“FICA” refers to the Financial Intelligence Centre Act 38 of 2001. If you have ever tried to open a bank account or engage a law firm, you will likely have been required to provide a number of documents for those institutions’ “FICA” purposes. Accountable institutions are required to take certain measures in terms of FICA to combat money laundering activities and prevent financial crime. The Financial Intelligence Centre (“FIC”) has issued a new directive in terms of section 43A(1) of FICA, Directive 8 of 2023, in effect from 31 March 2023. The new directive requires accountable institutions to evaluate employees for their competence and integrity, as well as scrutinise employee information against targeted financial sanctions lists.

Directive 8 of 2023 was issued in order to address the lack of sufficient internal control measures to manage the risks faced by accountable institutions when employing employees. The risk is that accountable institutions (including financial institutions, banks, attorneys, insurers, crypto exchange providers, etc) will employ employees who abuse their positions to commit financial crimes. The Financial Intelligence Centre has issued public compliance communication 55 (“PCC55”) which sets the minimum standard for the screening of employees and provides guidance to accountable institutions on the application of the directive. PCC55 sets out a risk-based approach which employers must apply when evaluating employees, and recommends that employees be evaluated on an annual basis, at minimum.

Accountable institutions must assess the competence of employees by determining whether an employee possesses the necessary skills, knowledge and expertise to perform their role effectively and in accordance with the accountable institutions’ risk-based approach. The accountable institution has flexibility to determine the manner in which it screens employees for competence according to its risk-based approach. This could involve due diligence when it comes to an employee’s previous employment history, references, qualifications and any other relevant accreditations.

The screening of integrity would involve the scrutiny of an employee’s morality including the consideration of their criminal records and any previous indications of dishonesty, with a focus on financial crimes. PCC55 further provides for enhanced screening for integrity which considers whether an employee is a known close associate or immediate family member of a high-risk client or is a national of a high-risk terrorist financing or proliferation financing geographic area.

Accountable institutions must also ensure that the manner in which these assessments are conducted comply with the legal considerations presiding over employment relationships. The process of screening must one that is fair and that it is not in contravention of the right to privacy, particularly the Protection of Personal Information Act 4 of 2013. This is significant when considering the need for employee consent and for sufficient security measures to store personal data. PCC 55 further states that these mechanisms must be applied in compliance with the applicable South African labour laws.

Accountable institutions must retain a record of their risk management of employee FICA risks and produce this risk management policy on request from the FIC. The FIC may impose sanctions on accountable institutions which fail to comply with FICA, including an order to take remedial action, suspension on business activities and/or financial penalties of up to R50 million. Compliance with FICA and its regulations and directives is therefore essential.

Contact us today if you have any queries in connection with the above.

About the author

We use cookies to analyse website usage and other technical information to improve the functionality of our website   View more
Cookies settings
Privacy & Cookie policy
Privacy & Cookies policy
Cookie name Active
This policy informs you how we will use your personal information, by using our services and/or website you consent to our use of your personal information for the purposes described herein.
    • Personal Information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to, name and surname; identification number; physical address; contact information such as an email address and telephone number.
    • Data Subject means the person to whom personal information relates.
    • Responsible Party means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.
    • Identification Information means information that can be used to identify the data subject.
    • Compliance Information means information that is needed by Dunsters Attorneys for us to be compliant with relevant laws including the Financial Intelligence Centre Act “FICA” and regulatory standards and government orders such as Anti-Money Laundering (AML), Know-Your-Client (KYC) and Counter-Terrorist Financing (CTF).
    • Communication Information includes all correspondence such as emails and messages.
    • Financial information means any information relating to payment of invoices, including but not limited to banking information and account details
  • We may collect website usage and other technical information such as details of your visits to our website through cookies and other tracking technologies. Cookies are small data files stored by your computer to help improve functionality or tailor information to provide visitors with more relevant pages.
  • The information we collect may include information provided to us through your initial correspondence, possibly including:
    • Name and Surname
    • Email address
    • Contact numbers; and/or
  • This may also include information that we may have requested, and you subsequently provided, including, but not limited to:
    • Compliance Information
    • Identification Information
    • Communication Information
    • Financial Information
    • Other Personal Information
  • Reasons for collection of your personal information will be explained to you when we collect/request the information. We may request certain personal information to comply with global industry regulatory standards, local regulatory standards or government orders.
  • You, the data subject, consent to our use of your information in line with this privacy policy and/or any terms of engagement you may sign with us. If you wish to revoke your consent, please email enquiries@dunster.co.za .
  • We acquire information from you directly, save where accessible from publicly available sources.
  • Information may be collected through various platforms, including:
    • Our onboarding process with you
    • Email engagement
    • Telephonic engagement
    • In-person engagement
    • Cookies
    • Your personal information may be collected and saved on our system for the following purposes:
      • To enable us to provide legal services.
      • To send news, updates and marketing information.
      • To review job applications.
      • To comply with legal requirements
    • Your personal information will not be used for the following purposes:
      • We will never use your personal information for direct marketing purposes without your consent (you may opt-out of our newsletter at any time)
      • We will never disclose your personal information to another third party without permission from yourself, unless it is required for fulfilment of our legal services or as mandated by law.
  • Right of the data subject under the POPI Act include, but are not limited to:
    • Having access to their recorded personal information
    • Requesting correction or amendment to their personal information and to have information corrected or amended
    • Requesting deletion or destruction of personal information from the responsible party’s system
    • Objecting to the processing of personal information
    • Submitting a complaint to the Regulator regarding the alleged interference with the protection of the personal information of any data subject or submitting a complaint to the Regulator (POPIAComplaints@inforegulator.org.za)
    • Instituting civil proceedings regarding the alleged interference with the protection of their personal information.
  • We will retain your information for the period required by law.
  • Where we retain your contact information for any period other than may be prescribed by law, we retain this information to keep you updated of our various offerings and news. By not unsubscribing from newsletter, you consent to us retaining your personal information on our records indefinitely, for the purposes explained above, including, to keep you informed about news and updates pertaining to Dunsters Attorneys Inc.
  • We take reasonable technical and organisational measures to secure the integrity of your personal information and use accepted technological standards to prevent unauthorised access to or disclosure of your personal information, and protect your personal information from misuse, loss, alteration and destruction.
  • The measures that are taken in order to protect your personal information include:
    • Physical measures: access to physical copies of your information is controlled using strict protocol.
    • Electronic measures: firewalls and password protection
  • While we will take all reasonable steps to ensure the security of your data and personal information according to industry standards, it is not possible to guarantee the complete security of all information provided at all times.
  • We will notify you as soon as reasonably practicable of any breach of security, loss of or damage to your personal information.
  • Data subjects are responsible for taking reasonable precautions to safeguard their personal information.
  • Although we endeavour to ensure your information is as correct as possible, you are responsible for notifying us of any changes to your data or personal information in respect of the services provided and/or your account with us.
  • We will not be held liable for losses of any nature which are due to incorrect data or personal information provided by users in respect of the service provided.
  • We will not be held liable for any loss or damage arising from a security breach or disclosure of your personal information or data, to the maximum extent permitted by law.
  • We shall not be liable for any damage or interruptions caused by any computer viruses or other malicious code that may affect your computer or other equipment, or any phishing, spoofing or other attack.
  • If you suspect that your personal information has been compromised, or that there has been unauthorised use of your email address by any person, or any other violations to the security of the website, please contact us.
Save settings
Cookies settings