The Financial Action Task Force (FATF), the global watchdog for money laundering and terrorist financing, requires that country supervisors identify compliance issues and demonstrate that their efforts have led to changed behaviour and improved compliance through remedial actions. In the FATF Mutual Evaluation Report, published in October 2021, the mutual evaluation assessors indicated that the Designated Non-Financial Businesses and Professions (DNFBPs) sectors were considered high risk as a result of a lack of understanding of their money laundering and terrorist financing risks. The report also cited that it was evident that these sectors were not adequately supervised.
Established in 2002, the Financial Intelligence Centre (FIC) is South Africa’s national authority responsible for gathering, analysing, and disseminating financial intelligence. It assists in identifying the proceeds of crime within the country. The FIC Act establishes a regulatory framework that mandates specific business categories to fulfil compliance obligations.
Following South Africa’s greylisting in early 2023, the FIC has collaborated with various stakeholders to remove the country from the grey list, aiming for early 2025. The General Laws Amendment Act and the POCDATARA Amendment Act, which came into effect on 29 December 2022 and 31 December 2022, respectively, have expanded and enhanced the FIC’s legal mandate, powers, and functions. The amendments to Schedules 1, 2, and 3 of the FIC Act, effective 19 December 2022, have significantly broadened its scope. These changes have profoundly impacted numerous businesses, including trust and company service providers (TCSPs), now also supervised by the FIC.
Greater reach of the FIC
Before these legislative changes, approximately 43,000 entities were registered in the FIC database, with only around 4,000 supervised by it. The remainder were overseen by the South African Reserve Bank (SARB) (670) and the Financial Sector Conduct Authority (FSCA) (9,247). DNFBP supervisors were tasked with overseeing DNFBPs. The legislative changes removed the DNFBP supervisors, with the FIC assuming the supervisory function under the FIC Ac. As a result, the number of entities under the supervision of the FIC has risen to over 53,000 (84%) out of 63,000, of which TCSPs are 5,300.
The number of registered TCSPs increased over the years as follows:
- 247 (as at March 2022)
- 318 (as at March 2023)
- 1,680 (as at March 2024)
The figure seems relatively low given the number of attorneys, accountants, and other service providers offering trust and company services outlined in Schedule 1 of the FIC Act. Relevant service providers who have not yet registered must do so. TCSPs must register as accountable institutions under item 2 of Schedule 1 of the FIC Act, even if they are already registered under a different item.
Trust and company service providers
Before the amendment of the FIC Act in 2022, boards of executors, trust companies, and individuals that invest, keep in safe custody, and control or administer trust properties were regarded as DNFBPs. As a result, all provisions of the Act applied, which meant these entities were required to ensure their business activities were conducted per FIC Act requirements, which included conducting adequate customer due diligence (CDD), identification and verification of beneficial owners of clients, and identifying foreign prominent public officials as well as domestic prominent influential persons. However, many trust service providers did not see the need to register with the FIC, as the definition was rather broad and open to interpretation.
In December 2022, the FIC was legally mandated as the sole supervisor of non-financial sectors, which include legal practitioners, TCSPs, estate agents, casinos, credit providers, the South African Post Bank, high-value goods dealers, and crypto asset service providers, as outlined in Schedule 1 of the FIC Act. TCSPs are classified as “accountable institutions” due to their vulnerability to exploitation by those attempting to launder criminal proceeds or finance terrorist activities. A TCSP is defined as any individual or entity that, in the ordinary course of business, assists clients in the creation, operation, and management of an external company, a foreign company, a close corporation, or a trust. This includes managing the business entity’s registration or trust with the relevant authority. Some trust service providers are unaware they qualify as “accountable institutions” under the FIC Act. Any individual or company that, as a business, registers trusts, advises on such structures, acts as a trustee, or assists in the administration and transactions of a trust must register as an “accountable institution” with the FIC and comply with its stringent requirements.
What should TCSPs do?
All TCSPs must register with the FIC in terms of the FIC Act and comply with the following regulatory obligations.
TCSPs should appoint a compliance officer with the FIC. They should train employees on FIC Act compliance and anti-money laundering, combating financing of terrorism and combating proliferation financing risk exposure.
TCSPs should adopt a risk-based approach as mandated by the FIC. They must carry out comprehensive anti-money laundering, combatting financing of terrorism, and combating proliferation financing risk assessments throughout their operations, considering related risks concerning products, services, delivery channels, and clients involved. In alignment with their assessment, they should maintain and implement a risk management and compliance programme (RMCP).
TCSPs should implement customer identification, verification, and due diligence processes. Customer due diligence necessitates that TCSPs possess a well-informed understanding of the money laundering and terrorist financing risks their clients pose, enabling them to implement the necessary control measures to mitigate and manage these risks. Furthermore, they should identify anomalies or changes in a client’s transactional behaviour patterns. The level of risk identified should guide TCSPs in determining the appropriate level of monitoring and due diligence required for each client. Any suspicious behaviour must be flagged and reported under Section 29 of the FIC Act.
TCSPs must also assess whether their clients and potential clients are sanctioned persons or entities to evaluate their exposure to obligations related to financial sanctions. TCSPs should screen clients and prospective clients against the relevant sanctions lists, which should occur during client onboarding and whenever the United Nations Security Council adopts new targeted financial sanctions measures or broadens existing ones.
TCSPs must also file regulatory reports relating to suspicious and unusual transactions, cash transactions exceeding the prescribed threshold, and property linked to sanctioned persons, terrorist activity, or terrorist organisations.
Directive 6
The experience of the FIC since its establishment, the introduction of new FATF standards for measures implemented to combat money laundering, terrorist financing, and the proliferation of weapons of mass destruction, alongside best practices developed by other agencies, have prompted the FIC to adopt a risk-based compliance supervision approach aimed at achieving higher levels of compliance. Directive 6 was issued by the FIC, requiring certain accountable institutions listed in Schedule 1 of the FIC Act (Legal practitioners (item 1), Trust and company service providers (item 2), Estate agents (item 3), and Gambling institutions (item 9)) to submit information regarding their understanding of money laundering, terrorist financing, and proliferation financing risks through a risk and compliance return (RCR). As of March 2024, only 1,110 TCSPs submitted RCRs.
On December 5, 2024, the FIC issued a media release reminding TCSPs of their obligations under Directive 6 to submit RCRs. They were urged to submit their RCRs if they had not yet done so. From the statistics provided in the media release, it appears that the FIC has only begun to scratch the surface with TCSPs. Of the 286 companies penalised from November 2023 to November 2024, only 23 were TCSPs. However, it is reported in the industry that the FIC is reaching out to more TCSPs.
Although the deadline for submitting RCRs was 31 May 2023, accountable institutions are encouraged to continue submitting them. Failure to submit an RCR may result in administrative action. Non-compliance with the RCR obligations indicates more significant non-compliance with the FIC Act obligations, which may trigger the FIC to conduct more intrusive inspections on such offending TCSPs.
Conclusion
With the expanded list of service providers covered under TCSPs in Schedule 1 of the FIC Act, it can only be assumed that many trust service providers have not yet registered with the FIC as “accountable institutions.” Each trust service provider should analyse its activities and determine whether it should register with the FIC and comply with its requirements.
* Van der Spuy is a Chartered Accountant with a Masters's degree in tax and a registered Fiduciary Practitioner of South Africa®, a Chartered Tax Adviser, a Trust and Estate Practitioner (TEP), and the founder of Trusteeze®, the provider of a digital trust solution.
PERSONAL FINANCE