Archives 2021

Section 28 compliance came into focus when the South African Reserve Bank recently issued a notice declaring that administrative sanctions had been imposed on two life insurers following an investigation that found weaknesses in their anti-money laundering control measures. This case study, which forms Part 2 of our Financial Crime Compliance series, takes a closer look at the Section 28 findings and explains how the Rahn Financial Compliance Platform can be employed to strengthen Section 28 compliance and overall anti-money laundering control measures in your business.

Section 28 Compliance of the FIC Act

“28. Cash transactions above the prescribed limit 

An accountable institution and a reporting institution must, within the prescribed period, report to the Centre the prescribed particulars concerning a transaction concluded with a client if in terms of the transaction an amount of cash more than the prescribed amount—  

(a) is paid by the accountable institution or reporting institution to the client, or to a person acting on behalf of the client, or to a person on whose behalf the client is acting; or

(b) is received by the accountable institution or reporting institution from the client, or from a person acting on behalf of the client, or from a person on whose behalf the client is acting. 

28A.  Property associated with terrorist and related activities and financial sanctions pursuant to Resolutions of United Nations Security Council 

(1) An accountable institution which has in its possession or under its control property owned or controlled by or on behalf of, or at the direction of—  

(a) any entity which has committed, or attempted to commit, or facilitated the commission of a specified offence as defined in the Protection of Constitutional Democracy against Terrorist and Related Activities Act, 2004;

(b) a specific entity identified in a notice issued by the President, under section 25 of the Protection of Constitutional Democracy against Terrorist and Related Activities Act, 2004; or

(c) a person or an entity identified pursuant to a resolution of the Security Council of the United Nations contemplated in a notice referred to in section 26A(1), must within the prescribed period report that fact and the prescribed particulars to the Centre.  

(2) The Director may direct an accountable institution that has made a report under subsection (1) to report —

(a) at such intervals, as may be determined in the direction, that it is still in possession or control of the property in respect of which the report under subsection (1) had been made; and

(b) any change in the circumstances concerning the accountable institution’s possession or control of that property.

(3) An accountable institution must upon—

(a) publication of a proclamation by the President under section 25 of the Protection of Constitutional Democracy against Terrorist and Related Activities Act, 2004; or

(b) notice being given by the Director under section 26A(3),  

scrutinise its information concerning clients with whom the accountable institution has business relationships to determine whether any such client is a person or entity mentioned in the proclamation by the President or the notice by the Director.”

What must happen, in order to meet Financial Crime Compliance

To meet Section 28 compliance, an accountable institution must monitor all incoming and outgoing transactions concluded with or by clients to identify cash transactions across any of the institution’s bank accounts. This monitoring for Section 28 compliance must be applied retrospectively and on an ongoing basis. Once identified, it must be determined whether any transactions breach the prescribed cash threshold levels. In the event of a breach, a CTR report must be completed and submitted via the GoAML portal to the regulator in line with Section 28 compliance requirements.

At this stage, many institutions encounter challenges, particularly when attempting to identify the client who made a cash deposit (excluding the banking industry). These challenges often arise because clients use their own references on deposit slips, making it difficult to reliably assign a transaction to a specific client and thereby increasing Section 28 compliance risk.

Many accountable institutions consist of multiple reporting institutions, each potentially operating several bank accounts for different business purposes. This complexity further complicates Section 28 compliance, as incomplete account coverage or unclear ownership structures may result in missed cash threshold breaches and adverse findings during regulatory inspections.

The next part of Section 28 compliance addresses the actions required when an accountable institution controls or manages property—such as investments, insurance policies, or pension funds—belonging to individuals listed under the Protection of Constitutional Democracy against Terrorist and Related Activities Act or United Nations Security Council sanctions lists. This aspect of Section 28 compliance follows similar principles to DPIP screening, requiring institutions to identify sanctioned individuals who may pose financial crime and money laundering risks. Accountable institutions are therefore expected to screen both current and prospective clients to ensure that property under their control is reported to the regulator and managed in accordance with Section 28 compliance obligations and lawful instructions.

How does the Rahn Financial Crime Compliance Platform solve for this?

The transaction monitoring module of the RAHN Financial Crime Compliance platform has been designed to consume the account statements as supplied by ABSA, FNB, Nedbank and Standard Bank. We have working relationships with the teams within these banks to ensure automated integration and consumption of the data. Cash threshold breaches are automatically identified via overnight batch runs and can be applied historically. Submission of CTR reports is automated through the workflow process in so far as population and preparation of the XML templates with built-in gated reviews to ensure all reporting is transparent and visible to senior management committees and compliance functions.

The bank account management module is the direct result of the need to prove coverage in complex banking and treasury environments. Each bank account is managed and maintained within the context of the reporting institution to which it belongs and the accountable individual who controls the account.

The bank reconciliation module was developed to assist in identifying the client who made the deposit. The system makes use of the same matching engine as used to identify sanctioned individuals and thus provides an outcome that follows an accuracy hierarchy. Unmatched or low accuracy matches are resolved through the workflow process where business SMEs are empowered through exception reporting to identify and clear these cases.

The sanctions matching engine is again applied in the same manner as case study 1 and thus provides the accountable institution with hits against the required sanctions listings. This enables the institution to identify potential terrorist and related activity, and financial sanctions within the client base and thus ensure compliance. The portfolio module allows case managers to build a complete view of a client’s portfolio and thus enables the development of a holistic property holding for everyone who poses the potential to qualify under clause 28A of the Act.

Conclusion

Under Section 28 of the Act, accountable institutions are expected to develop an effective process to identify, manage and monitor cash transactions and identify property holdings for individuals who are deemed to be involved in terrorist and related activities. The Rahn Compliance Platform can assist in this through:

• Identifying cash transactions which breach the prescribed threshold entirely or through aggregation.
• Identify the client who made the deposit through the bank reconciliation module and or the exception workflow process.
• Automated CTR reporting following an approval workflow process and uploaded via the GoAML portal.
• Identification of individuals who are listed on the specified sanction lists with automated workflow process to notify senior management and responsible committees.
• Portfolio view build up capability to identify and ring fence assets belonging to individuals identified under point 4 above.

Tackle Financial Crime and mitigate your Company’s Risks with RAHN

Contact us today at [email protected] to discuss your specific requirements and desired outcomes.

DPIP compliance came into sharp focus when the South African Reserve Bank issued a notice on 17 September 2021 that administrative sanctions had been imposed on two life insurers following an investigation that found financial compliance weaknesses in their money laundering control measures. This case study, which forms part of a series, will have a closer look at these sanctions, specifically the section 21G finding, and how the Rahn Financial Compliance Platform can be employed to strengthen anti-money laundering control measures.

DPIP Compliance Requirements Under Section 21G of the FIC Act

“Domestic prominent influential person“

If an accountable institution determines that a prospective client with whom it engages to establish a business relationship, or the beneficial owner of that prospective client, is a domestic prominent influential person and that, in accordance with its Risk Management and Compliance Programme, the prospective business relationship or single transaction entails higher risk, the institution must—   

(a) obtain senior management approval for establishing the business relationship;   

(b) take reasonable measures to establish the source of wealth and source of funds of the client; and   

(c) conduct enhanced ongoing monitoring of the business relationship.“

How DPIP Compliance Works in Financial Compliance Processes

To identify Domestic Prominent Influential Persons (DPIPs), organisations typically make use of third-party sanctions listings as part of their DPIP compliance processes to identify potential high-risk individuals in their client base. The identification of these individuals usually relies on a matching system that produces a hit list of potential matches between sanctions listings and the client base. To meet DPIP compliance and broader financial compliance requirements, case managers review these hit lists to confirm true matches and separate them from false-positive results.

Once identified as an actual high-risk hit, the case manager begins the due diligence process, during which all available information relating to the individual is collected and compiled into a due diligence report. This report is then submitted to a committee of senior managers within the affected business unit to assess the risk associated with the individual and determine whether the risk can be accepted in line with DPIP compliance obligations.

If the risk is accepted, the accountable institution is responsible for ongoing monitoring of the business relationship, which typically involves periodic risk reviews through the KYC (know your customer) process to ensure continued DPIP compliance.

How does the Rahn Financial Compliance Platform solve for this?

The Rahn Financial Compliance Platform was developed to use the two largest international sanctions listing providers that are currently available. For institutions that only serve the South African market, we developed our own in-house sanctions listing, combining the most prominent listings available. This ensures that the systems can screen a client base no matter the size of the organisation.

The Rahn Financial Compliance Platform was built with the premise of; simplifying and automating the process of identifying, monitoring, and managing financial crime and money laundering risks within any organisation. One of the most common complaints received from Case and Financial Compliance Managers is that the sheer volume of hits that must be cleared simply overwhelms their daily tasks. To solve this Rahn developed a proprietary matching hierarchy that assists Case Managers with identifying the highest risk hits first, and thus applying a truly risk-based approach to working potential hits. 

To further assist Case Managers, we apply a ‘hit typography’ that signals the potential treatment of the hit based on predefined matching rules. In using this typography one of the main issues in the identification of hits, namely data quality, can be addressed and presented to data remediation teams in a structured and prioritized approach.

As a result, the Rahn Financial Compliance Platform can accurately identify clients within the client base against the sanctions lists applied and provide Case Managers with a clear path to clearing each hit in a timely and accurate manner. Through the built-in workflow process each level of approval and sign off can be obtained and stored for future reference when required to provide proof of each step in the process.

The workflow was further developed to provide specified notification of ongoing monitoring requirements through periodic review notifications based on the risk allocated to each client through the risk rating process.

Conclusion

When dealing with DPIPs the Act stipulates specific requirements which Accountable Institutions need to comply with. The Rahn Financial Compliance Platform can assist in this through:

• Identifying DPIPs at on-boarding, exit and in the active client base.
• Developing Risk Ratings for DPIPs to identify potential issues.
• Provide detailed data quality remediation reporting.
• Ensure Senior Management approval of business relationships through automated workflow processes and storing the required information for future proof of approval.
• Data capture capabilities to update due diligence outcomes with source of wealth and source of funds declarations.
• Automated periodic reviews to ensure ongoing monitoring of business relationships.

Contact us today at [email protected] to discuss your specific requirements and desired outcomes, or visit the RAHN website for further information