Representatives of the Financial Intelligence Centre (FIC), the National Treasury (NT), banking institutions and other relevant stakeholders, attended a meeting of the Standing Committee on Finance for a clause-by-clause reading and consideration of the Financial Intelligence Centre Amendment Bill.
The Financial Intelligence Centre explained the objectives of each clause, and also discussed submissions made by the public and responses to these by the NT and the FIC. Most of the clauses were adopted without objection from the Committee following the FIC’s explanations. In almost every case, the responses to public comments were found to be satisfactory to the Committee Members, as well as to the stakeholder representatives that were present.
Certain clauses required some discussion for clarification, most notable of which were:
Members were concerned that the clause might limit the ability of institutions to outsource investigative work to relevant consultants. The Banking Association of South Africa (BASA) expressed concern that the identify of an individual who reported suspicious activity may be more vulnerable under the proposed changes. The FIC countered that the amendments in question would not change the flexibility of institutions to outsource investigations, and that the confidentiality of the reporter would have no less security under the new legislation, as the same provisions from the principal Act would still apply.
Clause 27 required relevant institutions to have Risk Management Control Programmes that achieved certain objectives as set out in the Bill. Members and stakeholder representatives expressed concern that the legislation in the clause was too prescriptive, resulting in very demanding obligations for institutions. National Treasury also added that the policy may not be easy to implement at a practical level, and may not be worth it from a cost-benefit perspective. The FIC explained that the requirements were not unusually stringent or demanding when compared to international standards. After much discussion, and a certain level of disagreement, the Chairperson said that based on the comments of the Committee and stakeholder representatives, the clause would not be adopted as such. The Committee would try to adjust the clause to minimize the gap between the desires of industry and the propositions as they stood in the Bill.
Clauses 35,36,37,38,42,46,47,48,49 (the non-compliance clauses).
There was some discussion about the clarity of some of the terms used in these clauses, as well as the practical implications of the legislation, particularly with regard to the possibility of dual liability -- criminal and administrative -- arising on the part of institutions. By the end of the discussion, it was accepted that the clauses dealt sufficiently with the issue of dual liability (also called double jeopardy), and it was also accepted that the clauses were sufficiently clear when read together.
At the end of the session, clause 27 was the only clause that had not been agreed upon by the Committee, and was thus noted to be in need of adjustment before the Bill was finished. Some later clauses did not receive complete consideration, however. These included clause 34 and clauses 46 to 49, which would be returned to before the final vote on the Bill.
The meeting ended with the Chairperson detailing the agenda of the Committee for the upcoming weeks.
The Chairperson said that the Committee’s goal was to complete consideration of the Bill within the session, but to vote on it at the following meeting.
Clause by Clause Reading of the Finance Intelligence Centre Amendment Bill
The Chairperson began by drawing Member’s attention to Clause 17 of the Financial Intelligence Centre Amendment Bill (the Bill), which would add Section 26C to the Financial Intelligence Centre Act (the principal Act). Committee Members had previously asked whether it was appropriate for the Director to decide who should be exempted in the context of 26C. Should the Minister delegate when it comes to implementing the decision of who to exempt? The Chairperson directed this question to delegates who had been at previous meetings, including: Mr Pieter Smit, Executive Manager: Financial Intelligence Centre, Mr Olano Makhubela, Chief Director: Finance, Investments and Savings, National Treasury, and Mr Ismail Momoniat, Deputy Director-General: Tax and Financial Sector Policy, National Treasury.
Mr Makhubela asserted that when a policy decision was make, or a decision was potentially controversial, it should be the Minister that made it. At the same time, one could not expect this of the Minister, if such decisions were arising on a daily basis.
The Chairperson responded that what was expected was that the Director would do most of the work, but that it would be the Minister that ultimately signed off on the decision. The Committee would need to word the Bill so that this was clear – he suggested that the Bill mention that the Director would refer the decision to the Minister.
Mr Smit stated that there was no serious problem with the clause from a legal perspective. Within the given context (UN financial sanctions), a person was entitled to some forms of relief. The clause as it stood did not construe an exemption from the sanction – it was just providing accommodation so that the identified person could maintain a basic living, which a person was entitled to in terms of UN resolutions.
Mr Smit agreed with the Chairperson that the clause would allow the Minister to nominally sign-off on a decision, while the administrative work could be done primarily by the Director. The Director would make a recommendation to the Minister, who would then exercise their discretion in deciding whether or not the relief would be provided, either agreeing or disagreeing with the Director’s advice. In this fashion the Minister could nominally sign-off on the decision, meaning that he/she would not have delegated the power of decision. He added that the only place where a change in the law was being considered, was to remove the ability of the Minister to delegate the power of decision, so that in every case the Director must refer the final decision to the Minister.
The Chairperson suggested that the clause was designed to stipulate that the ultimate decision would be made by the Minister as to whether or not a person would qualify for the provisions given under Section 2. The details on the provisions granted for different expenses could be decided by the Director, who would then submit a request or recommendation (that they be granted) to the director. This put the correct amount of responsibility on the Director.
There were no objections.
Mr Smit explained that clause 18 of the Bill amended Section 27 of the Act, which enabled the Finance Intelligence Centre (FIC) to request that an institution reveal whether or not a particular person was their client. This tool was regularly used in the information gathering activities of the FIC. The change that was proposed in clause 18 was designed to add certain institutions to the group of institutions that were obliged to advise the FIC of their clients, if requested by the FIC as per Section 27. The clause would add reporting institutions and persons subject to reporting obligations in terms of Section 29 of the Act to the group. This meant that in addition to financial institutions and certain professions, all businesses operating with obligations to report suspicious transactions would also be obliged when they reported, to specify clients at the FIC’s request.
At present, the FIC could provide only a name to an institution under Section 27, requesting that they advise whether or not the individual was a client. Clause 18 amended this by allowing the FIC to request the name of the holder of a particular account number or client number. So the FIC was giving the number, rather than the name, and requesting the name of the individual.
The Chairperson drew attention to the comment on clause 18, submitted by Investec (document B, page 33). Investec’s comment reads: “In relation to closed accounts, does the five-year recordkeeping obligation apply for Section 27 records?” The response to this question was that it was Section 23 of the Act which dealt with periods for record-keeping requirements. Section 23 would be amended under clause 13 to indicate that transactions or activities which gave rise to a report contemplated under Section 29 (suspicious transactions), would also be required to have records kept for a period of five years from the date on which the report was submitted. Section 27 dealt with institutions advising the Centre of its clients, which they may be obliged to do when reporting to the FIC as per Section 29. The record-keeping requirements did not make mention of whether or not the account was subsequently closed. In terms of the reporting obligation, it was unlikely that this would be made on a closed account.
The Chairperson asked if the term “number” used in bullet point d) should not be changed to a more specific phrase, such as “account number”, but Mr Smit responded that it was a deliberately broad term on account of that fact that different institutions kept various types of numbers to identify clients, such as account numbers, client numbers, customer numbers, etc. Because there existed no general term to describe these numbers, it was necessary to use the general word “number”, in this context applying to where the number was used to identify a person.
Clause 19 simply involved the moving of Section 26 of the principal Act to a new position at Section 27A.
Mr Smit explained that clause 20 amended a current Section of the FIC Act which required institutions to report property which was connected with an entity that was deemed to be associated with terrorist and related activities by the UN Security Council under the anti-terrorism resolution. The current obligation existed only in the context of property connected to an entity that was listed under the anti-terrorism resolution. The purpose of the amendment was to add the reporting of entities that were financially sanctioned under the new financial sanctions (introduced in clause 17) to the reporting obligations of accountable institutions. In other words, the purpose was to balance the reporting obligations with the new additions to the FIC Act.
The comment on this clause by the Law Society of South Africa (LSSA) was valid, but it was already catered for in the existing FIC Act (the principal Act) under Section 25. He suggested that the LSSA had not noticed this, because Section 25 did not appear in the Bill and appeared only in the principal Act.
Mr Smit continued to describe Clause 21. It amended Section 29, which dealt with the reporting of suspicious and unusual transactions. It was consequential to the introduction of the financial sanctions provisions. The first part of the amendment changed Section 29 (1) to add the obligation for relevant institutions to report if they suspected activities that could be construed as the contravention of a prohibition under Section 26B (the financial sanctions).
The subsection 3 amendment was more significant and gave FIC supervisors (inspectors) the ability to access an institution’s records of its reported transactions to the FIC when doing an inspection. The detail of it was dealt with under Section 45B amendments later on in the Bill. It was a consequential amendment that one could discuss when the Section 45B amendment was reached.
Clause 22 dealt with an amendment to the FIC’s power to ask for additional information once a report was made to the Centre. In the current text of the FIC Act, either the FIC or an investigator could go back to the institution and ask for more information. However, investigators could not effectively make use of this power as they did not have the tools to analyze the information. Therefore, one change proposed was to delete the investigating authorities from this clause, so that it became only the Centre that could request a follow up on the information that was reported to them. Secondly, the amendment added specificity about the information that the Centre could ask for when it followed up on a report, which would include supporting documentation that the institution might have to provide, with details on the transactional activities that it was reporting on.
Clause 23 dealt with Section 34 of the Act, which was the power of the FIC to intervene and stop transactions or freeze accounts for a limited period if it believed there was an immediate need to take control, to stop money or evidence from disappearing. The first amendment was again consequential and aimed to include transactions relating to the Security Council sanctions that were to be introduced to the Act. The second amendment was to extent the period for which such a freeze was valid. Currently it was five working days; the proposal was to increase this to ten working days. The reason was mainly that law enforcement agencies, especially the Asset Forfeiture Unit, had indicated that sometimes five days was just not enough. It was not sufficient time for them prepare the documentation needed to go court and ask for a formal freezing order in order for them to maintain the freeze after the Centre’s intervention lapsed.
The last amendment, subsection 3, was a consequential amendment, referring to the new legislation that replaced the Security Services Act, being the Financial Markets Act.
Clause 24 amended Section 35, which contained another information-gathering power of the FIC. The FIC was entitled to get an order from the judicial officer who was in charge of issuing monitoring and interception orders. The judge could give an order requiring financial institutions or their accounting institutions to record every transaction of a particular customer that was named in that order for a minimum period of three months. This was called a monitoring order: the institution was not only recording and reporting anything suspicious, but also reporting every transaction that happened over that period as soon as it happened. This was done under the oversight of the judge that issued monitoring and interception orders. The changes being proposed here were firstly to update the Act to refer to the UN security sanctions again, and secondly, it referred to the new legislation about which judge was appointed to issue monitoring orders.
Ms T Tobias (ANC) asked why the period was limited to three months only.
Mr Smit responded that it was a fairly intrusive power to look into the private affairs of a person, so it had been limited to a three-month period. It could be renewed if one went back to the judge and convinced the judge to issue a new order.
Clause 25 amended Section 40 of the Act, which was the section that determined which entities were entitled to receive information from the FIC, based on the FIC’s analysis. This was the heart of the legislation that allowed the FIC to put the information into the hands of the authorities that needed to make use of it. The proposal was to add a number of authorities to the list in subsection 1, including the Independent Police Investigative Directorate, the Intelligence Division of the National Defence Force, the Special Investigating Unit (which dealt with the recovery of funds lost due to corruption), and investigative divisions within a department of the state where the division has a mandate to investigate unlawful activity within that department. This last addition mainly referred to internal governance functions or sections within departments that deal with corruption or mismanagement of funds within state departments. The Public Protector had also been added.
Currently the FIC Act included authorities such as the Police Service and intelligence agencies, but only those that had a mandate to investigate criminal activity under national law. The clause also proposed a restructuring of the section to specify more clearly what factors the Director would need to have taken into account when deciding to share the information. It was not freely up to the director’s discretion, as the situation had to meet certain tests before the information was passed on. Subsection 9 aimed to separate the type of information that was fairly strictly protected, from other information that might be shared more freely. For example, the FIC was allowed to share information that was in the public sphere already, or information that did not relate specifically to reported transactions, such as statistical information or strategic information for policy decisions, etc.
Ms Tobias wanted to check with Mr Smit if the clause prohibited institutions from being able to outsource the work to a relevant consultant that might conduct the investigation on its behalf. For example, forensic experts that could do the work - was this not inhibited by this clause? Was there something that broadened the scope?
Mr B Topham (DA) questioned the use of the word ‘may’ in the phrase: ‘the Centre may make information reported to it…’ He wanted to know if this was deliberately supposed to imply that it was at the Centre’s discretion to decide whether or not the information was disclosed.
Mr Stuart Grobler, Senior General Manager: Banking Association of South Africa (BASA), explained that one of the functions of the FIC ab initio (implementation) was to disintermediate the reporting officials from the information being passed to the prosecuting or investigative authorities. For example, the person in a bank that detected and reported on these activities, should not be disclosed to the prosecutors, and may not be forced to testify in court, because this exposed them to criminal sanction or criminal retribution. He wanted confirmation from the FIC that despite the intentions of the new ‘sharing with everybody’ theme – where a host of state enterprises could receive the information – the confidentiality of the reporting official was still protected in that it was not passed beyond the FIC?
Mr Momonait said that he did not think there was an issue with the information being made available to investigative bodies. He maintained that there were in fact several more conceivable bodies that could benefit from receiving such information. He questioned why the clause excluded all parties except the select few mentioned. He drew the example of the chief procurement officer (CPO), saying that if the FIC possessed information about issues within procurement, the FIC should be able to alert the CPO, naming the accounting officer or whoever it may be that was at fault.
Another example came from the National Treasury (NT). Although the NT did not conduct financial investigations, it did take responsibility for monitoring compliance with the Public Finance Management Act (PFMA) and the Municipal Finance Management Act (MFMA). Perhaps the Bill should state that reports made in these instances could be shared with the NT -- to the Director General (DG), for instance. The DG himself would not have to conduct the investigation, but it would rather be referred to an investigating authority. He commented that under the current system, these issues often came to the Treasury, but the Treasury was unable to share information.
Another example came from the Reserve Bank, which followed a lot of the issues around illicit flows and foreign exchange through the Financial Surveillance Department. Should one not consider putting them on this list as well? Again, they were not a prosecuting authority, but they did have some powers with exchange controls, where they could impose fines and so on.
Mr Smit responded to Ms Tobias and Mr Grobler’s questions, explaining that the Act did not exclude the possibility of the investigating authority co-opting other entities into an investigation. Forensic accounts and auditors were often called in to conduct the financial part of the investigation, rather than having the police do it themselves. However, in those instances, Section 40 still applied and the FIC did not share the information. The information at the FIC was given only to the nominal investigating officer who had been appointed to manage the case. What the investigating officer did with the information in terms of the internal investigation was not for the FIC to determine, so if they shared the information internally within an investigative team that included a forensic auditor, that was fine. However, the FIC would never share the information directly with the co-opted entity -- it would always share it with the policy officer. It was they who were accountable for the protection and management of the information.
The Chairperson agreed with Mr Momonait, saying that while the list may seem complete now, new and relevant institutions may be created or surface in the future. The Minister should therefore have the right to add them through a change in the regulation. However, sometimes it was impossible to give the Minster the power to regulate, if the clause in question was so crucial that Parliament had to decide. The Chairperson doubted, however, that the clause was so major that it would be inappropriate to grant the Minister the power to change the regulation set out in the clause.
Mr Smit said that the FIC Act did not preclude any of the recipients of the information from using it within their legal scope and mandate. The Act did have provisions on maintaining the confidentiality of the information. Exceeding the mandate or using the information for a purpose that was not part of the mandate of the institution, was a criminal offence under the FIC Act. Leaking the information was a criminal offence, so the protection clauses still applied in relation to the information that was received from the FIC. It should be remembered that the FIC itself did not have investigating power, so it needed to pass on the information it gathered. The requirement for the decision to pass on the information was simply whether or not the information was necessary within the mandate and scope of the institution in question. This question was up to the Director of the FIC. If the recipient’s mandate did not have cause to receive the information, then it was the recipient who was criminally liable for possessing the information. Fortunately, this had never been the case in the last ten years.
The flexibility for the use of the information needed to be within the functions of the recipients of the information. This rule also applied to the case where the investigative institution wanted to share the information further with other entities. The powers that the investigators might have to access additional information from other parties was not within the FIC Act -- this Act dealt only with how the FIC must share its information, not how other parties would access additional information. That would have to be done under the criminal procedure Act or other legislation, where they could issue subpoenas or search warrants etc.
Mr Smit clarified for Mr Grobler and Ms Tobias that the confidentiality of a reporting officer was protected under the Act. The FIC Act was one of the few exceptions in law where a person could not be compelled to testify. In the FIC Act in Section 29, it stated that the person who reported a suspicious transaction could not be compelled to testify in a case following that report. Even if the FIC passed on information about an activity that needed to be investigated, that information would not contain the name of the reporter. There could be an exception if the reporting person consented to being identified, and to testifying in court. To date, the FIC had not had a case where it had been necessary to have the reporter’s identity in order to construct a case that was strong enough for the courts. The case was constructed based on bank statements and transaction records.
Responding to Mr Topham’s question, Mr Smit explained that ‘may’ was used in conjunction with the factors with which the director must be satisfied before he was allowed to decide to pass on the information. The director was accountable for this decision -- he needed to be able to justify it with a proper record, specifying how the analysis was done and what had led to the conclusion that the information needed to be passed on to any given authority. There were instances in which there may be evidence that pointed to the potential abuse of the information – a hidden agenda or ulterior motive in the party receiving it. This was why the director should have discretion to decide whether or not the information was shared.
Mr Smit responded to questions about whether supervisors could receive the information by stating that supervisors did appear in the clause and were therefore allowed to receive the information, providing that the information related to the exercise of their supervisory function. The FIC may share the same information about the performance of institutions that it would gather from the reports and analysis from supervisors, including the financial surveillance exchange control department. When they investigated criminal behaviour, they were treated as an investigating authority.
Expanding the list further was always a process that one needed to keep track of as things developed. The test was to see whether the addition to the list complied with the notion that the information collected from someone’s financial transactions would be likely to point to something that justified investigation. Initially, when the legislation went through Parliament, the view was that because of the potential abuse, the changing of the list should be a legislative function rather than falling under the authority of the executive.
The Committee agreed that they were satisfied with the clause as it stood.
Mr Grobler commented that the reporting in question, and in particular the follow up questions, could be cumbersome and require significant amounts of paperwork. However, he noted that it was the norm around the world for Financial Intelligence Centres to collect such information from banks from time to time. On behalf of the banks, he indicated that they would comply with the clause.
Mr Smit explained that clause 26 was a consequence of the Protection of Personal Information (POPI) Act. The clause would add safeguards to the provisions in the FIC Act relating to the protection of private information that the FIC holds. It placed the controls in terms of the FIC Act on an equivalent basis to the safeguard requirements of the POPI Act. If the Information Regulator was satisfied that the requirements in the amendments were equivalent to the POPI Act, then the Regulator would not scrutinize the institution as subject to the jurisdiction of the Regulator. If they were of the opinion that these safeguards were not equivalent to the POPI Act, then the institution was subject to the supervision or scrutiny of the Information Regulator. In his opinion, the amendments matched the safeguards provided for in the POPI Act.
Ms N Mokgosi (EFF, Northern Cape) inquired about the guidelines or systems that would ensure that institutions followed the provisions in the FIC Act and the POPI Act.
Mr Smit responded that the check in the system to ensure that institutions complied with the POPI Act was the Information Regulator, provided for under the POPI Act. That was the public sector entity that had the power to inspect institutions that held private information. This meant the Information Regulator would be the authority that would decide whether the safeguards the FIC was providing for were equivalent to those in the POPI Act. The safeguards proposed in the clause applied to the FIC itself – the FIC did not impose POPI requirements on the institutions that received information from the FIC. They were subject to POPI themselves, under the supervision of the Information Regulator. This clause would apply to any information that the FIC held that related to the private information of an individual.
The Chairperson said that the Committee would meet with the Director General of the FIC and the Finance Minister to discuss the complete text of the Bill, which should be complete and ready by the Wednesday following Easter. The Committee would vote on the Bill on that same Wednesday.
Clause 27 – Risk Management and Compliance Programmes
Mr Smit said that currently, in terms of Section 42, institutions were required to have internal rules, which were scaled-down versions of internal policy on how institutions had to comply with their obligations. The proposal was to take that idea and extend it significantly to a fully-fledged system of policies and controls that institutions needed to have in order to meet their obligations and manage how they differentiated the implementation of the legislation according to a risk-based approach. Subsection 1 said that institutions need to have such a programme. Subsection 2 then went into the matters that needed to be covered in such a programme. It listed the matters that must at a minimum be covered in the programme.
Mr Smit explained that it had been decided to remove the definitions of ‘client’ and ‘prospective client,’ and to achieve the same objective by requiring institutions to determine these definitions themselves, in line with their Risk Management and Compliance Programmes (RMCPs). The definition of prospective client would determine when the due diligence requirements were triggered. On account of how important this provision was, the FIC had moved the paragraph from point q) upwards towards point b) or c). As it was working through the Bill, matters such as this, which were outstanding, would arise and had to be dealt with before the final document. There may be one or two more small changes before the final document was ready.
The Chairperson said that he was satisfied with this and trusted the lawyers to produce good legislation. He suggested, however, that any new changes from now on should be green in colour, to help the Members to identify them.
Mr Smit said that the Risk Management and Compliance Programme must be considered and signed off at the highest level of an institution. Comments on the clause had generally reflected a concern that the task of compiling the RMCP seemed daunting and complex. The response had been that this would be the case if it were a complex institution that had to develop the programme. The programme should be commensurate to the institution. The Act stated that the objectives that the institution had to meet were to decide on an RMCP that would effectively mitigate risk. The test to determine how complex the programme needed to be was to look at the institution and decide how effective the RMCP would be, given the type(s) of business activity.
The Chairperson asked Mr Smit to explain the opinion from the Banking Association of South Africa (BASA).
Mr Smit stated that BASA’s concern about the Bill being too prescriptive arose from the long list of matters that had to be covered by the RMCP. FIC’s response had been that if the programme was to meet the obligations discussed in previous parts of the Bill, then these were all the sorts of things that one would expect to see covered in an institution. The list was there to make the job of the supervisor simpler, because he could look through the list and check that the obligations were met. It was therefore necessary to have such a list.
The Chairperson asked how the requirements of the clause compared to law in other middle-income countries. Was this clause unusually onerous?
Mr Smit responded that the requirement to have such a programme had become a regular feature internationally. It was part of a new approach to legislation, where the legislation specified how a risk-based approach should work, rather than specific rules to be followed. This was the technique that had been decided upon.
Mr Momonait said that from an economic, cost-benefit perspective, the clause may be problematic. Some of the requirements were not realistic in an advanced economy. South Africa struggled to prosecute financial criminals effectively. In a sense, one did need to look at the entire situation. He was worried that the legislation was very ‘draconian’ and may not be practically implementable or enforceable. The approach that the Treasury preferred did have the FIC working closely with the “twin peaks” regulators. In the future, in may be relevant to create such a significant regulation, but at present it may not be worth the cost. The FIC may be specifically included in the Twin Peaks Bill, to create forced consultation between the FIC and the regulators.
The Chairperson wanted to know if Mr Momonait’s reservations about the clause represented the general view of the Treasury. The Committee’s approach had been to encourage consensus when a piece of legislation was being considered. How the Bill was implemented depended on the capacities and preferences of the private sector and the government. Creating more comprehensive laws now did have the benefit of reducing the amount that they would have to be updated and expanded in the future. He suggested that concerns such as Mr Momomait’s were perhaps too late, in that they would require fundamental rethinking of the legislation which they were trying to pass. The banks and relevant institutions would not be expected to comply immediately with every clause once the Bill was passed. He felt that the clause was consistent with the general thrust or ‘trajectory’ of the Bill. There was always some leeway in the implementation of the regulation.
Mr Momonait said that the Twin Peaks legislation would create very strong regulators. There needed to be strong legislation in the non-financial sector as well. He agreed with the Chairperson.
Ms Tobias said that the Committee should not shy away from sometimes making a ‘u-turn’ if a problem was found. Her suggestion was to have a trial-run with the regulation in question, to see what it would be like practically in terms of implementation. This could be done and provide some insight before it was officially written into law.
Mr Topham commented that the clause did not introduce any substantial difference to the old legislation. The wording may be different, but the intention was the same. The clause still indicated that the FIC would require knowing who the clients were and where their money had come from. The old approach had a 20-page risk document, with a ‘tick-off’ procedure. The situation was the same, for example, for a small legal firm - the strategy for risk management had to be tailored to the operations of the firm. He put forward the example of an American who wanted to legitimately buy property in South Africa, and his bank transferred R100 million to a bank account for the sale. If the same transfer was from Switzerland, however, then there was probably more of a risk. It may actually be useful to rank countries and institutions around the world according to how similar the legislation that regulated them was to South African legislation, and how acceptable they were from the local perspective. The Bill should encourage or even to force people to use common sense.
Mr Smit said it was correct that the clause was similar to the content in the existing Act that covered internal rules within institutions, but there were some important changes. For institutions such as banks, the current rules in the FIC Act did not allow them to apply a lot of common sense. This was because there was a regulation which stated that to know a person’s identity, one must verify it with a green barcoded-ID document. The regulations stated that a person’s address must be verified through a piece of paper that showed the address at which the person claimed to live. This did not allow a lot of discretion and decision-making on the part of the institution. This was the part that the FIC was changing here. Those regulations would have to be repealed as they were inconsistent with the approach taken in the Bill and in this clause  in particular.
The Bill now states that the institution needs know the identity of its customer – the FIC was not specifying what information and documentation to use in order to know this. The FIC was not saying there was a need to know the address of the customer, but was saying that one needed to decide for oneself as an institution whether or not it was useful information to the institution in its line of business. If it was considered useful, put it in the RMCP, and decide how you were going to verify it. This was what the FIC meant by encouraging common sense. The institution must decide what it needs to do to meet the requirements of due diligence, scrutiny of transactions, reporting of transactions, record keeping and so on. Without this programme (RMCP) as introduced in the Bill], one would be stuck with regulations that did not allow a common sense approach. One would need an exhaustive list that details every little thing that a bank must do. This was one of the things that everyone would agree on – that this element of the FIC Act at present did not work. The flip-side of these excessive prescriptions was therefore to switch the onus on to institutions to make decisions and take accountability for their risk management. This was the change that the Bill would effect.
Mr Grobler said that he represented a sector (banking) that was very involved with risk management and risk intervention. He understood that all parties were aiming to work from a risk-based approach. The difficulty with this section was that it prescribed what that risk management programme must look like. A single attorney with a single client doing a niche transaction was not allowed to disregard any of the points that must be considered in the RMCP. It stated that if any one of the points on these three pages was not met, the RMCP had failed. This level of prescription on what risk management must be like was undesirable for the banking sector.
The Chairperson suggested that based on the comments of the Committee, the clause would not be adopted as such. It would not abandon it completely, but would have further consultations and refine it to be more acceptable to all parties. He summarised the situation over clause 27 by saying that the Committee would try to adjust the clause to minimize the gap between the desires of industry and the propositions of the Bill. That being said, it was never possible to get 100% consensus from everyone.
Mr Juan Furmie, Director: ThisIsMe, said that a lot of the prescriptions in the clause lined up with the International Organization for Standardization’s (ISO’s) standards, in particular information security standards. These guidelines also used phrases such as ‘must consider’ as opposed to ‘must have’ which deliberately allowed the institution to ignore certain measures if they did not apply to its business operations.
Mr Topham added that the word ‘may,’ as used in the clause, protected the banks because they could only be sued for not complying with terms that use the term ‘must’. He did not feel that the clause was too prescriptive, and the Chairperson agreed with this statement.
Mr Smit explained that clause 28 inserted a new provision (Section 42A) to indicate how institutions should take accountability for compliance within the institution – what the governance structure should be for managing compliance. The current FIC Act contained a clause saying that every institution must appoint a person to ensure compliance -- a compliance officer. This was not how it should be, as management should be chiefly in charge of ensuring compliance. The new Section 42A expressed this principle. It added that the institution must appoint sufficient functionaries to assist the board in discharging this obligation.
The Chairperson asked if there was a clear definition of what was meant by ‘senior management’.
Mr Smit replied that there was not a specific definition, but it was the same problem as the case of using the word ‘numbers’ which had been discussed earlier, where the institutions were too broad and varied in their structures for a single definition to apply to all of them in the way the clause intended.
Mr Smit explained that the clause was consequential to the new RMCP clause(s). He summarised the comment made by the Law Society of South Africa (LSSA), half-jokingly, that they felt the legislation meant “the more you know, the more liable you become”. He said that the comment really spoke to the previous discussion about the tension arising from allowing entities to use common sense, as opposed to providing more prescriptive laws. The Law Society’s view on this had consistently been that the proposed risk-based approach would be a nightmare for the legal profession. They preferred to be told what to do at every level of detail, and then to go and do it. Following discussions with them, part of the answer that emerged had been that, when developing the legal guidance for risk management, it should be done with the legal profession involved in the process. The FIC had asked the LSSA to explain which points within the legislation should be focused upon because of the effect they would have on small attorney’s firms and the transactions they typically covered. This would at least help the profession to know when they needes to apply the FIC Act and when not as a starting point.
The Chairperson indicated that he did not think the LSSA had a good point and that the response already given was sufficient.
Mr Smit added that there was therefore a new clause, 24B, that had been proposed to be added to the Bill in document C (Addendum to responses by national treasury and Financial Intelligence Centre to comments submitted to the Standing Committee on Finance). The clause added provisions for consultation between the Centre and accountable institutions before guidance was issued. There would also be a more general clause that spoke to the structure of consultation rather than specific issues.
Mr Smit explained that clause 30 dealt with the section in the Act that provided for the making of directives for both the Centre and the supervisory bodies. Directives were rules that lay down legal requirements and could lead to liability for non-compliance. The change that was proposed was to widen the scope that the rules may cover. Currently the Act referred only to matters relating to compliance with the obligations created in the Act. The FIC had found that in some instances this was too narrow, and it needed to include some of the other objectives spelt out in sections 3 and 4 of the Act. The addition would widen the power of the Centre and supervisors to make rules for matters that were not directly related to compliance but still fell within the ambit of the objectives of the Act.
The new addition in clause 31 was to provide a requirement for memoranda of understanding to be formulated between the Centre and the different supervisors to demarcate areas of responsibility and cooperation. The addition in the new paragraph B was to specify clearly the detail that at the minimum should be included in such memoranda of understanding. This included detail of the sharing of information between the Centre and supervisors, cooperation between the parties, dispute resolution mechanisms, and other matters.
The Chairperson said that the clause was already covered in another Act, and that it did not need to be said in the FIC Bill/Act.
Mr Smit said that clause 32 had been dealt with in part already. Paragraphs A and B of the clause dealt with warrants and inspections. Paragraph C had not been discussed and determined the access to information by an inspector on a practical level when they carried out the inspection of an institution related to a report by the institution. The amendments to Section 45B would expressly authorise and enable a supervisor to access the records of an institution about the reports that they filed with the FIC. It would also authorise the sharing of equivalent information records that the FIC would hold for the same case with the supervisors and inspectors.
Ms Tobias wanted to know industry’s opinion on the warrants, but it was decided this would be heard later when the final Bill, with all the amendments, was ready.
Clause 33 was not problematic and was adopted with no discussion.
Mr Smit proceeded to clause 34, explaining that it dealt with the steps that would be followed when an appeal was lodged to an appeal board when an entity disagreed with a sanction imposed by a supervisor. The amendment filled in some of the missing details within this process, to further regulate when documents must be filed or when evidence needed to be heard, etc. There would be further consequential amendments that would appear in the Financial Sector Regulation (FSR) Bill, to determine how the appeal boards’ members would be identified/constituted.
The Chairperson said that he had not had the time to look at the clause yet, but that he would consider it privately over the next few days, and communicate any issues that he may find, so that the committee could discuss these issues the following Tuesday (22nd March).
Non-Compliance Clauses – 35,36,37,38,42,46,47,48,49
Mr Smit discussed the clauses that dealt with non-compliance as a group. Under the current Act, if an entity failed to identify a client, for instance, they simultaneously committed a criminal offence and an administrative non-compliance contravention. They could thus be sanctioned by a supervisor administratively for non-compliance, and prosecuted criminally for a criminal contravention, both as a result of the same conduct. The change proposed in these clauses was to remove the criminal liability and maintain only the administrative liability in many of these offences including, but not limited to, failure to identify a person or failure to apply due diligence. These were the regulatory-type contraventions that institutions might commit.
For cases where both types may apply, under the current Act the entity was protected from double-jeopardy by the provision that if a criminal investigation had started, then an administrative sanction could not be applied until the criminal process was finalised. In this instance, if criminal sanctions were imposed, then administrative ones could not be applied subsequently. In the other case, if the administrative sanction was imposed first and a criminal investigation or prosecution began subsequently, if the person was convicted, the presiding officer must take into account that a sanction had already been imposed when deciding the penalty.
Mr Smit answered a question from Ms Tobias. He said that if an administrative sanction was imposed, the effected institution always had a right to appeal against the sanction. The appeal first went to the appeal board created in the FIC Act. If the appeal board ruled against the person and they were still dissatisfied, they then had the right to appeal to the high court and the judicial process. What these changes would effect was that in certain instances, there would be no criminal liability.
Concerns from legal organisations were about the cases where dual liability could arise. The changes would remove some of the instances where this could occur, but not all of them. Where dual liability could arise, there was a current provision in the existing FIC Act that explained how the person who was at fault could not be double-sanctioned for the same offence.
Mr Momoniat said that the issue was a question of sequence in the process, but that the situation in this regard would change when the Twin Peaks legislation was introduced, specifically in that it aimed to create one tribunal for everything. It would be better to look at this issue further when the Twin Peaks legislation was complete.
Mr Grobler explained that BASA’s comment about the non-compliance clauses had to do with the phrasing ‘act of non-compliance,’ which seemed redundant grammatically because it meant ‘an act of an act’. It was non-compliance that was defined in the Act itself, and not ‘an act of non-compliance’.
Mr Smit responded that it was not an issue to have ‘an act of non-compliance’ defined in the final (new) Act. He referred to the second submitted comment, stating that it was a common misconception that administrative sanctions were less serious than criminal ones. It was therefore incorrect to argue that the use of ‘non-compliance’ in place of ‘criminal’ reduced the apparent seriousness of the offence. Regarding the third comment, he felt that the issue raised had more to do with implementation of the Act than its drafting.
Mr Smit and the Committee then briefly considered submissions four and five in the addendum document (document C) made by various stakeholders regarding these clauses. The responses to these two submissions were explained by Mr Smit and both were accepted without objection by Committee Members or those stakeholder representatives that were present.
Mr Grobler explained BASA’s submission to the Committee, saying that Section 21B was too prescriptive as it had to be applied for every client of an institution, regardless of risk. This clause stated that if one did not apply enhanced due diligence, in accordance with all of the sections listed, for every client, one was guilty of an administrative offence. It did not state that one was allowed reduced due diligence.
Mr Smit said that the RMCP must identify which portion of its customers were high risk, and apply enhanced due diligence to those customers. If the institution then did not apply enhanced due diligence to those customers, in the way that it had described in its RMCP, then it had failed to comply with that obligation. However, the fact that an institution did not apply enhanced due diligence to a low-risk customer could not be considered a failure to comply with the obligation.
The Chairperson said that the Committee was satisfied that when read together with the RMCP clauses, the clauses specified the same requirements that Mr Smit had explained with sufficient clarity. There was therefore no significant problem with the clauses as they appeared in the Bill.
Clauses 39 and 40
Mr Smit mentioned that clause 39 was a new offence provision that was consequential to the Security Council legislation discussed earlier. Clause 40 had also been discussed previously.
Both were accepted without discussion.
Criminal Offence and Administrative Sanctions – clauses 41, 43, 44.
Mr Smit said that clause 41 was an amendment that added the potential for dual liability in certain cases by adding the possibility of administrative sanctions for failure to report appropriately on cash transactions above a certain threshold.
Mr Topham echoed the concerns raised by the Johannesburg Securities Exchange (JSE) in their second comment (comment 2) on the clause. The Bill mentioned that ‘the board of directors’ could be liable to administrative sanction, but a board could not strictly be liable to anything. Only particular members of the group could be. Wording it to say that ‘directors’ could be liable was preferable, because this would equate to the board of directors. In criminal law, when a company was liable, the individual directors representing the company were liable.
Mr Smit responded that the board as a collective was responsible to shareholders, not the individual directors in their individual capacity. The sanction was not imposed against individuals, but against the board. However, overall it was not clear that this distinction would make a practical difference to outcomes.
The committee was satisfied and moved on.
Clauses 43 and 44 had been discussed previously and were accepted without further consideration.
Mr Smit explained that clause 45 added to the offences mentioned earlier that protect the confidentiality of information at the FIC. The addition was to include the information mentioned in Section 45B in these offences.
Clause 46 to 49
The Chairperson said that these clauses were simply several examples of non-compliance that were not problematic. He planned to read over them more thoroughly before the Committee finally met and voted on the Bill on 13 April.
Clauses 53 to55
Clauses 53 to55 were accepted by the Committee without objection.
Closing remarks about processing the Bill
The Chairperson said that there were some outstanding policy issues that would have to be considered on 13 April, when Parliament had reconvened. That Wednesday would be the Committee’s last sitting for the Bill, and if necessary it could push the vote to the week after to make sufficient time to cover all outstanding issues. The deadline was to get the text of the Bill on 5 April.
The meeting ended with some comments from the Chairperson about the debates that had arisen over procedural matters. He wanted to put on record exactly what the agenda was for the upcoming meetings to avoid any disagreement. The Committee would discuss the Government Employees Pension Fund (GEPF) on the first Tuesday (12 April) after it had engaged with National Treasury. On the Wednesday (13 April) it would discuss this Bill. The following Tuesday would be the GEPF again and the Public Investment Corporation (PIC). The next Wednesday would be the Financial Sector Regulation (FSR) Bill.
No one had an issue with this programme, and Ms Tobias moved its adoption.
The meeting was adjourned.