Addition of CASPs under the FIC Act as Accountable Institutions

Timelines & background

The application of the FIC Act to CASPs was well known in advance. In bringing CASPs under their supervision, the FIC are just following through on actions that have been floated and discussed over more than two years. The FATF’s Mutual Evaluation Report^[1] was another prompt for this, noting under Recommendation 15 that VASPs in South Africa were not required to take AML/CFT measures beyond general reporting.

From the executive summary of the IFWG Position Paper^[2] of June 2021: “Implementation of AML/CFT framework: The work of including CASPs as an accountable institution under Schedule 1 to the Financial Intelligence Centre Act 38 of 2001 (FIC Act) is already under way. Once CASPs are added to the list of accountable institutions, the full ambit of the FIC Act obligations will apply to them.”

The FIC published their intention in this regard in June 2020; the IFWG paper came out in June 2021; in October that year the MER from FATF was published, and in February this year, the Budget Review noted that this would be done by the end of the year. This was along with a note that CASPs would be brought under the FAIS Act by registering crypto as a financial product, which happened in October.

Addition to FIC Act Schedule 1

Per the FIC media release^[3]: “With the amendment to the Schedules, new designated items consisting of [among others] CASPs … are now included in Schedule 1 of the FIC Act.”

With effect from 19th December 2022, CASPs are now Accountable institutions under the FIC Act^[4]. This means that they are now under FIC supervision, and have a number of obligations. These include:

• Registration with the FIC.
• Record Keeping of all transactions and client information.
• Reporting of suspicious transactions and suspicious activities.
• Customer Due Diligence: KYC, PEP registrars, sanctions screening and transactional monitoring.
• Risk Management and Compliance Programme - development and implementation of a programme as well as being duly authorised by relevant management body.
• Appointment of a MLRO - communicated with the FIC, and the Money Laundering Reporting Officer to have sufficient knowledge on the FIC Act and compliance requirements and to have sufficient seniority to be able to perform duties.
• Training of staff on its RMCP as well as compliance requirements; training to take place on an annual basis.

CASPs are subject to FIC enforcement, but there will be an 18 month integration period during which a “transitional supervisory approach” applies, and the “FIC and supervisory bodies will focus on entrenching the FIC Act risk and compliance provisions. … Supervisory bodies will conduct inspections and, where warranted, issue remedial administrative sanctions, based on a risk-based approach, to correct identified areas of non-compliance. In respect of the new sectors, the FIC and supervisory bodies do not envisage issuing financial penalties for non-compliance with the FIC Act during the transitional 18-month period.” (media release) This 18 month period takes us to mid June 2024.  

Commentary and implications

This is another piece falling into place, with one more big one left, and stablecoins to come.

South Africa is coming into line with global best practice

• This has been well flagged in advance, and with CASPs now required to be registered under FAIS and supervised by the FIC, the pieces are in place for regulations that mirror global practice. The threat of grey listing from FATF should now be gone.

This imposes further costs on CASPs

• The larger and more prepared CASPs will be ready for their new responsibilities, but others may now have some work to do in recruiting and training. For all CASPs, the cost of AML and CFT programmes will impose new costs.
• Banks and other established institutions looking to provide crypto services already have established compliance teams and practices, and are already registered and compliant under FAIS, which may give them a slight advantage in some respects.  

The issue of crypto and Exchange Control is still to be addressed

• The remaining recommendation from the IFWG applies to exchange control. This is country specific, and so it is up to SA to draft its own rules rather than follow others. The 2022 Budget Review^[5] notes that the process to include crypto assets in exchange control regulations is “underway”. The FAIS and FIC amendments were noted in the same document as being finalised during 2022.
• CASPs and crypto assets are likely to be brought into Authorised Dealer regulations, following the same pattern of amending existing regulations rather than drafting new ones. The challenge remains of defining when a crypto asset is exported.

Still nothing crypto specific, but watch this space

• CASPs and crypto assets are defined separately, but added to existing legislation rather than having specific legislation drafted, as is the case with the EU’s MiCA regulations.
• Stablecoin regulations are coming, with a paper from the IFWG promised, again by the Budget Review, in 2022. Also from that document “National Treasury is also exploring measures to regulate energy intensive crypto mining”.

If you would like to contact BMA to discuss the issues raised here, or anything else of interest, please contact us via the contact page on our site.