|
Article by the Financial Intelligence Centre
Financial Services Providers are accountable institutions as listed in schedule 1 of the Financial Intelligence Centre (the FIC Act) Act 38 of 2001 and as such, have specific obligations to fulfil. The following sets out the high-level obligations and highlight the outsourcing possibilities.
Outsourcing of compliance activities to Third- Party Service Providers
Public Compliance Communication 12A (PCC 12A) was published on 24 March 2021, to provide guidance to accountable institutions and reporting institutions on the outsourcing of compliance activities that stem from the obligations in terms of the FIC Act to third-party service providers.
Outsourcing refers to when an accountable institution contracts with a third-party service provider to seek assistance (including advice and/or other services) in relation to the performance of their compliance obligations. Accountable institutions remain fully accountable, responsible and liable for any compliance failures that may result from or be associated with an outsourcing arrangement and as such, liability and/or culpability for non-compliance with the FIC Act obligations cannot be transferred to a third-party service provider.
The third-party service provider in an outsourcing arrangement may also be an accountable institution in its own right. The fact that a third-party service provider is an accountable institution does not absolve the accountable institution, requesting such assistance, of their FIC Act obligations pertaining to its client.
Outsourcing vs Placing Reliance
Reliance refers to circumstances where an accountable institution places reliance on another third-party accountable institution where assistance is received in the obtaining of Customer Due Diligence (CDD) information and/ or documentation in relation to Shared Clients.
The Do’s and Don’ts in a nutshell:
Outsourcing of Risk Management
Accountable institutions may seek the assistance of third-party service providers when conducting their risk assessments. However, the ultimate determination and approval of the risk assessment remains the obligation and responsibility of the accountable institutions.
Outsourcing of the activities relating to Customer Due Diligence
An accountable institution may seek the assistance of a third-party service provider to assist with the Customer Due Diligence (CDD) operational functions such as the collection and processing of documentation and/or information for CDD purposes. Irrespective of what CDD operational functions are outsourced, which may vary from collection to processing etc., the accountable institution must still conduct customer due diligence, and comply with its obligations in terms of the FIC Act.
Scrutinising of client information against DPIP/FPPO and TFS lists
An accountable institution cannot outsource their obligations to obtain senior management approval as required in terms of the FIC Act. The FIC Act does not prohibit the outsourcing of the activity of scrutinising client information to determine whether the client is a Foreign Prominent Public Official (FPPO), domestic prominent influential person
(DPIP) or person listed on a targeted financial sanctions list by the accountable institution.
Outsourcing of record-keeping requirements
The Money Laundering and Terrorist Financing Control Regulation 20 sets out the process to be followed when an accountable institution opts to appoint a third-party service provider to keep records on their behalf. Reporters are cautioned against the outsourcing of record-keeping relating to regulatory reports submitted to the Centre, specifically reports in terms of section 28, 28A and 29 of the FIC Act.
Outsourcing of compliance governance
The compliance function can be outsourced to third-party service providers, subject to certain conditions. The compliance officer must be a member of the accountable institution. The compliance officer may seek assistance from a third-party service provider in fulfilling their duties subject to the restrictions as set out in Public Compliance Communication 12A Guidance (PCC 12A).
Outsourcing of registration obligations
No third-party service provider may register the entity and related users of that entity on an accountable institutions’ behalf.
Outsourcing of reporting obligations
Reporting done in terms of the FIC Act, cannot be outsourced to a third-party service provider.
For more information refer to the FIC website www.fic.gov.za for the various FIC public compliance communications, guidance notes, reporting and registration user guides. Contact the FIC’s compliance contact centre on +27 12 641 6000 or log an online compliance query by clicking on: www.fic.gov.za/ContactUs/Pages/ComplianceQueries.aspx
|
