Financial Crime Compliance – A South African Case Study

financial crime

The South African Reserve Bank recently issued a notice declaring that administrative sanctions had been imposed on two life insurers following an investigation that found weaknesses in their anti-money laundering control measures. This case study, which forms Part 2 of our Financial Crime Compliance series, takes a closer look at these sanctions, specifically the section 28 finding, and how the Rahn Financial Compliance Platform can be employed to strengthen anti-money laundering control measures in your business.

Section 28 of the FIC Act

“28. Cash transactions above the prescribed limit 

An accountable institution and a reporting institution must, within the prescribed period, report to the Centre the prescribed particulars concerning a transaction concluded with a client if in terms of the transaction an amount of cash more than the prescribed amount—  

(a) is paid by the accountable institution or reporting institution to the client, or to a person acting on behalf of the client, or to a person on whose behalf the client is acting; or

(b) is received by the accountable institution or reporting institution from the client, or from a person acting on behalf of the client, or from a person on whose behalf the client is acting. 

28A.  Property associated with terrorist and related activities and financial sanctions pursuant to Resolutions of United Nations Security Council 

(1) An accountable institution which has in its possession or under its control property owned or controlled by or on behalf of, or at the direction of—  

(a) any entity which has committed, or attempted to commit, or facilitated the commission of a specified offence as defined in the Protection of Constitutional Democracy against Terrorist and Related Activities Act, 2004;

(b) a specific entity identified in a notice issued by the President, under section 25 of the Protection of Constitutional Democracy against Terrorist and Related Activities Act, 2004; or

(c) a person or an entity identified pursuant to a resolution of the Security Council of the United Nations contemplated in a notice referred to in section 26A(1), must within the prescribed period report that fact and the prescribed particulars to the Centre.  

(2) The Director may direct an accountable institution that has made a report under subsection (1) to report —

(a) at such intervals, as may be determined in the direction, that it is still in possession or control of the property in respect of which the report under subsection (1) had been made; and

(b) any change in the circumstances concerning the accountable institution’s possession or control of that property.

(3) An accountable institution must upon—

(a) publication of a proclamation by the President under section 25 of the Protection of Constitutional Democracy against Terrorist and Related Activities Act, 2004; or

(b) notice being given by the Director under section 26A(3),  

scrutinise its information concerning clients with whom the accountable institution has business relationships to determine whether any such client is a person or entity mentioned in the proclamation by the President or the notice by the Director.”

What must happen, in order to meet Financial Crime Compliance

An accountable institution must monitor all incoming and outgoing transactions concluded with or by clients to identify cash transactions in any of the institution’s bank accounts, this is applicable retrospectively and ongoing. Once identified it must be determined if any of the transactions breach the stipulated threshold level. In the event of a breach, the CTR report must be completed and submitted via the GoAML portal to the regulator. It is at this point where many institutions run into issues in so far as identifying the client who made the deposit (banking industry excluded). The issue here lies in the fact that many clients use their own reference to complete the deposit slip which can be difficult to assign to a specific client.

Many accountable institutions are made up of numerous other reporting institutions which may or may not have various bank accounts which serve some purpose within the business context. This leads to further complications which may lead to adverse findings during a regulatory visit.

The next part of the section stipulates the actions which are required when it is identified that an accountable institution is in control or manages properties (investments, insurance policies, pension funds, etc.) that belong to an individual who is listed under the Protection of Constitutional Democracy against Terrorist and Related Activities Act and the UN Security Council listings.  This follows the same logic as the DPIP case study in so far as identifying clients who are listed as sanctioned individuals and may fall under the scrutiny of financial crime and money laundering risks. Accountable institutions are expected to screen their current and prospective clients against these listings to ensure that the property of listed individuals under their control is reported to the regulator and that any lawful instruction pertaining to these assets is executed in accordance with the Act. 

How does the Rahn Financial Crime Compliance Platform solve for this?

The transaction monitoring module of the RAHN Financial Crime Compliance platform has been designed to consume the account statements as supplied by ABSA, FNB, Nedbank and Standard Bank. We have working relationships with the teams within these banks to ensure automated integration and consumption of the data. Cash threshold breaches are automatically identified via overnight batch runs and can be applied historically. Submission of CTR reports is automated through the workflow process in so far as population and preparation of the XML templates with built-in gated reviews to ensure all reporting is transparent and visible to senior management committees and compliance functions.

The bank account management module is the direct result of the need to prove coverage in complex banking and treasury environments. Each bank account is managed and maintained within the context of the reporting institution to which it belongs and the accountable individual who controls the account.

The bank reconciliation module was developed to assist in identifying the client who made the deposit. The system makes use of the same matching engine as used to identify sanctioned individuals and thus provides an outcome that follows an accuracy hierarchy. Unmatched or low accuracy matches are resolved through the workflow process where business SMEs are empowered through exception reporting to identify and clear these cases.

The sanctions matching engine is again applied in the same manner as case study 1 and thus provides the accountable institution with hits against the required sanctions listings. This enables the institution to identify potential terrorist and related activity, and financial sanctions within the client base and thus ensure compliance. The portfolio module allows case managers to build a complete view of a client’s portfolio and thus enables the development of a holistic property holding for everyone who poses the potential to qualify under clause 28A of the Act.

Conclusion

Under Section 28 of the Act, accountable institutions are expected to develop an effective process to identify, manage and monitor cash transactions and identify property holdings for individuals who are deemed to be involved in terrorist and related activities. The Rahn Compliance Platform can assist in this through:

  1. Identifying cash transactions which breach the prescribed threshold entirely or through aggregation.
  2. Identify the client who made the deposit through the bank reconciliation module and or the exception workflow process.
  3. Automated CTR reporting following an approval workflow process and uploaded via the GoAML portal.
  4. Identification of individuals who are listed on the specified sanction lists with automated workflow process to notify senior management and responsible committees.
  5. Portfolio view build up capability to identify and ring fence assets belonging to individuals identified under point 4 above.

Tackle Financial Crime and mitigate your Company’s Risks with RAHN

Contact us today at info@rahn.co.za to discuss your specific requirements and desired outcomes.

Financial Compliance – Case Study on Domestic Prominent Influential Persons

financial compliance

The South African Reserve Bank issued a notice on 17 September 2021 that administrative sanctions had been imposed on two life insurers following an investigation that found financial compliance weaknesses in their money laundering control measures. This case study, which forms part of a series, will have a closer look at these sanctions, specifically the section 21G finding, and how the Rahn Financial Compliance Platform can be employed to strengthen anti-money laundering control measures.

Section 21G of the FIC Act

“Domestic prominent influential person

If an accountable institution determines that a prospective client with whom it engages to establish a business relationship, or the beneficial owner of that prospective client, is a domestic prominent influential person and that, in accordance with its Risk Management and Compliance Programme, the prospective business relationship or single transaction entails higher risk, the institution must—   

(a) obtain senior management approval for establishing the business relationship;   

(b) take reasonable measures to establish the source of wealth and source of funds of the client; and   

(c) conduct enhanced ongoing monitoring of the business relationship.“

Practically what must happen in your Financial Compliance Processes?

To identify Domestic Prominent Influential Persons (DPIPs), organisations typically make use of third-party sanctions listings to identify potential high-risk individuals in their client base. The identification of these individuals typically revolves around a matching system that provides a hit list of potential matches between the sanctions listings and the client base. In order to meet financial compliance requirements, case managers take these hit lists and work through each hit to identify actual hits and separate these from false-positive hits.

Once identified as an actual high-risk hit, the case manager will typically begin the due diligence process whereby all the available information about the hit is collected and compiled into a due diligence report. This report is then submitted to a committee of senior managers within the affected business unit to determine the risk associated with the individual and whether the risk can be accepted or not.

Should the risk be accepted the Accountable Institution is tasked with ongoing monitoring of the business relationship which typically entails periodic reviews of the risk associated with the client through the KYC (know your customer) process.

How does the Rahn Financial Compliance Platform solve for this?

The Rahn Financial Compliance Platform was developed to use the two largest international sanctions listing providers that are currently available. For institutions that only serve the South African market, we developed our own in-house sanctions listing, combining the most prominent listings available. This ensures that the systems can screen a client base no matter the size of the organisation.

The Rahn Financial Compliance Platform was built with the premise of; simplifying and automating the process of identifying, monitoring, and managing financial crime and money laundering risks within any organisation. One of the most common complaints received from Case and Financial Compliance Managers is that the sheer volume of hits that must be cleared simply overwhelms their daily tasks. To solve this Rahn developed a proprietary matching hierarchy that assists Case Managers with identifying the highest risk hits first, and thus applying a truly risk-based approach to working potential hits. 

To further assist Case Managers, we apply a ‘hit typography’ that signals the potential treatment of the hit based on predefined matching rules. In using this typography one of the main issues in the identification of hits, namely data quality, can be addressed and presented to data remediation teams in a structured and prioritized approach.

As a result, the Rahn Financial Compliance Platform can accurately identify clients within the client base against the sanctions lists applied and provide Case Managers with a clear path to clearing each hit in a timely and accurate manner. Through the built-in workflow process each level of approval and sign off can be obtained and stored for future reference when required to provide proof of each step in the process.

The workflow was further developed to provide specified notification of ongoing monitoring requirements through periodic review notifications based on the risk allocated to each client through the risk rating process.

Conclusion

When dealing with DPIPs the Act stipulates specific requirements which Accountable Institutions need to comply with. The Rahn Financial Compliance Platform can assist in this through:

  1. Identifying DPIPs at on-boarding, exit and in the active client base.
  2. Developing Risk Ratings for DPIPs to identify potential issues.
  3. Provide detailed data quality remediation reporting.
  4. Ensure Senior Management approval of business relationships through automated workflow processes and storing the required information for future proof of approval.
  5. Data capture capabilities to update due diligence outcomes with source of wealth and source of funds declarations.
  6. Automated periodic reviews to ensure ongoing monitoring of business relationships.

Contact us today at info@rahn.co.za to discuss your specific requirements and desired outcomes, or visit the RAHN website for further information