By the Financial Intelligence Centre
As accountable institutions listed in sch 1 of the Financial Intelligence Centre Act 38 of 2001 (FIC Act), legal practitioners are required to apply a risk-based approach when establishing a business relationship and/or conducting a single transaction with a client.
This requirement aligns with the Financial Action Task Force (FATF), which sets international standards on combating money laundering and terrorist financing.
The application of a risk-based approach – when implementing controls –
allows a legal practitioner to mitigate money laundering and terrorist financing. Controls put in place by legal practitioners must be in proportion to the risks they identify. To comply with the requirement of applying a risk-based approach, legal practitioners must identify, assess, monitor, mitigate and manage the risk that their products and/or services may be abused by criminals for money laundering and/or terrorist financing.
Identifying and assessing risk
As part of identifying risks, legal practitioners must assess all factors relevant to establishing a business relationship and/or conducting a single once-off transaction with their clients.
Legal practitioners can take into account the following factors when identifying potential money laundering and terrorist financing risks:
Legal practitioners may also refer to industry guidance on whether certain products and/or services, client types, or sectors and so on, pose a higher risk from a money laundering and terrorist financing perspective.
After identifying and assessing the potential risks, the legal practitioner can then assign different weightings based on the perceived risk to yield an overall client rating. The higher the overall client rating, the more stringent the controls must be. Enhanced control measures should be applied to mitigate the heightened risk. Where the client risk rating is lower, there may be fewer control measures.
Key aspects to managing risk
Legal practitioners must develop controls, which mitigate and manage the risks, and which fulfil the Financial Intelligence Centre’s (FIC’s) compliance requirements. Controls include, but are not limited to –
All controls implemented must be monitored for adequacy and effectiveness. All the controls developed and implemented by the legal practitioner forms part of their risk management and compliance programme.
In summary, the controls that must be included in a risk management and compliance programme must provide for:
– suspicious and unusual transactions reports;
– terrorist property reports;
– cash threshold reports; and
– international fund transfer reports.
Legal practitioners must ensure their risk management and compliance programme covers all the aspects as set out in s 42 of FIC Act. The risk management and compliance programme must be approved by the legal practitioner’s board of directors, senior management or other person or group of persons exercising the highest level of authority in the accountable institution.
This article was first published in De Rebus in 2020 (March) DR 6.
De Rebus proudly displays the “FAIR” stamp of the Press Council of South Africa, indicating our commitment to adhere to the Code of Ethics for Print and online media, which prescribes that our reportage is truthful, accurate and fair. Should you wish to lodge a complaint about our news coverage, please lodge a complaint on the Press Council’s website at www.presscouncil.org.za or e-mail the complaint to enquiries@ombudsman.org.za. Contact the Press Council at (011) 4843612.
South African COVID-19 Coronavirus. Access the latest information on: www.sacoronavirus.co.za
|