FIC Public Compliance Communication 12A provides guidance on outsourcing of compliance activities to third parties

Posted on

In June 2020, the Financial Intelligence Centre (FIC) called for comments from accountable institutions, reporting institutions, supervisory bodies, and other persons, as discussed in a Moonstone article titled “Draft Public Compliance Communication 12A – Guidance on outsourcing of compliance activities to third parties”. These comments have now been considered and as a result the FIC issued a communication updating the guidance on outsourcing compliance activities to third party service providers.

The Communication highlights the following:

  • Accountable institutions remain responsible for their compliance obligations in terms of the Financial Intelligence Centre Act, 2001 (Act 38 of 2001) (FIC Act) regardless of their internal arrangements relating to the manner in which those obligations are met.
  • Outsourcing refers to when an accountable institution seeks the advice or assistance of a third-party service provider in relation to the performance of their compliance obligations. The third-party service provider cannot discharge any FIC Act obligations on an accountable institution’s behalf, and as such, an accountable institution remains liable for compliance failures associated with and/or caused by such an outsourcing arrangement.
  • An accountable institution may use the services of a third-party service provider to perform compliance activities relating to risk assessments and the collection and processing of documents and/or information for customer due diligence (CDD) to a limited extent, and for record-keeping purposes as required in terms of the FIC Act and the Regulations to the FIC Act. An accountable institution may utilise the services of a third-party service provider to scrutinise client information in terms of the FIC Act.
  • An accountable institution may not use the services of a third-party service provider to fulfil and discharge CDD, reporting and registration obligations in terms of the FIC Act, nor the accountable institution’s obligations that arise in terms of section 27 and 32 of the FIC AThird Partiesct. In addition, an accountable institution may not outsource the obligation to obtain senior management approval as required in terms of section 21F, 21G and 21H of the FIC Act.
  • Outsourcing of compliance obligations to a third-party service provider is not the same as placing reliance on a third-party accountable institution.

Click here to download the document that provides feedback on the public consultation process.