Accountable institutions must develop and implement a Risk Management and Compliance Programme (RMCP) that meets the requirements of the Financial Intelligence Centre Act (FICA) and its associated regulatory instruments, says the Financial Intelligence Centre (FIC).
All categories of financial and non-financial accountable institutions listed in Schedule 1 to FICA are required to develop, document, maintain, and implement an RMCP.
Accountable institutions are also required to provide copies of their RMCPs on request, whether they are supervised by the FIC or other supervisory bodies, such as the Financial Sector Conduct Authority.
The FIC’s inspections have found “widespread failure” by accountable institutions to develop or implement RMCPs. This failure was compounded by an absence of a documented assessment of the business’s money laundering (ML), terrorist financing (TF), and proliferation financing (PF) risks, which should inform the development of the RMCP, the FIC said in a statement yesterday.
This failure was a primary motivation for the FIC’s request to certain accountable institutions to submit a copy of their RMCPs on the FIC’s goAML platform by 12 March 2025.
Read: Crucial deadline for accountable institutions supervised by the FIC
The FIC said the requirement to submit RMCPs is still in force, despite the expiry of the closing date. Accountable institutions that are in default must immediately submit their RMCPs electronically to the FIC. Failing to submit the RMCP constitutes non-compliance with FICA.
Christopher Malan, the FIC’s executive manager for compliance and prevention, urged accountable institutions to consult and monitor the goAML message board daily (under their registered Org ID profile) and immediately attend to outstanding RMCP and other requests from the FIC.
Malan said accountable institutions should not equate submission of the RMCP as being compliant with all the prerequisites for a fully compliant RMCP. The FIC, through inspections and compliance monitoring, will test an RMCP against the legislative requirements.
Key considerations for a compliant RMCP
The FIC’s statement outlined what accountable institutions need to consider when developing a compliant RMCP.
Institutions need to understand how criminals can abuse their products and services to launder money, or finance terrorism, or the proliferation of weapons of mass destruction.
Institutions must understand their business environment and put in place risk mitigation measures and controls as part of their RMCP to protect the business.
The RMCP must be documented and kept up to date, with the highest authorities in the business taking ultimate responsibility for its implementation.
Accountable institutions must identify in their RMCPs the client types that pose a higher or lower risk for ML, TF, and PF. This will assist institutions in applying varying degrees of verification and other measures at onboarding or in ongoing business relations. RMCPs are thus central to the continuity of the business.
Estate agents, for example, need to be acutely aware when dealing with clients who purchase high- or low-end properties for cash. Do they have clients who rent property, pay cash in advance for the rental, and then shortly thereafter ask for the money to be returned to them for whatever reason? How are these and other clients to be dealt with, and what policies are in place to guide the estate agency? Scenarios such as these should feature in an estate agency’s RMCP.
In addition, the risk-based approach includes identifying various client types, what additional measures need to be in place, and what training is given to their teams on how to deal with such behaviours.
The FIC said accountable institutions should not underestimate the importance of having a robust RMCP. The purpose of an RMCP, along with the other FICA compliance obligations, is to strengthen and protect the business environment and the financial system from being used for ML and TF.
“An adequate RMCP may safeguard accountable institutions from legal entities and natural persons seeking to criminally abuse the accountable institution,” said Malan. “RMCPs are fundamental to protecting accountable institutions and ultimately, the integrity of our financial system.”
Help with FICA compliance
Moonstone Compliance offers compliance, consulting, and training options for accountable institutions of all types and sizes to help them meet the requirements of FICA.
Moonstone Compliance provides a wide range of services, from providing documentation to implementing a full compliance framework. You can select a combination of services and have them customised according to your needs.
Click here to read more about Moonstone Compliance’s suite of FICA services or submit an online enquiry.
