Financial Intelligence Centre Act, 2001 (Act No. 38 of 2001)

Chapter 3 : Control Measures for Money Laundering and Financing of Terrorist and Related Activities - Money Laundering, Financing of Terrorist and Related Activities and Financial Sanctions Control Measures

Part 4 : Measures to promote compliance by accountable institutions

42. Risk Management and Compliance Programme

Purchase cart Previous page Return to chapter overview Next page

[Section 42 heading substituted by section 27 of the Financial Intelligence Centre Amendment Act, 2017 (Act No. 1 of 2017)]

 

(1)An accountable institution must develop, document, maintain and implement a programme for anti-money laundering, counter-terrorist financing and proliferation financing risk management and compliance.

[Section 42(1) substituted by section 39(a) of the General Laws (Anti-Money Laundering & Combating Terrorism Financing) Amendment Act, 2022 (Act No. 22 of 2022) Notice No. 1532, GG47802, dated 29 December 2022 - effective 31 December 2022 per Proclamation Notice 109 (a), GG47805, dated 31 December 2022]

 

(2)A Risk Management and Compliance Programme must—
(a)enable the accountable institution to—
(i)identify;
(ii)assess;
(iii)monitor;
(iv)mitigate; and
(v)manage,

the risk that the provision by the accountable institution of new and existing products or services may involve or facilitate money laundering activities, the financing of terrorist and related activities or proliferation financing activities;

[Words following Section 42(2)(a)(v) substituted by section 39(b) of the General Laws (Anti-Money Laundering & Combating Terrorism Financing) Amendment Act, 2022 (Act No. 22 of 2022) Notice No. 1532, GG47802, dated 29 December 2022 - effective 31 December 2022 per Proclamation Notice 109 (a), GG47805, dated 31 December 2022]

(b)provide for the manner in which the institution determines if a person is—
(i)a prospective client in the process of establishing a business relationship or entering into a single transaction with the institution; or
(ii)a client who has established a business relationship or entered into a single transaction;
(c)provide for the manner in which the institution complies with section 20A;
(d)provide for the manner in which and the processes by which the  establishment and verification of the identity of persons whom the accountable institution must identify in terms of Part 1 of this Chapter is performed in the institution;
(e)provide for the manner in which the institution determines whether future transactions that will be performed in the course of the business relationship are consistent with the institution’s knowledge of a prospective client;
(f)provide for the manner in which and the processes by which the institution conducts additional due diligence measures in respect of legal persons, trust and partnerships;
(g)provide for the manner in which and the processes by which ongoing due diligence and account monitoring in respect of business relationships is conducted by the institution;
(h)provide for the manner in which the examining of—
(i)complex or unusually large transactions; and
(ii)unusual patterns of transactions which have no apparent business or lawful purpose,

and keeping of written findings relating thereto, is done by the institution;

(i)provide for the manner in which and the process by which the institution will confirm information relating to a client when the institution has doubts about the veracity of previously obtained information and when reporting suspicious and unusual transactions in accordance with section 21D;

[Section 42(2)(i) substituted by section 39(c) of the General Laws (Anti-Money Laundering & Combating Terrorism Financing) Amendment Act, 2022 (Act No. 22 of 2022) Notice No. 1532, GG47802, dated 29 December 2022 - effective 31 December 2022 per Proclamation Notice 109 (a), GG47805, dated 31 December 2022]

(j)provide for the manner in which and the processes by which the institution will perform the customer due diligence requirements in accordance with sections 21, 21A, 21B and 21C when, during the course of a business relationship, the institution suspects that a transaction or activity is suspicious or unusual as contemplated in section 29;
(k)provide for the manner in which the accountable institution will terminate an existing business relationship as contemplated in section 21E;
(l)provide for the manner in which and the processes by which the accountable institution determines whether a prospective client or an existing client is a foreign or a domestic politically exposed person or a prominent influential person;

[Section 42(2)(l) substituted by section 39(d) of the General Laws (Anti-Money Laundering & Combating Terrorism Financing) Amendment Act, 2022 (Act No. 22 of 2022) Notice No. 1532, GG47802, dated 29 December 2022 - effective 31 December 2022 per Proclamation Notice 109 (a), GG47805, dated 31 December 2022]

(m)provide for the manner in which and the processes by which the accountable institution conducts enhanced due diligence  for higher-risk single transactions and business relationships and when simplified customer due diligence might be permitted in the institution;

[Section 42(2)(m) substituted by section 39(e) of the General Laws (Anti-Money Laundering & Combating Terrorism Financing) Amendment Act, 2022 (Act No. 22 of 2022) Notice No. 1532, GG47802, dated 29 December 2022 - effective 31 December 2022 per Proclamation Notice 109 (a), GG47805, dated 31 December 2022]

(n)provide for the manner in which and place at which the records are kept in terms of Part 2 of this Chapter;
(o)enable the institution to determine when a transaction or activity is reportable to the Centre under Part 3 of this Chapter;
(p)provide for the processes for reporting information to the Centre under Part 3 of this Chapter;
(q)provide for the manner in which—
(i)the Risk Management and Compliance Programme is implemented in branches, subsidiaries or other operations of the institution in foreign countries so as to enable the institution to comply with its obligations under this Act;
(ii)the institution will determine if the host country of a foreign branch, subsidiary or other operation permits the implementation of measures required under this Act;
(iii)the institution will inform the Centre and supervisory body concerned if the host country contemplated in sub-paragraph (ii) does not permit the implementation of measures required under this Act; and
(iv) taking into consideration the level of risk of the host country, the institution will apply appropriate additional measures to manage the risks if the host country does not permit the implementation of measures required under this Act;

[Section 42(2)(q) substituted by section 39(f) of the General Laws (Anti-Money Laundering & Combating Terrorism Financing) Amendment Act, 2022 (Act No. 22 of 2022) Notice No. 1532, GG47802, dated 29 December 2022 - effective 31 December 2022 per Proclamation Notice 109 (a), GG47805, dated 31 December 2022]

(qA) provide for the manner in which and the processes by which group-wide programmes of an accountable institution for all its branches and majority-owned subsidiaries situated in the Republic is implemented so as to enable the institution to—
(i) comply with its obligations under this Act;
(ii) exchange information with its branches or subsidiaries relating to the customer due diligence requirements in terms of this Act;
(iii) exchange information with its branches or subsidiaries relating to the analysis of transactions or activities which the institution suspects to be suspicious or unusual as contemplated in section 29; and
(iv) have adequate safeguards to protect the confidentiality of information exchanged in accordance with this paragraph and this Act.

[Section 42(2)(qA) inserted by section 39(g) of the General Laws (Anti-Money Laundering & Combating Terrorism Financing) Amendment Act, 2022 (Act No. 22 of 2022) Notice No. 1532, GG47802, dated 29 December 2022 - effective 31 December 2022 per Proclamation Notice 109 (a), GG47805, dated 31 December 2022]

(r)provide for the processes for the institution to implement its Risk Management and Compliance Programme; and
(s)provide for any prescribed matter.

 

(2A)An accountable institution must indicate in its Risk Management and Compliance Programme if any paragraph of subsection (2) is not applicable to that accountable institution and the reason why it is not applicable.

 

(2B)The board of directors, senior management or other person or group of persons exercising the highest level of authority in an accountable institution must approve the Risk Management and Compliance Programme of the institution.

 

(2C)An accountable institution must review its Risk Management and Compliance Programme at regular intervals to ensure that the Programme remains relevant to the accountable institution’s operations and the achievement of the requirements contemplated in subsection (2).

 

(3)An accountable institution must make documentation describing its Risk Management and Compliance Programme available to each of its employees involved in transactions to which this Act applies.

 

(4)An accountable institution must, on request, make a copy of its internal rules available to –
(a)the Centre; or
(b)a supervisory body which performs regulatory or supervisory functions in respect of that accountable institution.

 

[Section 42 substituted by section 27 of the Financial Intelligence Centre Amendment Act, 2017 (Act No. 1 of 2017)]