Sponsored
subscribe Support our award-winning journalism. The Premium package (digital only) is R30 for the first month and thereafter you pay R129 p/m now ad-free for all subscribers.
Subscribe now
All FIC Act compliance obligations are built on institutions implementing a risk-based approach to combating money laundering, terrorist financing and proliferation financing. Picture: FIC
All FIC Act compliance obligations are built on institutions implementing a risk-based approach to combating money laundering, terrorist financing and proliferation financing. Picture: FIC

All designated non-financial businesses and professions (DNFBPs) are reminded that they must register with the Financial Intelligence Centre (FIC) and submit their risk and compliance return (RCR) to avoid additional scrutiny or administrative sanctions.

DNFBPs included as accountable institutions in terms of schedule 1 of the FIC Act (Act 38 of 2001) must ensure they are registered with the FIC before they can meet their regulatory requirements.

Why must RCRs be submitted?

Directives 6 and 7, published by the FIC, require certain accountable institutions to submit information regarding their understanding of money laundering, terrorist financing and proliferation financing (ML, TF and PF) risks through an RCR:

  • Legal practitioners, trust company and service providers, estate agents and gambling institutions are covered in directive 6.
  • Credit providers, high-value goods dealers, the SA Mint, the SA Post Office and crypto asset service providers are covered in directive 7.

The information obtained through the submission of an RCR is critical in enhancing the FIC’s risk-based supervision capability. Failure to submit a risk and compliance return can lead to administrative action in respect of section 62E of the FIC Act. 

Failure to submit a risk and compliance return can lead to administrative action in respect of section 62E of the FIC Act

The FIC urges all relevant accountable institutions that have not done so yet to submit their outstanding RCRs for 2023.

Separate RCRs must be submitted for each organisational identity number (Org ID) held by an accountable institution. This requirement applies to entities with branch networks, and entities that offer multiple offerings across the schedule 1 items in terms of the FIC Act.

To submit your institution's RCR, visit the FIC website, scroll down and click on the link that states “Accountable institutions: File your 2023 risk and compliance return today.” 

Where and how must accountable institutions register? 

Registration is free and must be completed electronically using goAML, FIC's online registration and reporting system.

The FIC will verify the information supplied and will either approve or reject the registration. Reasons for rejection of registration will be communicated to the email address provided during registration. 

As part of the registration process, supporting documentation must be provided, including a certified identity document and an authorisation letter on the accountable institution’s letterhead.

An institution must register an entity profile first to generate an organisational identity number (Org ID) before they can register a compliance officer or money laundering reporting officer who will be responsible for fulfilling the entity’s FIC Act obligations. 

Persons are not permitted to share user credentials on goAML. All users that are required to report on goAML must each register their own profiles, as detailed in the FIC’s directive 2

For more information and guidance on how to register, refer to the goAML registration guide, as well as public compliance communication (PCC) 5D, which discusses registration with regards to each specific schedule item.

Failure to register with the FIC or update registration information when there has been a change in the institution’s details, amounts to noncompliance in terms of section 61A of the FIC Act. 

What are the risk and compliance obligations?

All FIC Act compliance obligations are built on institutions implementing a risk-based approach to combating ML, TF and PF. 

Some of these compliance obligations include:

  • Implementing a risk management and compliance programme (RMCP);
  • Applying a risk-based approach to combating risks of ML, TF and PF; 
  • Conducting customer due diligence;
  • Appointing a compliance officer;
  • Training employees on the institution's RMCP and FIC Act compliance;
  • Scrutinising client information against the targeted financial sanctions list;
  • Determining whether clients are politically exposed people;
  • Filing risk and compliance returns in terms of directive 6 and directive 7; and 
  • Screening employees for competence and integrity in terms of directive 8 and PPC 55.

Refer to the FIC Reference Guide for All Accountable Institutions for more information on the FIC Act obligations.

Need more information?

Refer to the FIC website for various guidance notes and PPCs.

Alternatively, contact the FIC’s compliance contact centre by calling 012-641-6000 or log an online compliance query on the FIC website

This article was sponsored by the Financial Intelligence Centre.

subscribe Support our award-winning journalism. The Premium package (digital only) is R30 for the first month and thereafter you pay R129 p/m now ad-free for all subscribers.
Subscribe now