'Ticking the box' or managing ML/TF risk
'Ticking the box' or managing ML/TF risk
'The rules should be the same for everyone’. It is a principle engrained in many areas of our life. A norm that informs our concept of ‘fairness’. We see it in the way parents raise their children, teachers approach discipline in classrooms and employers engage with employees. Deviating from this principle is frowned upon.
In July this year, the USA criticised China for apparently not ‘following the same rules as everyone’ when China failed to abide by international rules on maritime territory. On the other hand, many sport referees have been vilified by supporters for ostensibly ‘not applying the same rules’ to the teams on the playing field.
However, as with most things in life, there is always an exception, where ‘applying the same rules to everyone’ is detrimental to achieving the ideal outcome. The Financial Intelligence Centre (FIC) Amendment Bill has effectively moved the AML/CTF (anti-money laundering/counter terrorist financing) landscape from a ‘the rules should be the same for everyone’, to ‘the rules are not the same for everyone’.
To clarify, ‘compliance’ per definition is synonymous to ‘obedience to’, or ‘conforming to’, a set of rules. Historically, Accountable Institutions (AIs) performed AML/CTF regulatory risk assessments, in order to identify gaps between its own internal rules/processes and what is required by law. The benchmark for an effective AML/CTF programme was, therefore, the South African AML/CTF regulatory framework. The rules were the same for all AIs.
Even though the necessity and benefit of compliance with the AML/CTF regulatory framework is undisputed, the FIC Amendment Bill moves away from only requiring compliance with the ‘letter of the law’. When enacted, the amended FIC Act will require AIs to also have an understanding of its ML/TF (money laundering and terrorist financing) risk profile, i.e. an understanding of the risks that its products/services may be used for ML/TF, and then to respond to the identified risks, through its ML/TF Risk Management and Compliance Programme (RMCP).
An effective ML/TF RMCP, should, therefore, not only comply with the ‘letter of the law’, but should also effectively mitigate the ML/TF risks associated with the relevant AI. Compliance with the ‘letter of the law’, without an appropriate understanding of the organisation’s ML/TF risks, may lead to non-compliance with the true intention/spirit of the law, as well as poor ML/TF risk management.
More information
For more information, contact:
Marieta Deysel-Engelbrecht
Associate Director
KPMG in South Africa
marieta.deysel-engelbrecht@kpmg.co.za
Articles in this series
© 2023 KPMG Services Proprietary Limited, a South African company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.