From CompliNEWS | Financial Service Intelligence Watch

Criminal checks Financial Action Task Force (FATF), the Mutual Evaluation Report (MER), the Financial Sector Conduct Authority (FSCA), and fit and proper

The Financial Sector Conduct Authority (FSCA) published FSCA Communication 22 of 2022, regarding draft amendments to the Exemption by the Financial Sector Conduct Authority of Certain Persons from Joint Standard 1 of 2020. Applying to significant owners of all financial institutions, it seeks to reassess the requirements in the Joint Standard to determine the extent to which such requirements should apply to significant owners of FSPs. The following areas are addressed:

  • honesty and integrity;
  • competence and financial standing required to support the business of a financial institution; and
  • procedures for assessing fitness and propriety, and reporting.

The FSCA is of the view that the requirements in the Joint Standard pertaining to honesty, integrity, reporting and procedures for assessing fitness and propriety, is appropriate in the context of significant owners of FSPs. The FSCA is thus proposing to amend the Exemption to ensure that significant owners of FSPs are subject to the requirements in the Joint Standard pertaining to honesty, integrity, reporting and procedures for assessing fitness and propriety. This will ensure that, amongst other things, regulatory measures aimed at preventing criminals or their associates from controlling financial institutions exist.

During 2019, the FATF conducted a country review of South Africa in the context of the FATF Recommendations, and made findings and accompanying recommendations to be remediated in its MER. Recommendations not fully remediated or significantly progressed by October 2022 can lead South Africa to be placed on the FATF grey-list, which could have dire consequences for the country as a whole.

FATF Recommendation 26 states that: ‘Countries should ensure that financial institutions are subject to adequate regulation and supervision and are effectively implementing the FATF Recommendations. Competent authorities or financial supervisors should take the necessary legal or regulatory measures to prevent criminals or their associates from holding, or being the beneficial owner of, a significant or controlling interest or holding a management function in, a financial institution … …’.

One of the key findings in the MER related thereto that while fit and proper criteria are in place for many sectors, these often do not apply to beneficial owners. Most regulators do not conduct criminal checks or verify self-declarations of applicants, although police criminal clearance certificates are required for applicants in the ADLA and CIS manager sectors.

‘Although it is acknowledged that a significant owner and a beneficial owner is not exactly the same thing, the definition of a significant owner in the FSR Act captures a relatively broad scope of beneficial owners. However, as significant owners of FSPs are currently exempted from the Joint Standard, such significant owners are currently not subject to any fit and proper requirements.’

‘Should the Exemption insofar as it relates to significant owners of FSPs be withdrawn, this will have the effect that a broader scope of beneficial owners (through the definition of significant owner) will be brought within the scope of the Joint Standard, thereby subjecting them to the fit and proper requirements and, as a result, partially addressing the FATF MER finding referred to above, which was identified in the context of FATF Recommendation 26.’

It is said that the longer-term objective of the FSCA is to make a proposal to National Treasury pertaining to the potential amendment of the FSR Act, to create an enabling framework for the regulation and supervision of beneficial owners of financial institutions.

Despite what is contained in the Communication, there remains many question marks surrounding the ability of the regulator to ask persons to go for biometric testing (fingerprints), given the requirements of the Protection of Personal Information Act (PoPIA). The FSCA is already asking that certain persons or FSPs go for fingerprint testing as part of obtaining FSCA authorisation.

Only expressly-stated requirements in current law matter.

You could request consent for biometrics, but it would have to be given freely. So the person can say no. Then there is the data minimisation. The least amount of information must be processed. Anything beyond the minimum must be justified.

Does section 8(2) authorise the FSCA to do this? It is required to take the least intrusive approach to achieve the stated purpose.

It is necessary for the FSCA to justify what it plans to do. ‘Fit and proper’ is defined in the Act:

Fit and proper requirements may include, but are not limited to, appropriate standards relating to- (a) personal character qualities of honesty and integrity;
(b) competence, including-

(i) experience;
(ii) qualifications; and
(iii) knowledge tested through examinations determined by the registrar;

(c) operational ability;
(d) financial soundness; and
(e) continuous professional development.

None of the above requires fingerprints or credit vetting.

The FSCA states the following:

‘Criminal background checks is not a new requirement at all, it was just not implemented by this office. The criminal checks are done as part of the fit and proper assessment on all new licence applications and profile changes relating to the addition of new key individuals, directors, members, trustees and partners. This is being extended to include shareholders who are natural persons.’

‘Chapter 2 of Board Notice 194 of 2017, allows for the assessment of the fitness and propriety of all FSPs, key individuals and representatives in relation to honesty, integrity and good standing. In determining compliance therewith, the FSCA may refer to any information in its possession or brought to its attention.’

‘You will note that some of the questions in form FSP 4A to 4D questionnaire ask of applicants to disclose whether they have ever been found guilty in any criminal proceedings or been convicted of any offence. Applicants are thereafter required to declare if this information is correct and then give consent to the FSCA and its authorised verification agents, to request or confirm any of this personal information, as well as any other information provided in support of the application, with any personal data holders including the SAPS. The credentials that need to be verified include criminal records.’

‘Note also that SAPS only relies on fingerprints to process police clearance applications and criminal background enquiries.’