| Feb 27, 2025

FIC Issues Final Guidance on FICA Implementation with Release of Guidance Note 7A

Guidance note 7A

On 13 February, the Financial Intelligence Centre (FIC) issued the final version of Guidance Note 7A, which provides clarity and assistance regarding compliance with the risk management and compliance programme (RMCP) requirements provided for in section 42 of the Financial Intelligence Centre Act, 2001 (FIC Act).  

Guidance Note 7a, Chapter 4 of 7a, replaces Chapter 4 of Guidance Note 7 in its entirety to provide further guidance to those exercising the highest level of authority in an accountable institution - who must approve the RMCP of their accountable institution and are ultimately responsible for compliance with the Act. 

It should be noted that the remainder of Guidance Note 7a remains primarily the same as Guidance Note 7 and has not been updated in its entirety to reflect any other of the recent changes and so, contains many instances of redundant guidance.

. 

Summary of the Key Elements of the Guidance Note 7A update to Chapter 4 

  • Accountable institutions must develop, document, maintain and implement a risk management and compliance programme (RMCP) that is appropriate to the size and complexity of their business and covers all the elements of the programme as set out in section 42 of the FIC Act 
  • The RMCP should include: 
    • A definition of define the highest level of authority in the institution, who is ultimately responsible for approving the RMCP and ensuring that the accountable institution implements and complies with it.
    • An entity wide assessment of the potential risks the institution faces taking into account the nature, size, products, service offerings, industry, client base, geographic location(s), complexity of business, delivery mechanisms, third-party service providers, sector guidance, and any other relevant factors .
    • Descriptions of controls in place, including different categories of customer due diligence and other risk management measures, including escalation of decision-making to higher levels of authority .
    • Details of the training of employees.
    • Provision for information sharing to the highest level of authority in the institution.
    • Indicate any elements of section 42 of the FIC Act that do not apply to them.
    • Accountable Institutions situated in South Africa and operating in foreign jurisdictions should also be aware of the local AML, CFT, and CFP obligations in all jurisdictions where they operate. 
    • An Accountable Institution must review its RMCP at regular intervals to ensure that it remains relevant to the institution’s operations and the identified risks, and any changes re-signed off. 
  • The document should holistically and comprehensively cover the requirements of the Act and sufficiently inform the highest level of authority of the risks the business faces and the control in place to discharge their obligations under the FIC Act.  

  •  An inadequate RMCP may constitute non-compliance and may result in them receiving an administrative sanction.

  • An accountable institution must have a compliance function and assign a person with sufficient competence and seniority as a Compliance Officer.

  • The RMCP must be made available to all employees and be used for training .

  • The institution must instill a culture of compliance driven from the top 

Contact Us for Compliance Assistance

Ensuring you are fully compliant with South Africa’s reporting obligations can be complex. If you're looking for expert support and guidance on your compliance needs, contact us today for our comprehensive compliance services. Our team can help you navigate the reporting process, stay compliant, and mitigate the risks of noncompliance.

Contact Us