From CompliNEWS | Financial Service Intelligence Watch
Capitec Bank fined R56.25 million by SARB for FIC Act non-compliance
The South African Reserve Bank (SARB), through its Prudential Authority (PA), has imposed administrative sanctions on Capitec Bank Limited, including a financial penalty of R56.25 million, for non-compliance with provisions of the Financial Intelligence Centre Act (FIC Act) 38 of 2001. Of the total fine, R10.5 million is conditionally suspended for 36 months.
These penalties follow inspections conducted in 2021 and 2022, focusing on Capitec’s retail and business banking segments. The findings highlight significant deficiencies in the bank’s anti-money laundering (AML) compliance processes.
Non-Compliance Findings and Penalties
The sanctions include seven cautions, one reprimand, and financial penalties linked to multiple compliance failures, detailed below:
1. Customer Due Diligence (CDD) Deficiencies
Capitec Bank was found in breach of sections 21(1) and 21A to 21H of the FIC Act due to failures including:
- Inadequate verification of client identities.
- Failure to identify beneficial owners of legal entities.
- Insufficient verification of addresses and sources of funds.
- Weak PEP screening and ongoing due diligence for high-risk clients.
- Failure to obtain senior management approval for revised client risk ratings.
Penalties
- Retail segment: R20 million (R5 million conditionally suspended).
- Business banking segment: R15 million (R2 million conditionally suspended).
2. Cash Threshold Reporting (CTR) Delays
Capitec failed to ensure timely reporting of Cash Threshold Transactions (CTRs) to the Financial Intelligence Centre (FIC), as required by section 28 of the FIC Act.
Penalty
• R2 million (R1 million conditionally suspended).
3. Suspicious Transaction Reporting (STR) Failures
Non-compliance with section 29 of the FIC Act included delays in filing Suspicious Transaction Reports (STRs) and Suspicious Activity Reports (SARs).
Penalty
• R5 million.
4. Automated Transaction Monitoring Issues
Capitec breached Directive 5 of 2019 by failing to address alerts generated by its Automated Transaction Monitoring System within the mandated 48-hour timeframe.
Penalty
• R3 million.
5. Risk Management and Compliance Programme (RMCP) Weaknesses
Violations of section 42 of the FIC Act were linked to Capitec’s inadequate RMCP practices, including:
- Failure to assess and mitigate risks associated with CTRs.
- Poor implementation of enhanced due diligence measures.
- Delayed board approval for RMCP updates.
- Insufficient risk considerations during client onboarding.
Penalties
- Retail segment: R8 million (R2 million conditionally suspended).
- Business banking segment: R3.25 million (R500 000 conditionally suspended).
Capitec’s Response and Broader Implications
Capitec has cooperated with the Prudential Authority and initiated remedial measures to address compliance deficiencies. These penalties come as South Africa intensifies regulatory scrutiny in its efforts to be removed from the Financial Action Task Force’s (FATF) grey list.
The case underscores the importance of robust AML frameworks and timely reporting to ensure compliance and avoid reputational damage. Financial institutions are urged to take proactive steps to strengthen their compliance controls.