Legislation and guidelines                                            Chapter 5

           Although the amendments to FICA shift to a risk-based approach, the Act continues to specify
         some transaction thresholds. For example, all deposits of notes or traveller’s cheques exceeding
         R25  000  (as  single  or  aggregated  transactions  made  in  close  succession  or  across  associated
         accounts) are reportable. For non-cash transactions, accountable institutions are not required to
         scrutinise transactions below R5 000.
           In  some  instances  accountable  institutions  must  not  only  report  suspicious  activity  but  must
         also take action. Under Section 28A of the Act, an accountable institution is obliged, in addition
         to reporting to the FIC, to freeze assets if it discovers it holds property (typically financial assets)
         associated  with  an  individual  or  entity  on  the  United  Nations  Security  Council  sanctions  list.
         Section  28A  deals  with  matters  of  fact  –  for  example,  where  an  accountable  institution  has  an
         account belonging to a known terrorist.
           Under Section 29 of the Act, which relates to unusual transactions, an accountable institution
         is  required  to  report  suspicious  activity  to  the  FIC  but  without  taking  action.  Section  29  deals
         specifically with situations where an accountable institution has no proof of ML/TF activity but has
         reason to believe that something is amiss. One example given in the FIC’s guidance note concerns
         a client who seeks to deposit cash at a bank branch but then changes his mind after being asked
         the source of the funds by the teller and leaves with the money still in his possession. This would be
         reportable under Section 29.
         Know your client (KYC) and client due diligence (CDD)
           Central to FICA are provisions which place an obligation on FSPs and FSPRs to identify and verify
         their clients. If a client is acting on behalf of another person or entity, the Act requires the accountable
         institution to establish and verify the identity of the third party, and to verify that the client has the
         authority to act on behalf of the third party.
           The FICA amendments expand on the previous KYC requirements with the introduction of CDD
         provisions. Like KYC, CDD imposes an obligation on accountable institutions to know who their
         clients are and who they are doing business with, but CDD also requires institutions to monitor
         business relationships and to take special care when it comes to prominent and influential persons.
         The  amendments  also  introduce  additional  measures  relating  to  trusts,  partnerships,  and  other
         legal entities.
           Under  FICA,  accountable  institutions  typically  require  a  written  application  for  service
         accompanied by certain supporting documentation. For a South African citizen or resident, typical
         requirements include:
           R   A  copy  of  the  investor’s  identity  document  showing  the  ID  number  and  photograph
              (or passport copy for foreign nationals)
           R   Proof  of  SA  income  tax  number  (ie,  correspondence  from  SARS  showing  name  and
              tax number)
           R   Proof of residential address (such as a bank statement, utility bill or telephone account)
           R   Guardian contact details in the case of a minor
           R   Proof of banking details (such as a bank statement less than three months old)
           A recent amendment to FICA, has made accountable institutions responsible for determining who
         has control and ownership of a company, trust or other legal entity. This means the institution must
         determine all natural persons who own or have control over the entity.
           Where the client is a company or trust or other legal entity, documentary evidence can become
         significant as it may include the above details for all directors and senior managers, proof of a trading
         name (where applicable), proof of VAT registration, proof of the physical address where the entity
         conducts its operations, and so on. In the case of trusts, details of all trustees and all beneficiaries
         may be required.
         Risk Management and Compliance Programme
           The amended FICA requires every accountable institution to draw up a Risk Management and
         Compliance  Programme  (RMCP).  In  terms  of  the  amendments  to  the  original  Act,  the  RMCP
         replaces the Internal Rules required by the 2003 iteration of FICA.


                      Profile’s Unit Trusts & Collective Investments September 2025    95