FICA – Comparison of GN 7 Chapter 4 vs GN 7A (its replacement)

by | Feb 24, 2025 | Blog | 0 comments

From CompliNEWS | Financial Service Intelligence Watch

FICA – Comparison of GN 7 Chapter 4 vs GN 7A (its replacement)
By James George

1. Scope and Coverage

  • GN 7 Chapter 4 – Focused solely on the Risk Management and Compliance Programme (RMCP) under section 42 of the FIC Act. It outlined the basic principles of an RMCP, its purpose, and the accountability of senior management.

    GN 7A (Full Document) – Expands significantly beyond just RMCP requirements. It incorporates a broader risk-based approach covering:

    • Customer Due Diligence (CDD)
    • Recordkeeping
    • Implementation of UN Security Council resolutions
    • Sanctions screening
    • Beneficial ownership verification
    • Ongoing monitoring and compliance reviews.

Key Change
GN 7A provides a comprehensive AML/CFT framework, integrating RMCP principles into all compliance aspects, whereas GN 7 Chapter 4 was limited to structuring an RMCP.

2. Board & Senior Management Responsibility

  • GN 7 Chapter 4 – Stressed that the board of directors or senior management is ultimately responsible for RMCP compliance. Focused on ensuring a culture of compliance and that policies align with legal requirements.GN 7A – Strengthens board oversight by explicitly requiring documented approval of RMCPs. Requires senior management to be actively involved in:
    • Risk assessments
    • Client risk profiling
    • Decision-making in high-risk cases
    • Introduces group-wide compliance expectations for multinational institutions. 

Key Change
GN 7A elevates corporate governance requirements by making executives directly accountable for compliance breaches.

3. Risk-Based Approach (RBA)

  • GN 7 Chapter 4 – Briefly mentioned the need for a risk-sensitive RMCP but lacked guidance on implementation. GN 7A – Embeds RBA as a fundamental compliance principle.Introduces risk-rating methodologies:
    • Client risk
    • Product/service risk
    • Geographic risk
    • Delivery channel risk
    • Defines how institutions should document and justify risk-based decisions.
    • Allows simplified due diligence (SDD) for low-risk clients and enhanced due diligence (EDD) for high-risk clients. 

Key Change:
GN 7A mandates a structured risk assessment framework, ensuring a customised compliance approach rather than a one-size-fits-all model.

4. Documentation & Internal Controls

  • GN 7 Chapter 4 – Required institutions to document their RMCP.
    Allowed institutions to indicate which RMCP elements did not apply and justify exclusions.GN 7A – Expands documentation requirements, ensuring:
    • Formal risk assessments
    • Detailed procedures for ongoing monitoring
    • Justification for risk thresholds and decisions
    • Introduces continuous monitoring and periodic review requirements.

Key Change
GN 7A makes documentation a compliance priority, enforcing regular updates and detailed internal policies.

5. Beneficial Ownership & Transparency Requirements

  • GN 7 Chapter 4 – Required institutions to verify customer identities but had limited guidance on beneficial ownership (BO). GN 7A – Introduces a clear process for identifying BO, including:Three-tier identification process:
    • Direct ownership control (≥25% shareholding)
    • Control through other means (voting rights, management influence)
    • Senior management control
    • Requirement to verify BO using third-party sources
    • Group-wide policies for institutions with cross-border operations.

Key Change
GN 7A enforces stringent BO verification, making complex corporate structures more transparent.

6. Sanctions Screening & UN Security Council Resolutions

  • GN 7 Chapter 4 – No reference to sanctions compliance.
  • GN 7A – Mandates sanctions screening against UN, EU, and South African lists.
  • Requires immediate reporting and freezing of assets related to sanctioned individuals or entities.
  • Introduces specific guidance on screening technology and escalation procedures.

Key Change
GN 7A integrates global AML/CFT requirements, ensuring compliance with international sanctions frameworks.

7. Customer Due Diligence (CDD) & Ongoing Monitoring

• GN 7 Chapter 4 – Only touched on training staff in CDD processes. GN 7A – Expands CDD measures, requiring institutions to:

  • Obtain detailed client information.
  • Conduct ongoing due diligence (not just at onboarding).
  • Monitor transactions continuously for suspicious activity.
  • Defines risk triggers requiring additional checks:
    • High-risk jurisdictions
    • Unusual transaction patterns
    • Politically exposed persons (PEPs)

Key Change
GN 7A makes CDD a dynamic, ongoing process rather than a one-time verification step.

8. De-Risking vs Risk Mitigation

  • GN 7 Chapter 4 – Did not address de-risking practices.
    GN 7A – Warns against ‘wholesale de-risking’, where institutions avoid risk entirely by rejecting entire categories of clients (eg, crypto firms, NGOs).Instead, requires institutions to apply mitigation strategies, including:
    • Stronger due diligence
    • Transaction monitoring
    • Risk-based client profiling.

Key Change
GN 7A discourages excessive de-risking, advocating for balanced risk treatment.

9. Training & Awareness

  • GN 7 Chapter 4 – Briefly mentioned the need for staff training on AML/CFT responsibilities. GN 7A – Mandates role-specific training for:
    • Senior management
    • Compliance officers
    • Frontline staff
    • Requires ongoing refresher training based on emerging threats. 

Key Change
GN 7A enforces structured, periodic AML training across all levels of an institution.

Final Recommendations for Accountable Institutions

  • Conduct a gap analysis to ensure RMCP aligns with GN 7A requirements.
  • Strengthen senior management involvement in compliance oversight.
  • Implement structured BO verification and transparency measures.
  • Ensure regular sanctions screening and transaction monitoring.
  • Update training programs to reflect new risk-based compliance expectations.