The Financial Intelligence Centre (FIC) has published Draft Public Compliance Communication (PCC) 122 for consultation, providing guidance on the application of the Financial Intelligence Centre Act (FICA) to special purpose vehicles (SPVs) that are accountable institutions under item 11 of Schedule 1 to the Act.
According to the draft, published on 2 March, the communication confirms the applicability of FICA requirements to SPVs designated as accountable institutions.
Both operationalised and non-operationalised SPVs are required to comply with all obligations set out in the Act. The draft provides clarity on the interpretation of SPVs for the purposes of applying those requirements.
It also highlights certain anti-money laundering, counter-terrorist financing, and counter-proliferation financing (AML/CFT/CPF) vulnerabilities associated with SPVs and refers to risk indicators that may be considered when determining money laundering (ML), terrorist financing (TF), and proliferation financing (PF) risks in client engagements.
Characteristics of a special purpose vehicle
The draft notes that the term “special purpose vehicle” is not defined in FICA. For purposes of applying the Act and the PCC, it provides an understanding of features that may indicate that an entity is an SPV.
It states that an SPV may include, but is not limited to, any juristic person, trust, partnership, or other legal arrangement established as a legally distinct entity for a specific, limited, or ring-fenced objective or purpose, normally with its own assets, liabilities, and legal status separate from its forming parent institution or entity.
The draft further notes that an SPV may include an issuer special purpose institution (SPI) or similar entity used in securitisation, asset-backed funding, risk transfer, repackaging, or structured finance transactions, which is bankruptcy-remote, has restricted objects, and is prohibited from conducting business outside its defined mandate.
Other features identified in the draft are:
- Ring-fencing or restriction of the entity’s memorandum of incorporation, including the use of “RF” in the company name.
- Founding documents that set out a restricted purpose for which the entity is created.
- Establishment as a separate legal person or arrangement with its own rights and obligations.
- Creation by separate entities that may not necessarily hold shareholding or ownership in the SPV.
- The possibility that the entity may be set up in a manner that does not have operations and essentially outsources the operations.
- Linkage to the creator entity or entities through ownership or mutual control structures.
- Purposes such as securitisation, ring-fencing risk or facilitating structured finance transactions.
- Typically having no operational employees apart from a board of directors or management team.
- Being wholly owned and/or controlled by the forming parent or group entity.
The draft states that SPVs that directly or indirectly conduct business activity with clients cannot evade accountability for complying with FICA obligations on the basis that they lack employees or operational capacity. It notes that an SPV has rights and obligations and may be used to channel funds in relation to clients and therefore presents potential ML, TF, and PF risks that must be mitigated.
An example is provided in which a registered credit provider creates an SPV and cedes rights and obligations under credit agreements to that SPV as part of a securitisation scheme. In that scenario, the SPV steps into the role of an accountable institution under item 11(a) as it carries on the business of a credit provider.
Independent registration
The draft states that an SPV that falls within the definition of a credit provider designated under item 11 of Schedule 1 is an accountable institution and must register independently with the Centre on the goAML platform.
It adds that this principle applies in all other scenarios where an SPV falls within any item in Schedule 1 to FICA.
Each accountable institution that qualifies under Schedule 1 must register in its own right before being linked under a delegation structure.
Delegation structures
The draft explains that delegation of authority structures on goAML are designed to centralise registration and reporting for accountable institutions operating within a group structure or grouped portfolios, as outlined in draft PCC 5E.
Where an SPV forms part of a portfolio of a primary accountable institution and receives the rights and obligations of that institution, the SPV must register as an accountable institution. The SPV may then submit a written request to the Centre to be linked via a delegation structure to the primary accountable institution for operational purposes.
The request must be submitted on formal letterhead and set out in detail the ownership, organisational structure, and operations of both the primary accountable institution and the SPV. The Centre will consider the request in light of the risk and context of the SPV.
The draft states that the proposed compliance officer of the SPV may be the same appointed compliance officer for the primary accountable institution. The SPV must be able to demonstrate that it forms part of a broader group or is linked to a broader group, which group it may benefit from in the form of sharing operational resources and mutual control.
It further provides that, within a group structure, a formal written outsourcing agreement is not required where operational resources are shared and not outsourced from a third party. The primary accountable institution is not regarded as an agent of the SPV but as linked through mutual control within a group.
Delegation is not permitted in the case of operative SPVs, including where an SPV operates outside a group structure, has operational employees, ongoing business operations, or diverse functions beyond a special purpose, single project, or risk-isolated purpose.
Delegation is allowed for passive SPVs that fall within or are linked to a group through ownership or mutual control, where the primary accountable institution co-ordinates and conducts operational functions, including functions in terms of FICA.
The draft distinguishes between sharing operational resources within a group and outsourcing to third-party service providers. It states that conducting or sharing compliance activities between group-linked SPVs and primary accountable institutions is not regarded as outsourcing in terms of PCC 12A.
The Centre also notes that compliance functions are often centralised within group structures and encourages accountable institutions within a group structure to apply a group-wide Risk Management and Compliance Programme (RMCP).
Compliance obligations, RMCP and reporting
The draft states that SPVs operating within a delegation structure may seek assistance from the primary accountable institution to conduct customer due diligence (CDD) operational functions and to scrutinise client information against targeted financial sanctions lists.
However, an SPV that is delegated must have an RMCP that aligns with the parent accountable institution’s framework while reflecting its own ML/TF/PF risk profile. The RMCP must demonstrate how the SPV identifies, assesses, manages, and mitigates identified risks and must clarify the relationship between the SPV and the primary accountable institution, defining roles and responsibilities for compliance oversight.
In relation to reporting, the draft provides that an SPV delegated to a primary accountable institution may rely on reporting controls developed and implemented by the primary accountable institution to the extent that the primary institution conducts transactions operationally on behalf of the SPV.
These reporting controls may include transaction monitoring to detect reportable activity and the reporting of such activity to the Centre. Reporting must be done by the SPV’s appointed compliance officer, with the assistance of appointed money laundering reporting officers, if any. The draft states that this would not be in breach of FIC Directive 2.
Risk considerations
The draft notes that accountable institutions must conduct ML/TF/PF risk assessments at both business and client level. It states that, owing to their operational role within industry, accountable institutions are best placed to understand and identify areas of potential ML/TF/PF vulnerability.
Authoritative nature of guidance
The draft notes that guidance issued by the Centre is the only form of guidance formally recognised under FICA and the Money Laundering and Terrorist Financing Control Regulations and must be considered when interpreting the Act or assessing compliance with obligations imposed on accountable and reporting institutions.
The draft further states that enforcement action may emanate from non-compliance with FICA where there has been non-compliance with guidance issued by the Centre. Where an accountable institution has not followed guidance, it must be able to demonstrate that it has complied with the relevant obligation in an equivalent manner.
Consultation process
The FIC has invited written submissions on Draft PCC 122 via the online comment submission link only. Submissions must be received by the close of business on Monday, 16 March 2026.
