In June, minister of Finance Tito Mboweni published proposed amendments to the Financial Intelligence Centre Act (FICA) for public comment.
The proposed amendments aim to align FICA with the current International Standards of the Financial Action Task Force (FATF) as well as with recent legislative amendments, says Seshree Govender, a senior associate at law firm Webber Wentzel.
This will include new rules around crypto-asset service providers or ‘CASPs’, including further responsibilities around which information they have to maintain and conducting due diligence on customers.
“The list of CASPs is extremely wide and will cover the majority of CASP businesses in South Africa, including services providers operating outside the country,” she said.
“The effect will be that all these businesses will be regarded as ‘accountable institutions’ and will be required to comply with the various regulatory requirements and obligations imposed on accountable institutions by FICA”.
Govender said that these requirements will include:
- Registering as an ‘accountable institution’ with the FIC;
- Conducting due diligence/KYC on all customers in accordance with a risk-based approach; and
- Developing, implementing and maintaining a risk management and compliance programme (RMCP).
Govender said that the list of CASPs that will be included in the FICA include those that allow for:
- Exchanging a crypto asset for a fiat currency or vice versa;
- Exchanging one form of crypto asset for another;
- Conducting a transaction that moves a crypto asset from one crypto asset address or account to another;
- Safekeeping or administration of a crypto asset or an instrument enabling control over a crypto asset; and
- Participation in and provision of financial services related to an issuer’s offer or sale of a crypto asset.
An accountable institution
One of the key proposed changes is that CASPs register as an ‘accountable institution’ with the Financial Intelligence Centre (FIC).
As part of this process, they will have to abide by all of the FIC’s legislative requirements. These include:
- Conducting customer identification and verification;
- Conducting customer due diligence;
- Keeping records;
- Monitoring for suspicious and unusual activity on an ongoing basis;
- Reporting to the FIC any suspicious and unusual transactions;
- Reporting cash transactions of R25,000.00 and above (or the applicable threshold at any given time);
- Reporting in respect of control of property that might be linked to terrorist activity or terrorist organisations.
As with other financial institutions, these CASPs will also have to do risk assessments on customers and maintain information both on account holders and where the money is heading (beneficiaries).
The FIC will have the power to impose administrative penalties where there is non-compliance.