This article was first published in the second-quarter 2015 edition of Personal Finance magazine.
The Financial Intelligence Centre Act (Fica) has been in operation since 2003, and consumers broadly accept the need for financial controls to prevent money laundering, terrorist financing and illicit transfers of funds. But tolerant though we are, we can’t escape the feeling that Fica seems to be implemented inconsistently and illogically. The financial services industry is too discreet to comment on the problems of complying with the law, but what are others saying? And how is the law developing and changing over time?
We South Africans are not alone – though we may have been immoderate in our implementation of financial controls. Most countries have similar legislation, and more and more they are working together to catch criminals and stop the rot. South Africa is a member of the Financial Action Task Force (FATF), an international body set up to promote anti-money laundering initiatives and combat terrorist financing globally. There are 36 members.
The FATF Recommendations, adopted in February 2012, are a set of measures countries should implement … but they are just recommendations. Given countries’ different legal and operational frameworks and different financial systems, there can’t be a one-size-fits-all option.
“Fica creates obligations for banks and other institutions and professionals, such as estate agents, brokers, attorneys and insurance companies. Customer identification is a crucial element of any effective money laundering control system,” explains Standard Bank.
The obligation is referred to as KYC – “ know your customer” – which encapsulates the idea of identity verification by businesses. The requirements are different for different categories of customers: new customers, individuals, sole proprietorships, close corporations, companies, partnerships, listed companies, other legal persons, and so on.
The upshot for the individual is that every time you open an account, buy something on credit, invest money or take out a life assurance policy, you need to prove your identity and home address – usually with a green barcoded identity document and a utility bill in your name that has been received by mail. The Act is flexible on what documents are acceptable to prove your address, providing a long list to choose from.
What the specific financial institution does use depends on its risk appetite. “Fica is principles-based,” says Clive Pillay, the Ombudsman for Banking Services. “What I mean is that if I am a bank, I can accept anything from the customer that I feel satisfies my appetite for risk. Some banks have a bigger risk appetite than others. Fica is very open and descriptive, so the requirements at different institutions vary considerably.”
This means that your bank can accept emailed cellphone accounts – First National Bank (FNB) does this – or tax returns, for example, which are not on the primary list of acceptable forms of address verification. Because there is so much variation, you need to check with the institution exactly what it will and will not accept.
From where we stand …
The effect of this discretion is often the bewilderment of consumers. Speaking to Pillay, you’d be forgiven for thinking we were all happy with the state of play. He says he has not received any complaints from consumers. But if he did, his team would “check that banks applied Fica requirements fairly, correctly, consistently and completely”.
But some bank clients have a different tale to tell. “I tried to open an account with Capitec and they would not open one because, according to their records, I was Libby Spargo [her husband’s name] not Libby Young,” says Libby Young. “I am not sure what records they are referring to, because I have never been Spargo and my ID says Young.”
Bank charges had prompted Young to try to switch banks, but she says: “I stayed where I already had an account. I want lower bank charges, but not the run-around.”
Susannah van Straaten lives on a farm in the Western Cape. She says: “You need a street address to open a bank account. But everything gets sent to our post box in the closest town, because the postman does not come out to farms.
“But the bank won’t accept a post-box address. We end up stuck between nowhere and erewhon. It’s a nightmare. Sometimes, banks will accept a letter from your employers as proof of address, but when you are your own employer, who do you get that letter from? (Have I said ‘eish’ yet?)”
For Van Straaten, it is a constant headache, and she has resorted to getting her name added to the farm’s Eskom bill, which had been in the farm’s name. “It really is a ridiculous situation,” she says.
Personal Finance writer Roz Wrottesley and her partner needed to change their address with Absa when they moved, but when the transfer of their new house was delayed, they had no proof of address. “Since we didn’t actually own the house and had no rental agreement, we had nothing in our names. We actually considered going out and getting speeding fines, since the Traffic Department had accepted our new address, but there was nothing to show for that,” she says. “We were astounded when Absa invited us to confirm for each other that we lived at our present address: I signed an affidavit to say my partner lived there and he signed similarly for me. It hardly seems in the spirit of conscientious verification … or KYC for that matter: I have been with Absa since it took over United Building Society.”
As for me, I have accounts with FNB – cheque and credit card – of more than 21 years standing, all duly and properly Fica-ed when the rules first came into force. When I wanted to change my branch because I had moved, I had to re-Fica, and for this, FNB accepted a pay slip. My fingerprints were taken and I was given a form to take to Home Affairs because there was a problem with my fingerprints. I have not yet got around to tackling that hurdle.
About five months later, I wanted to open accounts linked to my cheque account for my children, both of whom are minors. Again, I needed to Fica them. This time, the same branch would only accept an affidavit from my husband, as his name was on the utilities account.
Less than six months later, I went back to my branch to open a savings account, and I had to be Fica-ed all over again. But this time, the bank would accept neither a pay slip nor a tax return.
There was no issue with my fingerprints this time around, incidentally.
I flat-out refused to return another day with a signed affidavit from my husband. So that afternoon the branch sent a fellow around called Steve (yes, FNB sent me Steve), who checked that I answered the door and that there were family photos on the wall.
I was Fica-ed by the same branch for the third time in a year. This really doesn’t seem much like knowing your customer or trusting your own systems. Plus, a bank official coming to check on you at home is able to ask the neighbours if you live there. But if you are a woman trying to open a secret savings account to get some money together to escape an abusive
husband – in whose name your utilities account is – all you need is for the neighbours to tell him a strange man was asking after you and knocking on your door.
For all that, Fica works
Does Fica work? Some say it does – most notably banks, financial services companies and the Financial Intelligence Centre (FIC), which points to figures in its annual report for 2013/14 to show the successes in catching money launderers and fraudsters. The centre is a government body, the custodian of the Act and the regulator.
According to the annual report, suspected criminal activities during the year included tax-related crime (789 reports), fraud (532 reports) and money laundering (310 reports). Suspicious transaction reports (STRs), which have to be submitted to the centre by accountable and reporting institutions, are markers that may indicate the presence of illegally generated funds. In the 2013/14 year, the FIC received 355 369 STRs, an increase of 141 percent over 2012/13. The centre says this shows growing awareness in the private sector and the general public of the importance of measures to prevent money laundering and terror financing.
Cash threshold reports, which are flagged through automatic screening of all transactions of R25 000 and above, grew by about one percent over 2012/13, to 6.1 million reports. The majority were from banks.
During 2013/14 too, the FIC initiated and referred 883 matters to law enforcement authorities for investigation and responded to 1 661 requests from national and international law enforcement agencies for assistance and support in their investigations – up 15 percent from the previous year.
In addition, the centre contributed to 4 634 investigations in the preceding five years and supported 47 High Court applications brought by the state against criminal syndicates. It also helped the Asset Forfeiture Unit seize more than R1.1 billion in assets.
No, it doesn’t work
Leon Louw, the executive director and co-founder of the Free Market Foundation, is unimpressed. “The self-interest of the FIC is, like that of all agencies, to exaggerate virtues. Inevitably, its website and annual reports trumpet the number of reports received and the number of cases for which assistance is provided. There is no published reason to believe its efforts secured a single conviction that could not have been secured by conventional means.”
Louw has been outspoken in his condemnation of the Act. “Fica is a monumental failure that should be scrapped. The ostensible purpose of Fica is to ‘combat money-laundering activities and the financing of terrorist and related activities’. It performs virtually no such function, but is used instead to turn unwilling businesses into government agents for the invasion of privacy,” he says.
Marginal benefits, whatever they might be, fall far short of the huge costs being imposed on society, he says. “Police always had access to information, subject to checks and balances designed to ensure justice and protect civilians, such as needing a court order to get private information. One of Fica’s travesties is that it overrides essential protections.”
Louw points to a 2012 survey, The cost of financial advisory business compliance in South Africa, by the Institute of Practice Management and Financial & Advisory News. It says Fica was “a perpetual obstacle for innocent civilians and enterprises” and no more than “a trivial inconvenience for serious criminals”.
Most of us, as we have handed over a random selection of emailed and mailed documents, or submitted our affidavits, have had a suspicion that none of this is likely to stop organised crime in its tracks. Professor Louis de Koker, who heads the course in Money Laundering Control at the University of Johannesburg’s Faculty of Law, confirms this. “Fica may be a pain in the butt for law-abiding citizens, but [it] is a minor annoyance for seasoned criminals,” he says.
According to financial journalist Maya Fisher-French, writing in the Mail & Guardian in 2006, when the system was just three years old, Fica was already a “four-letter word” to consumers – partly, she said, because the financial services industry was over-zealous in its demands on its customers and did not have the systems to cope.
“South Africa has set itself a higher standard than even the United States and the United Kingdom,” she wrote. “The South African Fica standard demands that all existing clients have to be Fica-ed, whereas in the US and UK, for instance, only high-risk clients had to be verified. It is understood that South Africa chose this route because, as the only African member of the FATF, it was keen to show it could meet a higher standard.
“It also appears that local banks oversold their technological ability to manage such a sophisticated system,” Fisher-French said. This explains the experience of consumers who are Fica-ed and re-Fica-ed when they open new accounts or buy new financial products – the banks’ computer systems don’t speak to each other as they should.
So the banks would never admit it, but they may have brought upon themselves some of the expense and the continuing scramble for rules that work.
But Louw is more concerned with invasion of privacy and lack of protection for the individual from vexatious investigation. “Consumers should be outraged that Fica officers can collect all this information on them. Personal, private information is now readily available to tens of thousands of petty officials, with no checks in place to protect you. As a consumer, Fica has made you extremely vulnerable.”
He says there is nothing to stop so-called “fishing expeditions” by anyone with an axe to grind. “If anyone has a legitimate reason for having this sort of information on a person, there should be no short cuts to getting it. The authorities should have to get it through the courts. Fica is unconstitutional, but no one has the resources to challenge it,” Louw says.
Things will get even more complicated when the Protection of Personal Information Act (Popi) is implemented – possibly later this year – according to Roy Melnick, the national leader of PricewaterhouseCoopers’s anti-money laundering and counter-terrorism financing division and co-chair of the South African Chapter of the Association of Certified Anti-Money Laundering Specialists.
“Personal information” covers material likely to be held for KYC purposes, and Popi is intended to protect the integrity and sensitivity of private information, says Melnick. So institutions that need this information, such as financial services and telecommunications companies, will have to manage the data capture and storage process carefully.
The report The cost of financial advisory business compliance in South Africa concluded that the cost to the financial services industry of compliance with both the Financial Advisory and Intermediary Services Act and Fica was “quite extraordinary”. And this does not take into the account the potential for enormous fines: up to R10 million (or 15 years in jail) for non-compliance and up to R1 billion if money laundering actually takes place and an institution is found to have been negligent.
Of course, that cost is ultimately carried by the consumer, Louw says. This while banks, perversely, are forced to ignore the fact that they may actually know their customers by sight and by long association. “If you rely on KYC in the old-fashioned sense – where your bank manager knows your name and deals with you personally – you are guilty of non-compliance,” he says. “In reality, Fica has driven a wedge between financial institutions and their customers.”
Louw says the kind of world where transactions are based on the value of a person’s word is still alive in poor black communities. “But this is a serious criminal offence and penalties for non-compliance are huge,” he says.
Small change
The good news is that the FIC does acknowledge that there are flaws in the Act and it proposed certain amendments to the Minister of Finance late last year. The thrust of the amendments is to reinforce the implementation of a risk-based approach to vetting customers and financial transactions. This approach involves measuring the level of risk presented by customers and transactions against certain set criteria, and then applying the powers of Fica according to the level of risk. Discretion has always been part of the deal for accountable institutions, as Pillay says, but the spectre of hefty fines, lack of confidence in the system and technological limitations have made them nervous about exercising that discretion.
In fact, the risk-based approach was introduced in the FIC’s guidance notes back in 2004, but has not taken hold. The idea now is to give accountable institutions much clearer, more unequivocal guidance. Whether this will have a significant impact on your experience is impossible to say, and the financial institutions are typically not willing to be drawn on the nuts and bolts.
The new measures will pay more attention to the accounts and activities of “politically exposed” persons, as well as owners of companies. The former are individuals who are, or who have been, entrusted with prominent public functions, for example heads of state or government, senior politicians, senior government officials, judicial or military officials, senior executives of state-owned corporations, and important political party officials.
When it comes to such people, the FATF recommendations say that financial institutions should:
* Have appropriate risk-management systems to determine whether the customer is a politically exposed person;
* Get approval from senior management to set up business relationships with such customers, taking reasonable measures to establish the source of their wealth and funds; and
* Continually monitor the business relationships.
What the appropriate risk-management systems are is also unclear. In short, there is a lot of emphasis on sharpening up practices that identify criminals and criminal behaviour, and much less emphasis on the sensible treatment of ordinary, innocent consumers, but a compliance expert at one of the big four banks, who asked to remain anonymous, says the proposed changes will take the onus off the man or woman in the street, and place it on the financial institution.
Melnick agrees that a risk-based approach to customer due diligence should simplify customer management processes. “It will provide an accountable institution with more insight into the money laundering and terrorist finance risks their organisation may be facing,” he says. If all goes according to plan, more insight will mean that they will be able to go easy on low-risk customers, instead of treating everyone the same way.
FICA DUTIES
The duties imposed by Fica – to verify the identities of customers, monitor transactions and report on anything out of the ordinary – fall mainly on so-called “accountable institutions”, but also on “reporting institutions”, all persons involved in businesses and international travellers.
Accountable institutions include attorneys, estate agents, banks, long-term insurers, foreign exchange dealers, investment advisers and money remitters. There are only two reporting institutions: motor vehicle dealerships and dealers in Krugerrands.
The duties are to:
* Identify clients;
* Keep records of business relationships and single transactions;
* Report certain transactions;
* Appoint a compliance officer; and
* Provide training to employees on their money laundering control obligations.
Supervision of the accountable institutions is carried out, not by the Financial Intelligence Centre, but by various bodies: the Financial Services Board for financial services other than banking; the Reserve Bank for banking, the Companies and Intellectual Property Commission, the Estate Agency Affairs Board, the Independent Regulatory Board for Auditors, the National Gambling Board, the JSE and the Law Society of South Africa.
ILLICIT OUTFLOWS
The shadow economy drains plenty of cash from the country and the continent: the UN High Level Panel on Illicit Funding Flows from Africa reports that between 2000 and 2008, illicit outflows from the continent averaged $50 billion annually – that is a loss of R571 billion each year, more than the official development assistance to the continent, which was $46.1 billion in 2012.
It’s a global problem, but the “impact on the continent is monumental [and is] a significant threat to Africa’s governance and economic development”, it says.
Illicit financial outflows from Africa increased from about $20 billion in 2001 to $60 billion in 2010. Research by Global Financial Integrity puts the growth between 2002 and 2011 at 20.2 percent a year.
There are about 60 international tax havens and secrecy jurisdictions where millions of disguised corporations, shell companies, anonymous trust accounts and fake charitable foundations can be set up and run. Money laundering is another way in which the economy is fleeced by the unscrupulous and international terrorist organisations finance themselves.
WHAT FICA REQUIRES OF YOU
Institutions must verify your identity and place of residence by any means that can be “reasonably expected to achieve such verification and is obtained by reasonably practical means”. The Financial Intelligence Centre (FIC) must, according to Standard Bank, “exercise its judgment and decide what the appropriate balance is between the level of verification and the most practical means to obtain such verification”.
Undoubtedly, the best possible way of verifying your home address is to have a bank staff member visit you at home to confirm you do actually live there. Next best is a municipal utilities account with your name, erf number and address. But beyond this, banks do have some discretion … if they communicated that better, we might not be so confused by the different demands.
The FIC provides a basic list of documents that can be used to verify your address, but it is not exhaustive and institutions can decide to use other forms of documentation:
* A utility bill;
* A bank statement from another bank;
* A recent lease or rental agreement;
* A municipal rates and taxes invoice;
* A mortgage statement from another institution;
* A telephone or cellphone account;
* A valid television licence;
* A recent long-term or short-term insurance policy document; or
* A recent motor vehicle licence document.
Some institutions accept emailed documents; others insist on something mailed to your address. Most require documents that are not older than three months. If you can’t produce any of these, the bank may decide to accept an affidavit from a person who lives with you, or from your employer.
But each bank can have its own rules, so it is best to check on the institution’s website or call the customer care line. Capitec, for example, also accepts an IRP5, a tax return, a retail credit account, or a letter from your tribal chief or traditional authority. It won’t accept emailed documents, though. Absa accepts a TV licence, an official registration letter from a university or college, a letter from a body corporate or property manager, a motor vehicle registration notice, and so on.
When you open an account with Standard Bank, you will also be asked for information on your source of income, where the funds you expect to use in your transactions come from and the type of activities that can be expected on the account. If you are a guardian of a minor, or if you are going to appoint a third-party signatory, secondary card holder or someone else to act on your behalf, all the required information must be provided for them too, together with the written confirmation of authority and their contact details.
FICA-FREE BANK ACCOUNTS
There is a bank account that escapes Fica: the entry-level Mzansi account, which all banks are required to offer in terms of the Financial Sector Charter and the Broad-based Black Empowerment Act. The charter requires banks to make banking more accessible to all communities.
The major South African banks worked together to provide a standard of affordability and accessibility to people who have never had a bank account before. Absa, First National Bank, Nedbank, Standard Bank and Postbank all issue Mzansi accounts. But there are restrictions on these accounts:
* No more than R5 000-worth of debit transactions a day are allowed, including ATM withdrawals;
* No more than R25 000 worth of debit transactions are allowed each month;
* You cannot have more than R25 000 in your account at any time; and
* Your card may not be used outside South Africa.
To open a Mzansi Account, you don’t need proof of address. After a month, a statement from this account can be used for Fica compliance at another bank. It may seem like a loophole in the Fica system, but banks insist it is not. Processes are in place to check these accounts for unusual activity. If you live in a shack, but you put large or unusual amounts of money through your account, it will be flagged and reported.
“This type of account limits transactional options, so there is little risk of it being used for money laundering,” adds Liezl Squier, Absa’s spokesperson.
“When a customer applies for an account, the customer is accepted in line with the provisions of Fica, [its] regulations and Absa policies and procedures … The bank does not need to obtain or verify the address of the customer. [But] once the customer has opened the account, it is monitored to ensure activity is in line with the expected activity associated with the type of account and the risk profile of the customer.”