who conducts a crypto asset activity in a personal capacity, as opposed to doing so on a commercial basis as a regular feature of their business, is excluded from the definition of a Casp.
Whether a person is categorised as a Casp depends on the activity or operations the person provides and not the use of a particular technology.
“Crypto assets” include stablecoins, privacy coins, utility tokens, and non-fungible tokens.
There may be scenarios where other parties play a role in a crypto asset activity or operation, or the activity or operation might be automatically executed through a computer program. The person providing the service, not the technology provider, would be considered a Casp.
Compliance obligations
The FIC’s Guidance Note 7 provides comprehensive guidance on accountable institutions’ Fica compliance obligations. Casps are urged to refer to this document.
In addition to Guidance Note 7, PCC 57 says Casps should take note of the following:
Risk-based approach
Casps must consider the money laundering (ML), terrorist financing (TF) and proliferation financing (PF) risk that correspondent Casps present before establishing a business relationship or conducting a single transaction. The following indicators may be considered:
- The correspondent Casp’s anti-money laundering (AML), combating of terrorism financing (CTF), and combating of proliferation financing regime (CPF).
- The ML/TF risk relating to the correspondent Casp.
Casps should consider the ML, TF, and PF risks posed by different crypto assets. Various indicators must be considered when determining the level of risk presented by a particular crypto asset. These indicators include whether the crypto asset:
- Provides anonymity;
- Is easily transferable; and
- Is known to be susceptible to abuse or there is trend of its being misused.
In addition to the factors stated in Guidance Note 7, Casps must consider certain unique indicators when assessing the level of ML, TF, and PF risk posed by a business relationship or single transaction with a client. These can include:
- The nature of the client and its trading volume;
- Type of transaction (for example, to hosted or unhosted crypto wallets);
- Source of crypto assets;
- Client transaction patterns;
- Crypto asset product risk; and
- Correspondent Casp risk.
Customer due diligence
Crypto assets are anonymous, and it is unlikely that the Casp and the client will meet face-to-face. Therefore, the FIC encourages Casps to obtain additional information as part of their customer due diligence (CDD), to ensure adequate identification and verification of their clients. Such information includes the client’s:
- Device identification, including the IMEI (International Mobile Equipment Identifier);
- Device type and model;
- IP addresses;
- Date and time stamp information of device connections;
- Geo location;
- Browser information;
- Operating system and version; and
- Linked crypto asset wallet addresses.
In addition, the client should provide a photograph of him- or herself.
Where a Casp’s client is transacting with a party that has crypto assets in a non-custodial digital wallet, the party is transacting anonymously, and therefore poses a higher risk of ML, TF, and PF. In this case, the Casp is encouraged to conduct enhanced due diligence on its client.
The FIC recommends that Casps develop and maintain a watch list of “high-risk crypto asset addresses and wallets” that have previously been subject to regulatory reports or negative media reports, against which a Casp can screen client information.
Account monitoring and reporting
Accountable institutions must monitor all crypto asset transactions to identify suspicious and unusual activity.
The FIC advises accountable institutions to develop indicators that red flag higher-risk transactions and scenarios. Where such activity is identified, the accountable institution must conduct enhanced transaction monitoring. The indicators must be reviewed regularly to ensure they are adequate to identify heightened ML, TF, and PF risks.
The possible indicators of higher-risk transactions include:
- Anonymity characteristics of a crypto asset (for example, mixers and tumblers).
- Transactions based in high-risk AML, CFT, and CPF areas.
- Rapid or unusual trading patterns, including frequent and rapid buy or sell orders within short time frames, that may suggest market manipulation, wash trading, or other suspicious trading activities.
- Transactions that may be linked to the dark web.
- Multiple transactions from the same client over a short period (churning), to conceal the source of illegally obtained funds.
- High-frequency trading. This can be associated with attempts to exploit market inefficiencies or engage in manipulative trading practices, particularly when coupled with other suspicious activity.
- Transactions that make no lawful business sense.
- The beneficiary or originator client profile has unusual or high-risk characteristics.
- The value of the transactions is inconsistent with the client’s declared source of income or wealth.
- Uncommonly large transactions that are inconsistent with the client profile and transaction patterns.
- Transactions linked to a blacklisted crypto asset address.
- The use of money mules, where the criminal operates accounts using the details of a client of the Casp (without the client’s knowledge). For example, a client provides his or her CDD information to the Casp and once the Casp opens the account, the client provides the private keys of the crypto asset to the criminal.
- Online gambling, where a client deposits small amounts with which to transact, initiates some minor gambling transactions, and then withdraws the funds, which seem to be “legitimate” payouts from the online casino. A red flag is where a client’s account receives payments from online gambling regularly, even if the amounts are small.
- Fake social media profiles that market new crypto assets as being profitable or unique, to lure clients away from legitimate Casps. The criminal misappropriates the fiat or crypto assets without transferring the new crypto assets into the purchasers’ wallets.
- The use of social media to create crypto asset pyramid schemes that use the same principles as fiat pyramid schemes.
- Terrorist organisations are known to post crypto asset wallet addresses soliciting donations for their cause. An account abruptly receives multiple payments from different crypto addresses or sources, and the crypto assets are moved out of the account swiftly. Red flag should be raised, particularly if the account is newly created, dormant, or low on funds for some time.
- Casps must conduct CDD where the crypto assets can be purchased through a crypto asset kiosk machine or an automated teller machine with cash, without the client having to open an account.
- Where a client deposits fiat currency into the Casps’s account, then advises that the deposit was “made in error” and requests a refund without crypto trading transactions taking place.
- Transactions that are significantly larger than the average or usual transaction size.
- The use of multiple accounts and transactions by the same individual or entity. This may indicate attempts to circumvent regulatory limits or conceal illicit activities.
- Transactions involving privacy-focused crypto asset types that offer enhanced anonymity features. Although these crypto asset types are not inherently illicit, their use in suspicious transactions should raise concerns.
- Suspicious account access or activity, including multiple failed login attempts, account takeovers, or suspicious changes in account information. These indicators may suggest unauthorised access attempts or compromised accounts.
- Connections to persons designated on targeted financial sanctions lists, blacklisted wallets, or high-risk persons.
Click here to download PCC 57.
Click here to download the FIC’s responses to the comments on draft PCC 120.