​​​​​​​​risk.02.png​​​​​​

 ‭(Hidden)‬ WELCOME TO THE SAMLIT PA

  ​​IMPLEMENTING A RISK-BASED APPROACH TO CUSTOMER DUE DILIGENCE

All accountable institutions must adopt a risk-based approach to understanding and taking ownership of their risks in relation to money laundering and terrorist financing. 

Using this approach, accountable institutions must identify, assess, monitor, mitigate and manage the risk that their products or services may be abused by criminals for money laundering or terrorist financing. The measures in place to prevent such criminal activities are in direct proportion with the risks identified. 

A risk-based approach means that accountable institutions must understand the money laundering and terrorist financing risks to which they are exposed at an institutional level, and at a client level and must take the appropriate mitigation measures in accordance with the level of risk. 

This flexibility allows for a more efficient use of resources as accountable institutions can decide on the most effective way to mitigate the money laundering or terrorist financing risks they have identified. It enables them to focus their resources and take enhanced measures in situations where the risks are higher and apply simplified measures where the risks are lower. 

Accountable institutions must implement more stringent measures for customer identification and verification upon clients who are high risk. Those who pose less of a risk would require a lighter touch regarding due diligence measures for customer identification and verification. 

To identify risks, accountable institutions must assess all factors relevant to establishing a business relationship or conducting a single once off transaction with a client. 

What happens if an accountable institution does not implement an RBA to CDD?

Failure to fulfil customer due diligence obligations could lead to a financial penalty of up to R10 million for a natural person or R50 million for a legal person.

Customer due diligence

Accountable institutions must establish and verify the identity of their customers. They may not establish a business relationship or conclude a single transaction with an anonymous client, or a client with an apparent false or fictitious name. 

What is customer due diligence?

Customer due diligence (CDD) refers to the knowledge that an accountable institution has about its client and the institution's understanding of the business that the client is conducting with it. The level of identification and verification can be determined in line with the client's risk profile. 

What is ongoing customer due diligence?

Ongoing due diligence also requires accountable institutions to ensure that the information that an accountable institution has about a client is still accurate and relevant. 

These measures follow on from the obligation to understand the purpose and intended nature of a business relationship. They include the scrutiny of transactions undertaken throughout the course of a business relationship to ensure that the transactions being conducted in the course of a business relationship are consistent with an accountable institution's knowledge of the client, and the client's business and risk profile, including where necessary the source of funds. 

TRANSACTION MONITORING

An accountable institution must understand the purpose and intended nature of a business relationship. This includes the scrutiny of transactions undertaken throughout the course of the relationship to ensure that the transactions are consistent with an accountable institution's knowledge of the client, and the client's business and risk profile, including where necessary the source of funds. For further information on this topic please refer to Guidance Note 7​. 

How to apply a risk-based approach to CDD?

The higher the risk a client poses, the more scrutiny must be placed on this client.

When it comes to the CDD of the client there are three categories of due diligence

(institutions may create more categories of risk if they so wish) depending on the

category of the client:

  • Simplified due diligence – lower risk clients
  • Standard due diligence – normal risk clients
  • Enhanced due diligence – higher risk clients 

Additional requirements when dealing with corporate clients

Additional due diligence is required for clients that are not natural persons acting in their personal capacity. 

Clients of this nature are referred to as corporate vehicles and include legal persons, trusts and partnerships. In addition to the established obligation of identifying and verifying the identities of corporate vehicles, the FIC Act requires accountable institutions to apply further due diligence measures for these types of clients to determine:

  • The nature of the client's business
  • The ownership and control structure of the client
  • Beneficial ownership of the clients
  • To take reasonable steps to verify the identity of the beneficial owners. 

How do accountable institutions identify customers that are politically exposed persons (PEPs)?

During the customer due diligence process of identifying and verifying customers, accountable institutions are required to determine whether their customer is a foreign prominent public official (FPPO) or domestic prominent influential person (DPIP). Various methods may be used to determine these categories of clients, and often the customer themselves is the best source of information in this regard. Please refer to PCC 53​ on this topic which specifically discusses DPIPs and FPPOs.

 

What happens if an accountable institution does not implement an RBA to CDD?

Failure to fulfil customer due diligence obligations could lead to financial penalty of up to R10 million for a natural person or R50 million for a legal person. 

Please refer to Guidance Note 7 which discusses risk and customer due diligence in more detail. Guidance Note 7 is a good starting point on this topic.

<<go back