From CompliNEWS | Financial Service Intelligence Watch

Key learnings from Sunlight Financial Services – FICA non-compliance case: A cautionary tale for all accountable institutions

The recent Financial Sector Conduct Authority (FSCA) sanction against Sunlight Financial Services (SFS) highlights critical deficiencies in compliance practices under the Financial Intelligence Centre Act (FIC Act). This case serves as a stark reminder for accountable institutions of the consequences of non-compliance and underscores the importance of robust internal processes.

Non-Compliance Findings

The FSCA inspection revealed multiple violations of the FIC Act by SFS, including significant gaps in their Risk Management and Compliance Programme (RMCP), customer due diligence (CDD) measures, and targeted financial sanctions (TFS) screening processes.

Key failings included:

Deficient RMCP

  • The RMCP did not align with the specific business operations of SFS, failing to adequately address risks such as money laundering (ML), terrorist financing (TF), and proliferation financing (PF).
  • Inadequate provisions for CDD, ongoing due diligence, and processes for verifying client identities.
  • Lack of detailed processes for handling suspicious transactions, terminating client relationships, or implementing enhanced due diligence for high-risk scenarios.

Failure to Conduct CDD and Risk Assessments

  • SFS demonstrated a 100% failure rate in risk rating and conducting CDD on sampled clients.
  • Reliance on external policy provider requirements instead of business-specific risk considerations.

Inadequate Employee Training

  • Despite commitments in their RMCP, SFS failed to provide ongoing FIC Act training, leaving staff ill-equipped to meet compliance obligations.

Failure to Screen Clients Against TFS Lists

  • None of the 57 sampled clients were scrutinised against the TFS lists, a mandatory requirement to identify potential risks linked to terrorism or proliferation financing.

Key Learnings for Accountable Institutions

  • A Comprehensive RMCP is Non-Negotiable – The RMCP is the cornerstone of FIC Act compliance. It must not only document all processes but also address every applicable risk factor, including client, geographic, and product risks. Institutions should regularly review and update their RMCPs to ensure they reflect their current business environment and regulatory requirements.
  • CDD and Risk Assessment Are Critical – Institutions must implement effective CDD measures to assess client risks accurately. Risk rating processes should consider all relevant factors and cannot rely solely on product or service-based assessments. Proper documentation and periodic reviews are essential to mitigate ML/TF risks.
  • Training is Vital – Ongoing staff training ensures employees understand and adhere to compliance requirements. Training should be practical, covering the institution’s RMCP, regulatory changes, and how to identify and report suspicious activities.
  • TFS Screening Must Be Prioritised – Screening clients against TFS lists is not optional. Institutions must establish robust processes to identify and act on any matches to prevent involvement in illegal activities.
  • Regulatory Cooperation is Essential but Not Sufficient – While SFS cooperated with the FSCA and made some attempts to address deficiencies, their efforts were insufficient to rectify the non-compliance. Remediation must be thorough and demonstrable.

The FSCA’s decision to impose a R600 000 financial penalty, with R300 000 suspended contingent on compliance, reflects the gravity of these failings. For accountable institutions, this case underscores that non-compliance not only exposes businesses to financial penalties but also risks reputational damage and loss of trust.

To avoid similar sanctions, institutions must prioritise the development and implementation of comprehensive compliance frameworks, maintain ongoing training programmes, and ensure rigorous monitoring of all regulatory obligations. Only by embedding a culture of compliance can institutions protect themselves and contribute to the integrity of the financial system.

Read the Full Notice of Administrative Sanction from the FSCA here