Prudential Authority fines major bank R13m for FICA non-compliance

Posted on by

The Prudential Authority (PA) has imposed administrative sanctions on Standard Bank of South Africa (SBSA) for non-compliance with certain provisions of the Financial Intelligence Centre (FICA).

The PA, operating within the administration of the South African Reserve Bank (SARB), is mandated to supervise and enforce compliance by accountable institutions with FICA.

The sanctions, which include a financial penalty totalling R13 million, follow an inspection conducted on SBSA in 2022.

Standard Bank reported headline earnings of R42.9 billion in its 2023 fiscal year.

In December last year, the PA fined Capitec Bank a total of R56.25m for FICA non-compliance. Of this, R10.5m was conditionally suspended for 36 months from 30 July 2024.

Capitec’s headline earnings were R10.6bn for its 2023/24 financial year.

Standard Bank’s areas of non-compliance

The administrative sanctions on Standard Bank stemmed from the following non-compliance:

  1. Failure to conduct ongoing due diligence in respect of two of clients, with no due diligence reviews undertaken in 2018 and 2019.

The PA cautioned SBSA not to repeat the conduct that led to the non-compliance with section 21C of FICA.

  1. Failure to keep a record of the dates on which 43 suspicious and unusual transaction reports (STRs) or suspicious and unusual activity reports (SARs) were submitted to the Financial Intelligence Centre (FIC). The PA cautioned SBSA not to repeat the conduct that led to the non-compliance with section 23(c).
  2. Failure to report 1 466 cash transaction reports and/or cash transaction aggregation reports timeously to the FIC. The PA cautioned SBSA not to repeat the conduct that led to the non-compliance with section 28.
  3. Failure to report 17 259 STRs and/or SARs to the FIC timeously. The PA imposed a fine of R4m and cautioned SBSA not to repeat the conduct that led to the non-compliance with section 29.
  4. Failure to report one STR to the FIC. SBSA was fined R1m and cautioned not to repeat the conduct that led to the non-compliance with section 29.
  5. Failure to comply with Directive 5 of 2019 in that:
  • 75 729 automated transaction monitoring system alerts were not timeously attended to within 48 hours; and
  • 94 558 STR/SAR alerts were closed beyond the 15-day reporting period per regulation 24(3) of the Regulations to Act.

The PA imposed a fine of R8m and cautioned the bank not to repeat the conduct that led to the non-compliance.

The PA said SBSA co-operated with the Authority and has undertaken the necessary remedial action to address the identified compliance deficiencies and control weaknesses.

Standard Bank said in a statement it took immediate remedial action to ensure that it meets all the regulatory requirements.

“The bulk of the findings in respect of which the financial penalty was imposed relate to the monitoring of system-generated alerts in 2019 and the submission of regulatory reports within the required deadlines. Standard Bank has fully remediated the concerns through a comprehensive remediation programme,” it said.

SBSA said the sanctions in no way imply that Standard Bank has been found guilty of facilitating transactions for the purpose of money laundering or terrorist financing.

Capitec’s FICA breaches

The sanctions on Capitec followed inspections conducted in 2021 and 2022. The inspection in 2021 focused on the retail bank segment and the 2022 inspection focused on the business banking segment.

The PA said the contraventions consisted of:

  1. Failure to conduct adequate customer due diligence, enhanced due diligence, and ongoing due diligence in respect of the sampled client files. The non-compliance included deficiencies concerning:
  • Verifying a client’s identity;
  • Identifying the beneficial owners of legal entities;
  • obtaining and/or verifying the address and source of funds;
  • conducting Politically Exposed Persons screening and ongoing due diligence, including annual reviews, for high-risk clients; and
  • obtaining senior management approval when re-risk-rating clients or reviewing high-risk clients.

The PA cautioned Capitec not to repeat the conduct that led to the non-compliance with sections 21(1) and/or 21A to 21H of FICA. The retail segment was fined R20m, of which R5m was conditionally suspended for 36 months. The business segment was fined R15m, of which R2m was conditionally suspended for 36 months.

  1. Failure to ensure the timeous submission of cash threshold reports (CTRs) to the FIC.

Capitec was cautioned not to repeat the conduct that led to the non-compliance with section 28 and fined R2m, of which R1m was conditionally suspended for 36 months.

  1. Failure to submit STRs and/or SARs to the FIC timeously. Capitec was cautioned and fined R5m.
  2. Failure to attend to automated transaction monitoring system alerts within 48 hours, as required by Directive 5 of 2019. Capitec was cautioned and fined R3m.
  3. Failure to comply with aspects of section 42 linked to Capitec’s Risk Management and Compliance Programme (RMCP), which including a failure to.
  • adequately identify, assess, monitor, mitigate and/or manage its risk associated with CTRs for possible reporting to the FIC;
  • implement its RMCP pertaining to enhanced and ongoing due diligence;
  • obtain timeous approval from its board of directors for aspects of its RMCP; and
  • consider certain risk factors when onboarding clients.

The PA imposed a caution not to repeat the conduct that led to the non-compliance and a reprimand. In addition, the retail segment was fined R8m, of which R2m was conditionally suspended for 36 months, while the business segment was fined R3.25m, of which R500 000 was conditionally suspended for 36 months.

The PA said it received Capitec’s co-operation, and the bank has undertaken the necessary remedial action to address the identified compliance deficiencies and control weaknesses.