Acts Online
GT Shield

Financial Intelligence Centre Act, 2001 (Act No. 38 of 2001)

Chapter 3 : Money Laundering, Financing of Terrorist and Related Activities and Financial Sanctions Control Measures

Part 4 : Measures to promote compliance by accountable institutions

42. Risk Management and Compliance Programme

[Section 42 heading substituted by section 27 of the Financial Intelligence Centre Amendment Act, 2017 (Act No. 1 of 2017)]

 

(1) An accountable institution must develop, document, maintain and implement a programme for anti-money laundering and counter-terrorist financing risk management and compliance.

 

(2) A Risk Management and Compliance Programme must—
(a) enable the accountable institution to—
(i) identify;
(ii) assess;
(iii) monitor;
(iv) mitigate; and
(v) manage,

the risk that the provision by the accountable institution of products or services may involve or facilitate money laundering activities or the financing of terrorist and related activities;

(b) provide for the manner in which the institution determines if a person is—
(i) a prospective client in the process of establishing a business relationship or entering into a single transaction with the institution; or
(ii) a client who has established a business relationship or entered into a single transaction;
(c) provide for the manner in which the institution complies with section 20A;
(d) provide for the manner in which and the processes by which the  establishment and verification of the identity of persons whom the accountable institution must identify in terms of Part 1 of this Chapter is performed in the institution;
(e) provide for the manner in which the institution determines whether future transactions that will be performed in the course of the business relationship are consistent with the institution’s knowledge of a prospective client;
(f) provide for the manner in which and the processes by which the institution conducts additional due diligence measures in respect of legal persons, trust and partnerships;
(g) provide for the manner in which and the processes by which ongoing due diligence and account monitoring in respect of business relationships is conducted by the institution;
(h) provide for the manner in which the examining of—
(i) complex or unusually large transactions; and
(ii) unusual patterns of transactions which have no apparent business or lawful purpose,

and keeping of written findings relating thereto, is done by the institution;

(i) provide for the manner in which and the processes by which the institution will confirm information relating to a client when the institution has doubts about the veracity of previously obtained information;
(j) provide for the manner in which and the processes by which the institution will perform the customer due diligence requirements in accordance with sections 21, 21A, 21B and 21C when, during the course of a business relationship, the institution suspects that a transaction or activity is suspicious or unusual as contemplated in section 29;
(k) provide for the manner in which the accountable institution will terminate an existing business relationship as contemplated in section 21E;
(l) provide for the manner in which and the processes by which the accountable institution determines whether a prospective client is a foreign prominent public official or a domestic prominent influential person;
(m) provide for the manner in which and the processes by which enhanced due diligence is conducted for higher-risk business relationships and when simplified customer due diligence might be permitted in the institution;
(n) provide for the manner in which and place at which the records are kept in terms of Part 2 of this Chapter;
(o) enable the institution to determine when a transaction or activity is reportable to the Centre under Part 3 of this Chapter;
(p) provide for the processes for reporting information to the Centre under Part 3 of this Chapter;
(q) provide for the manner in which—
(i) the Risk Management and Compliance Programme is implemented in branches, subsidiaries or other operations of the institution in foreign countries so as to enable the institution to comply with its obligations under this Act;
(ii) the institution will determine if the host country of a foreign branch or subsidiary permits the implementation of measures required under this Act; and
(iii) the institution will inform the Centre and supervisory body concerned if the host country contemplated in sub-paragraph (ii) does not permit the implementation of measures required under this Act;
(r) provide for the processes for the institution to implement its Risk Management and Compliance Programme; and
(s) provide for any prescribed matter.

 

(2A) An accountable institution must indicate in its Risk Management and Compliance Programme if any paragraph of subsection (2) is not applicable to that accountable institution and the reason why it is not applicable.

 

(2B) The board of directors, senior management or other person or group of persons exercising the highest level of authority in an accountable institution must approve the Risk Management and Compliance Programme of the institution.

 

(2C) An accountable institution must review its Risk Management and Compliance Programme at regular intervals to ensure that the Programme remains relevant to the accountable institution’s operations and the achievement of the requirements contemplated in subsection (2).

 

(3) An accountable institution must make documentation describing its Risk Management and Compliance Programme available to each of its employees involved in transactions to which this Act applies.

 

(4) An accountable institution must, on request, make a copy of its internal rules available to –
(a) the Centre; or
(b) a supervisory body which performs regulatory or supervisory functions in respect of that accountable institution.

 

[Section 42 substituted by section 27 of the Financial Intelligence Centre Amendment Act, 2017 (Act No. 1 of 2017)]