Legal practitioners are accountable institutions as identified in sch 1 of the Financial Intelligence Centre Act 38 of 2001 (FICA). As accountable institutions, legal practitioners have certain responsibilities in terms of FICA, including reporting of cash transactions above a certain threshold, reporting of suspicious activities, preparing and maintaining a Risk Management and Compliance Programme (RMCP), etcetera. For purposes of this article, we will confine our discussion to the role of legal practitioners and how they can protect the trust accounts that they manage from abuse by criminals involved in money laundering and terrorist activities.
There are several definitions to money laundering, but they all describe money laundering as means to disguise or conceal the true origin of money or property derived from criminal activities such as drug trafficking, human trafficking, racketeering, and corruption. Because of the nature or origins of the funds, and their generation, criminals run a risk of being caught out by the authorities and subjected to prosecution and forfeiture of the illicit proceeds. It is for this reason that criminals will find ways to conceal the origins of the funds or property, and one of the ways is to use trust accounts managed by legal practitioners.
Financing of terrorist activities or terrorism involves the intentional solicitation, collection, and providing of funds and other assets to support terrorist acts, terrorist organisations, or individual terrorists. The primary goal of people involved in financing terrorism is to conceal both the financing and the nature of the activity being financed. Of note, financing of terrorism does not only come from illicit proceeds, but also from legal funds. Again, criminals will conceal this activity by finding ways to do so, one of which is through the trust account managed by legal practitioners.
During February 2023, South Africa (SA) as a country was ‘greylisted’ by the Financial Action Task Force (FATF). FATF is a global inter-governmental body that promotes policies and sets international standards relating to the combating of money laundering, terrorist financing, and the financing of the proliferation of weapons of mass destruction (Companies and Intellectual Property Commission ‘Beneficial ownership’ (www.cipc.co.za, accessed 27-2-2025)). Being greylisted means that the country is placed under increased monitoring and that it has committed to resolve swiftly the identified deficiencies within agreed timeframes. The reasons advanced for the greylisting of SA were that efforts to combat financial crimes fall short of international standards. Resulting from the greylisting is a requirement for SA to carry out some action items that FATF monitors and receives updates on every four months. SA remains greylisted, and is only expected to exit the greylisting, provided all action items are carried out to the satisfaction of the task team, around October 2025. South Africa has an action plan that was developed with immediate outcomes, specific action items, and agreed timeframes.
Among the action items for SA, there is an action item under Immediate Outcome 3/4 that requires SA to improve risk-based supervision of accountable institutions defined by the FATF as Designated Non-Financial Businesses and Professions (DNFBPs) by conducting training and awareness programmes on their Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) obligations, particularly with regard to filing and submitting Suspicious Transaction Reports (STRs) filed in line with risks. Legal practitioners fall into the DNFBP definition.
Again, in terms of Immediate Outcome 5, SA should demonstrate that competent authorities have timely access to adequate, accurate, and up to date beneficial ownership information of legal persons and arrangements. Beneficial ownership refers to the ultimate people who own or control an entity and stand to benefit from the activities of that entity, even if not listed in the official records. As part of their client base, legal practitioners service entities like trusts, shell companies, cash intensive businesses, etcetera who have beneficial owners that require identification and verification.
Money laundering and financing of terrorist activities, therefore, become two of the risks that legal practitioners must assess when they perform the risk assessment of the legal practice, and should clearly reflect the risk in their risk management and compliance programme, as well as how they will mitigate against the risk. A risk management and compliance programme is used to identify, assess, monitor, mitigate, and manage risks related to money laundering and terrorist financing. An ‘accountable institution must have a compliance function to assist the board of directors or senior management’ of the institution in discharging their obligations in terms of the FICA, and assign a sufficiently competent and senior person with the responsibility to administer the programme (Frank Knight ‘“Accountable institutions” under FICA are learning their new obligations’ (www.fanews.co.za, accessed 27-2-2025)). The risk management and compliance programme developed for an accountable institution must be shared with all employees of the institution, and training should be provided to all employees so as to empower every employee with identification of potential money laundering and terrorism activities.
One of the mitigation measures available to legal practitioners is to conduct a thorough due diligence on their clients, referred to as customer due diligence in the FICA. Customer due diligence refers to the knowledge that an accountable institution has about its client, and the understanding of the business that its client is engaged in. This knowledge and understanding assists with comprehension of risks that the client poses to the legal practitioner. When legal practitioners apply a risk-based approach to money laundering and financing of terrorist activities, thus understanding their exposure, not only do they protect and maintain the integrity of their businesses, but they also contribute to the integrity of the financial system of the country.
The risk management and compliance programme that legal practitioners put in place should delve into how they will conduct customer due diligence on unknown and individual clients, juristic entities, clients with business relationships, single transaction clients, etcetera. The customer due diligence process should enable the accountable institution to know the business that they are dealing with, and to further understand who benefits from the business it does with its client as that will assist the accountable institution in determining when the business with clients should be considered suspicious or unusual. Without this understanding, the legal practitioner will not be able to determine activities that are suspicious or unusual, and will fail in its reporting obligation with the Financial Intelligence Centre.
One of the benefits of a properly implemented customer due diligence process, and ongoing customer due diligence with clients that have a business relationship with the legal practitioner, is that it enables an accountable institution to better manage its relationships with its clients and to better and timely identification of possible attempts by clients to exploit the accountable institution for illicit purposes. Care should be taken when dealing with the various clients of the legal practitioner as customer due diligence on an individual client versus an entity will not be the same, while customer due diligence on a client with which the accountable institution has a business relationship will differ from a single transaction client. The depth of the customer due diligence on the various types of clients should be described in the risk management and compliance programme of the accountable institution, guided by the risk appetite of the accountable institution. Legal practitioners have a duty to ensure implementation and adherence to the developed customer due diligence process, without exception, thus ensuring the effectiveness of the programme.
While accountable institutions are not required to conduct a full scope customer due diligence for single transactions below the R5 000 threshold set by the Minister of Finance in the Money Laundering and Terrorist Financing Control for all cross-border electronic funds transfers transactions (see Guidance Note 7A issued on 13 February 2025), they are still required to know their clients, and cannot deal with anonymous clients or clients with apparent false or fictitious names. Again, ‘the manner in which the accountable institutions comply … in respect of business relationships and single transactions, both below and above the threshold, must be recorded in the institution’s RMCP’ (Compliance & Learning Center ‘Anti-Money Laundering & Terrorist Financing Training Reference Guide’ (https://virtualclc.co.za, accessed 27-2-2025)).
An example of how money laundering can be perpetrated against a non-suspecting legal practitioner is where clients of legal practitioners would deposit funds into the trust account managed by the legal practitioner, and later request refund of that money as the funds were incorrectly deposited, should raise suspicion in the mind of the legal practitioner and should be reported to the Financial Intelligence Centre. Once illicit money is mixed with clean money, its origin gets concealed, and in that way money laundering occurs.
In conclusion, legal practitioners must, without exception, manage the risk of money laundering and financing of terrorist activities using the trust accounts under their management. Legal practitioners must identify, assess, monitor, and manage money laundering and financing of terrorist activities risks facing the legal practice through a properly developed risk management and compliance programme. Where a suspicious or unusual transaction is identified, it must be reported as required, and the accountable institution must ensure proper record keeping to assist the investigating and prosecuting authorities investigate and prosecute such cases. Legal practitioners should not be caught off-guard or fall into the trap of being regarded as accomplices to these criminal activities.
Legal practitioners are encouraged to read this article together with the FIC Guidance Note 7A, which can be accessed on www.fic.gov.za and deals with risk management and compliance programmes. This guidance note is a collaboration between the Financial Intelligence Centre, the National Treasury, the South African Reserve Bank, and the Financial Sector Conduct Authority.
Do your part, restore the reputation of the profession, and that of the country.
Simthandile Kholelwa Myemane BCom Dip Advanced Business Management (UJ) Cert Forensic and Investigative Auditing (Unisa) Certified Control Self Assessor (Institute of Internal Auditors) Cert in Management and Investigation of Cyber and Electronic Crimes Cert in Fraud Risk Management Cert in Law for Commercial Forensic Practitioners Cert in Investigation of Financial Crimes Cert in Investigation and Detection of Money Laundering Cert in Economic Crime Schemes (Enterprises University of Pretoria) Post Graduate Diploma in Risk Management (MANCOSA) is the Practitioner Support Manager at the Legal Practitioners’ Fidelity Fund in Centurion.
This article was first published in De Rebus in 2025 (April) DR 4.
