CHAPTER 5

            In some instances accountable institutions must not only report suspicious activity but must
         also take action. Under section 28A of the Act, an accountable institution is obliged, in addition to
         reporting to FIC, to freeze assets if it discovers it holds property (typically financial assets)
         associated with an individual or entity on the United Nations Security Council sanctions list.
         Section 28A deals with matters of fact – for example, where an accountable institution has an
         account belonging to a known terrorist.
            Under section 29 of the act, which relates to unusual transactions, an accountable institution is
         required to report suspicious activity to FIC but without taking action. Section 29 deals specifically
         with situations where an accountable institution has no proof of ML/TF activity but has reason to
         believe that something is amiss. One example given in the FIC’s guidance note concerns a client
         who seeks to deposit cash at a bank branch but then changes his mind after being asked the source
         of the funds by the teller and leaves with the money still in his possession. This would be
         reportable under section 29.
         Know Your Client (KYC) and Client Due Diligence (CDD)
            Central to FICA are provisions which place an obligation on FSPs and FSPRs to identify and
         verify their clients. If a client is acting on behalf of another person or entity, the Act requires the
         accountable institution to establish and verify the identity of the third party, and to verify that the
         client has the authority to act on behalf of the third party.
            The FICA amendments expand on the previous KYC requirements with the introduction of
         Client Due Diligence (CDD) provisions. Like KYC, CDD imposes an obligation on accountable
         institutions to know who their clients are and who they are doing business with, but CDD also
         requires institutions to monitor business relationships and to take special care when it comes to
         prominent and influential persons. The amendments also introduce additional measures relating
         to trusts, partnerships, and other legal entities.
            Under FICA, accountable institutions typically require a written application for service
         accompanied by certain supporting documentation. For a South African citizen or resident, typical
         requirements include:
              A copy of the investor’s identity document showing the ID number and photograph (or
              passport copy for foreign nationals)
              Proof of SA income tax number (ie, correspondence from SARS showing name and tax number)
              Proof of residential address (such as a bank statement, utility bill or telephone account)
              Guardian contact details in the case of a minor
              Proof of banking details (such as a bank statement or cancelled cheque less than three
              months old)
            Where the client is a company or trust or other legal entity, documentary evidence can become
         significant as it may include the above details for all directors and senior managers, proof of a
         trading name (where applicable), proof of VAT registration, proof of the physical address where
         the entity conducts its operations, and so on. In the case of trusts, details of all trustees and all
         beneficiaries may be required.
         Risk Management and Compliance Programme
            The amended FICA requires every accountable institution to draw up a Risk Management and
         Compliance Programme (RMCP). In terms of the amendments to the original Act, the RMCP
         replaces the Internal Rules required by the 2003 iteration of FICA.
            The risk-based approach is less rigid than the rules-based approach. The latter often resulted in
         a disparity between the amount of effort required to comply with FICA and the level of risk
         represented by particular clients and transactions. Under the amended Act, accountable
         institutions are able to tailor the processes they implement to satisfy the FICA requirements in
         accordance with entity-specific risk profiles. Such entity-appropriate processes are defined in the
         RMCP, which the FIC guidance notes describe as “the foundation of an accountable institution’s
         efforts to comply with its obligations under the FIC Act on a risk sensitive basis.”




         98                      Profile’s Unit Trusts & Collective Investments — Understanding Unit Trusts