June 2003 was a very important month from the perspective of money laundering control. The main administrative money laundering control duties took effect on 30 June 2003, thereby changing many of the business practices that were part of the South African business landscape. In the same month, South Africa gained membership of the Financial Action Task Force (FATF) which is the main international standard-setting body in respect of money laundering control. At the meeting where South Africa’s membership was endorsed, the FATF also adopted a new and more stringent set of money laundering control standards that all countries will have to meet. As South Africa is implementing its money laundering control legislation, thought must therefore be given to amendments that may be required to comply with the new set of international standards. In this state of flux, accountants and auditors have a very important role to play. Not only do they have to comply with the legislation but they will also be required to provide guidance to those clients who are bewildered by the new requirements. Obviously auditors will also have to consider non-compliance with these laws when planning and carrying out an audit.
HOW ARE REGISTERED ACCOUNTANTS AND AUDITORS AFFECTED? I Registered accountants and auditors are directly affected by the money laundering control laws. An enhanced duty for all persons in business to report certain suspicious transactions came into effect on 3 February 2003. This duty under the Financial Intelligence Centre Act 38 of 2001 (FICA) replaced the earlier and more limited duty under the Prevention of Organised Crime Act 121 of 1998 (POCA). Administrative money laundering control obligations for certain institutions and persons, the so-called "accountable institutions", came into effect on 30 June 2003. These duties include the duty to identify clients, verify certain particulars, keep records, train employees and appoint a compliance officer. Many, if not all, accountants and auditors have the duty to report suspicious transactions and some qualify as accountable institutions on account of the type of business that they conduct.
The money laundering control legislation raises many questions. The ambit of certain provisions is unclear and many accountants and auditors are not always certain about the impact of the legislation on their work or practice. In an attempt to bring greater clarity, the Public Accountants’ and Auditors’ Board (PAAB), which is designated as a supervisory body for purposes of FICA, issued a guide entitled Money laundering control: A guide for registered accountants and auditors in June 2003. This guide provides guidance in respect of the money laundering control compliance duties of registered accountants and auditors and the responsibility of auditors when conducting an audit. The publication also highlights areas of uncertainty and provides registered accountants and auditors with the interpretation and perspectives of the PAAB on certain contentious issues. The PAAB intends this guide to be reworked and continuously updated to provide registered accountants and auditors with relevant and current guidance.
This article highlights relevant aspects of the guide and considers whether the auditor’s responsibilities have changed with the introduction of the new legislation.
WHAT IS MONEY LAUNDERING CONTROL? I In an attempt to stamp out crime, especially organised and drug-related crime, the international community committed itself in a number of international instruments to combating money laundering. In general, money laundering control legislation criminalizes attempts at disguising the true nature of ill-gotten gains. It also forges a crime combating alliance between the business community and law enforcement. Those businesses that are the most vulnerable to abuse for laundering purposes are required to implement administrative measures to assist them to correctly identify their customers and to keep record of their particulars. In addition, businesses are required to be vigilant and to report any transactions that they know or suspect involves dirty money or property to law enforcement. These measures ensure that criminals are facing increased difficulties to enjoy the fruits of their crimes and that law enforcement is strengthened by the high quality intelligence produced by the business community.
South Africa adopted POCA and FICA to empower law enforcement to combat crime in general, including tax evasion, and to meet international standards and obligations. POCA creates the main money laundering offences and FICA gives rise to the administrative money laundering control obligations of businesses in general and of accountable institutions.1
POCA I POCA creates serious offences relating to money laundering. These offences include the rendering of assistance or advice to a criminal to assist him to launder money or to control, acquire, use or possess the proceeds of the crime of another. These offences can also be committed by a person who negligently fails to recognise the true nature of a money laundering transaction. The money laundering offences carry severe penalties. Fines range up to R1 billion and offenders may be imprisoned for life.
Since 1999 POCA required businesses to report suspicious transactions. This duty has now been superseded by the broader reporting duty under FICA.
FICA I FICA establishes the relevant money laundering law enforcement structures and creates compliance obligations for the members of the business community. The money laundering control obligations of a business or a businessperson are determined by their classification under FICA:
1 A person who is carrying on a business or is managing, in charge of or employed by a business (for purposes of this article referred to as a ‘general business’) has a duty under section 29 of FICA to report specific unusual and suspicious transactions to the Financial Intelligence Centre.
2 A person or business that is listed in Schedule 1 of FICA as an accountable institution has, in addition to the section 29 reporting obligation, a full set of compliance obligations, including the duty to report certain transactions involving cash amounts exceeding a specified threshold. The majority of these duties, excluding the duty to report cash threshold transactions, took effect on 30 June 2003. Schedule 1 to FICA includes attorneys, estate agents, banks, insurance companies, investment advisors and brokers (including public accountants, as defined in the Public Accountants and Auditors Act 1991, that render such services), casinos and trustees.
3 A person or business that is listed in Schedule 3 of FICA as a reporting institution has, in addition to the section 29 reporting obligation, the duty to report specific cash threshold transactions. The duty to report cash threshold transactions will take effect on a future date that has not yet been determined. Only two reporting institutions are listed, namely dealers in motor vehicles and dealers in Kruger Rands.
The duties of persons and businesses that have compliance obligations under FICA are detailed in the FICA regulations. In conjunction with these regulations the Minister also published a set of exemptions in respect of these obligations. The majority of these exemptions exempt certain institutions from some of the general compliance obligations.
The compliance obligations of a specific person or business can only be determined once it has been classified under one of the above FICA categories. As the cash threshold reporting duties are not yet effective, the focus in the following discussion falls on the persons and businesses in the first two categories.
THE COMPLIANCE OBLIGATIONS OF GENERAL BUSINESSES I In Standard General Insurance Company v Hennop 1954 4 SA 560 (A) the Appellate Division accepted the following as a definition of "business":
"[A]nything which occupies the time and attention and labour of a man for the purpose of profit is business".
Any person:
• who carries on such a business (e.g. sole proprietor, partner, trustee, company, close corporation, cooperative etc);
• who is in charge of or manages such a business (e.g. director, manager); or
• who is employed by such a business;
has a duty under section 29 of FICA to file a report with the Financial Intelligence Centre (FIC) if he knows or suspects the following:
• The business has received or is about to receive the proceeds of unlawful activities;
• A transaction or series of transactions which the business is party to:
- facilitated or is likely to facilitate the transfer of the proceeds of unlawful activities;
- has no apparent business or lawful purpose;
- is conducted for the purpose of avoiding giving rise to a duty to report a suspicious transaction or a transaction involving an amount exceeding the specified threshold in terms of FICA;
- may be relevant to the investigation of an evasion or attempted evasion of a duty to pay any tax, duty or levy imposed by legislation administered by the Commissioner for the South African Revenue Service; or
• The business has been used or is about to be used in any way for money laundering purposes.2
FICA not only requires the reporting of suspicious or unusual transactions that were actually carried out. A person who knows or suspects that any transaction about which enquiries are made may have caused any of the consequences that would have rendered it suspicious or unusual, must report that attempted transaction under section 29 even though the transaction was not actually concluded.
FILING OF A REPORT I
Regulation 24 of the FICA regulations stipulates that a transaction must be reported to the FIC as soon as possible, but not later than fifteen business days after the reporter has become aware of a fact concerning a transaction on the basis of which a report must be filed. The report must be filed in accordance with the format specified by regulation 23 of the FICA regulations and preferably by means of the internet-based portal of the FIC at
http://www.fic.gov.za. However, a reporter who does not have the technical capability to file a report via the Internet may make it on a form that corresponds substantially with the form prescribed in the regulations and fax it to the FIC (fax number 012-315 5828) or deliver it to the FIC at the 14th floor, 240 Vermeulen Street, Pretoria.
FICA requires persons who must report transactions to file their reports with the FIC. Section 69 does allow persons who are employees, directors or trustees of, or partners in, accountable institutions to report a transaction to their compliance officer or a superior under certain circumstances. The compliance officer or superior then has to file that report with the FIC. However, this exemption only applies to accountable institutions. Reporters in general businesses therefore have to ensure that their reports are filed directly with the FIC.
No person who made or must make or who knows or suspects that a report has been made or is to be made under section 29 may disclose that fact to the client or any other person, unless such disclosure is allowed by FICA.
Once a report was filed, the business may be approached by the FIC or other investigators for additional information that they reasonably require to investigate the report and the grounds for the report.
In addition to avoiding committing the offence of non-reporting, filing a report also holds further benefits for the reporter. A person who files a report may possibly have committed a money laundering offence under POCA by processing or concluding the problematic transaction. If that person is subsequently charged with committing a money laundering offence under section 2(1)(a) or (b) or section 4, 5 or 6 of POCA the reporter may raise as a valid defence the fact that the transaction was reported in terms of section 29 of FICA.
THE COMPLIANCE OBLIGATIONS OF ACCOUNTABLE INSTITUTIONS I
CLASSIFICATION AS AN ACCOUNTABLE INSTITUTION I
A person is an accountable institution under FICA if the person or their business activities are listed in Schedule 1 of FICA. The business activities of a specific person or business must therefore be compared to the listed persons and activities to determine whether that person or business is an accountable institution under FICA.
It is important to consider not only the general business of the particular institution, but also the scope of business of any business units and the qualifications and business activities of each of its employees. It is possible that an institution may not be an accountable institution, but that a number of its employees may be accountable institutions on account of their qualifications or specific duties within that institution. Persons who are accountable institutions may also be working for other accountable institutions.
Registered accountants and auditors are not listed as accountable institutions in their capacity as registered accountants and auditors. However, a registered accountant and auditor will be an accountable institution if the registered accountant and auditor engage in a business activity that is listed in Schedule 1. Mention is made of accountants and auditors in item 12 of the Schedule, but this listing is linked to investment services that may be rendered by any person, including registered accountants and auditors. Item 12 reads as follows:
"A person who carries on the business of rendering investment advice or investment broking services, including a public accountant as defined in the Public Accountants and Auditors Act, 1991 (Act No. 80 of 1991) (sic), who carries on such a business."
"Investment advice" and "investment broking services" are phrases that are difficult to define with precision. The Financial Advisory and Intermediary Services Act 37 of 2002 contains comprehensive definitions in respect of financial investment advice and financial intermediary services but these definitions do not extend to investment advice and investment broking services in general. The PAAB has therefore lodged a formal request with the FIC for guidance on the interpretation of these phrases. Pending the receipt of such guidance, the PAAB interprets item 12 as follows:
• A registered accountant and auditor who render normal professional services are not classified as an accountable institution under item 12. Only registered accountants and auditors who render investment advice or investment broking services come within the ambit of item 12.
• "Investment advice" is interpreted as the making of proposals or recommendations or the giving of guidance in relation to the quality or soundness of a particular investment which persuades or sways the recipient to make that investment, or which would reasonably have that effect. The following is not regarded as investment advice:
- objective advice on or an analysis of investment products in general;
- general advice regarding a diversification of an investment portfolio;
- the objective provision of mere factual information on investment opportunities without express or implied recommendations, proposals or guidance; or
- providing advice that is restricted to the tax implications of investment strategies or any related acts of a client.
• "Investment broking services" is interpreted as any service delivered as an agent on behalf of a client or a third party, with a view to buying, selling or otherwise dealing in (whether on a discretionary or non-discretionary basis) any financial product or other type of investment. It includes the active management of an investment portfolio of a client as well as the pooling of funds or investments of several clients for purposes of an investment, but excludes the mere administration, maintenance or the keeping in safe custody of an investment made by a particular client.
• To come within the ambit of item 12 the registered accountant and auditor must carry on business as an investment advisor or broker. Incidental, occasional advice that may be rendered while rendering normal professional services will not amount to the carrying on of business as an investment advisor or broker.
• If a client is charged for investment advice or investment broking services, or any financial benefit accrues directly or indirectly to the registered accountant and auditor on account of such advice, it will ordinarily be indicative of the carrying on of business in that capacity.
In addition to item 12 registered accountants and auditors are urged to study all other items in Schedule 1 to FICA. It is important to consider each item and every business activity of the particular registered accountant and auditor or their business before a conclusion is reached regarding the correct status under FICA. In cases of uncertainty, it will be important to obtain legal advice.
GENERAL COMPLIANCE OBLIGATIONS OF ACCOUNTABLE INSTITUTIONS I Persons and institutions that are classified as accountable institutions share with general businesses the general obligation to report suspicious and unusual transactions. As a result, accountable institutions must ensure that they as well as their managers and employees are compliant with section 29 of FICA. In addition, accountable institutions had to comply with the administrative money laundering control duties from 30 June 2003. A core administrative duty is the duty to identify clients, verify their particulars and keep record of certain information. An accountable institution must:
• identify all new clients by obtaining prescribed information (for instance, the full name, identity number and residential address of a client) and verify the correctness of certain information that the clients supply to the institution by comparing the information with documentation and other records;3 and
• keep record of prescribed details of clients and their transactions.4
The detailed requirements regarding customer identification, verification and record keeping are set out in the regulations under FICA.5 The relevant regulations differentiate amongst the following types of clients:
• natural South African citizens and residents;
• natural foreign nationals;
• close corporations and South African companies;
• foreign companies;
• other legal persons;
• partnerships; and
• trusts.
The regulations also require accountable institutions to obtain the income tax and value added tax numbers, if any, that have been issued by SARS to a client. However, an exemption from this duty was created by exemption 6(2). It appears as if this exemption is only temporary in nature. The PAAB therefore advised registered accountants and auditors to consider including tax information as part of their client identification and record-keeping policies and procedures. If this information is not obtained in respect of new clients, they will have to be contacted to obtain this information once the exemption is withdrawn.
The duties set out above took effect on 30 June 2003. Since that date accountable institutions had to identify their clients and verify their particulars in accordance with FICA. Accountable institutions have also been allowed one year from 30 June 2003 to re-identify and re-verify the identity of all existing clients in accordance the FICA requirements.
In addition to identification, verification and record-keeping duties, accountable institutions were also give a number of other obligations, for instance, they must draft appropriate internal rules, train their employees on those rules and their duties under FICA and appoint or designate a compliance officer who will ensure that the institution and its employees comply with FICA and the relevant internal rules.
ASPECTS OF THE DUTY TO REPORT SUSPICIOUS TRANSACTIONS I
CLIENT CONFIDENTIALITY I
The auditor has a professional duty of confidentiality with respect to client information. In terms of the rules of professional conduct, the auditor shall not use or disclose any confidential information concerning the affairs of a client without proper and specific authority or unless there is a legal or professional right or duty to disclose. These rules are entrenched in the profession and concerns have been raised regarding the effect of the new obligation to report suspicious transactions on the duty to preserve confidentiality. However, the duty of confidentiality is not absolute. It may, for instance, be limited by legislation. The duty to report suspicious transactions is an example of a statutory provision that requires an auditor to disclose information that would otherwise have been protected from disclosure by the duty of confidentiality.
An accountant and auditor who files a report is protected against any criminal or civil charges that may be brought on the basis of an alleged breach of client confidentiality. No such action can be taken against the reporter even if it is later proved that the suspicions were bona fide but turned out to be incorrect. However, the protection against a breach of confidentiality is only afforded to those who comply in good faith with the provisions of FICA. Practitioners must therefore ensure that the filing of the report is required by section 29 of FICA and that they comply with the law when they disclose information.
In this respect, auditors must note one important limitation to the reporting duty under section 29. This duty only arises when the business of the reporter:
• has received or is about to receive proceeds of crime;
• a transaction or series of transactions to which the business is a party is linked to money laundering or tax evasion as set out in section 29; or
• has been used or is about to be used for money laundering purposes.
For purposes of a section 29 reporting duty the auditor’s business must therefore be linked to the problematic transaction. An auditor who detects that a client has entered into a suspicious or unusual transaction with a third party is advised to carefully consider whether that knowledge will give rise to a duty to report that transaction in terms of section 29 of FICA. Ordinarily the auditor will not have a reporting obligation in this case because neither the auditor nor the auditor’s business will be a party to the problematic transaction. However, the auditor may, in certain rare circumstances, be required to report such a transaction in terms of FICA. For the duty to arise, the auditor must become a party to such a transaction or be abused in some way for money laundering purposes. This will be the case if, for example, the client is a front for a money laundering operation and the auditor believes or suspects that the auditor’s reputation is being used by the client to legitimise the client’s business activities or that the audit fees received from the client are ‘tainted’ as a consequence of the client’s unlawful activities. If the suspicious transaction does not fall within the limited ambit of section 29, the auditor has no reporting obligation and client confidentiality may be breached if such a report is filed.
Auditors who have difficulty in determining whether they have a duty to report a specific transaction under section 29 may wish to obtain legal advice. If a problematic transaction is not reportable under section 29, the auditor must consider any other legal obligation to disclose information regarding that transaction, for instance, taking steps in terms of section 20(5) of the Public Accountants’ and Auditors’ Act 80 of 1991.
TIPPING-OFF I
No person who has filed or who contemplates filing a suspicious transaction report may tip-off anyone, including the client, about the report. This prohibition has given rise to a concern that an auditor in such a position who wishes to continue with an audit should refrain from asking probing questions regarding the transaction. However, the FICA allows a reporter or potential reporter to disclose information when it is done within the scope of the powers and duties of that person in terms of any legislation. The PAAB is of the view that normal enquiries made bona fide during an audit to obtain appropriate evidence to support the opinion on the financial statements as well as steps taken in terms of section 20(5) of the Public Accountants’ and Auditors’ Act 80 of 1991 will generally not amount to a contravention of the tipping-off provisions. These enquiries and disclosures are made in compliance with the statutory duties of the auditor in terms of the Companies Act 61 of 1973 and the Public Accountants’ and Auditors’ Act 80 of 1991 in order to serve the public interest.
FRAUD, ERROR AND NON-COMPLIANCE I
The audit has to be planned to enable the auditor to obtain reasonable assurance that the financial statements taken as a whole are free of material misstatements. Misstatements may result from fraud, error or non-compliance with applicable laws and regulations. Money laundering activities constitute non-compliance with laws and regulations and may also be connected to fraud and other offences. Although auditors have no statutory responsibility to perform procedures to specifically detect money laundering, they need to consider the possibility of money laundering when carrying out procedures relating to fraud and error and compliance with laws and regulations. Obviously the auditor should also consider the possibilities of non-compliance with the administrative money laundering control duties when planning and performing an audit on an accountable institution.
KNOWING YOUR CLIENT I South African Auditing Standards requires that the auditor have or obtain a knowledge of the business sufficient enough to enable the auditor to identify and understand the events, transactions and practices that, in the auditor’s judgment, may have a significant effect on the financial statements or in the examination or the audit report. Such knowledge is required to assess risks, plan the audit, evaluate audit evidence, and to identify those areas where client service could be provided or improved. Although knowledge of the client has a different connotation in anti-money laundering legislation, the client is still the same client and such knowledge is relevant whether the auditor is reporting in a professional or money laundering control capacity. What is, and has again become of paramount importance, are procedures followed by firms when accepting new clients. Indeed, the International Auditing and Assurance Standards Board (IAASB) has split the previous International Standard on Auditing (ISA) 220, Quality Control for Audit Work, into two parts; one dealing with quality control standards for individual audits, and one focussing on quality control standards for the firm itself, including client acceptance procedures.
Where these procedures do not provide evidence of sufficient quality to satisfy the engagement partner that the identity of the prospective client has been adequately verified, further enquiries may be appropriate. If the engagement partner remains in doubt as to the prospective client’s identity, he may well decline to act. Audit firms should ensure that they have adequate procedures in place to verify clients’ identification. Firms are also required to keep adequate records of client identification and transactions. Documents verifying a client’s identity should indicate the nature of the evidence obtained and either comprise a copy of the evidence or provide such information as would enable a copy of it to be obtained.
INTERNATIONAL TRENDS I With the renewed focus on fraud, whether it be in the domain of money laundering or other criminal activity, it is relevant that the IAASB has re-exposed ISA 240, Fraud and Error. What is particularly noticeable is the inclusion of procedures to assess the honesty and integrity of those charged with the client’s governance and it is hardly coincidental that the statement uses concepts that are also relevant in a money laundering context. For instance, reference is made to incentives or pressure to commit fraud, a perceived opportunity to do so and some rationalisation of the act.
Internationally, expectations are being harboured that accountants and auditors will identify money laundering transactions. The revised Forty Recommendations of the FATF, which were published in June 2003, require countries to compel lawyers and accountants to report suspicious transactions when engaging in financial transactions on behalf of or for a client. The recommendations strongly urge countries to extend the reporting requirement to all professional activities of accountants, including auditing.
However, it is important to appreciate that it is often very difficult to identify money laundering transactions. The professional money launderer engineers transactions to simulate normal business activity. Some money laundering schemes may involve complex company structures and transactions that are deliberately designed to conceal the audit trail. And while the auditor can certainly not be expected to assume the role of a super sleuth, the confidence the public has in the ability of the auditor to achieve the impossible means that the profession will need to brace itself for the impact of the increased expectations.
Although the public at large may have very high expectations, accountants and auditors can take comfort in the fact that the money laundering control laws create reasonable obligations. FICA requires of all members of the business community, including accountants and auditors, to be honest, vigilant and diligent, to use their knowledge, expertise and common sense and to act reasonably. Auditors are therefore not expected to change their role from watchdogs to bloodhounds. However, they may embrace an additional role Ð that of guide dog. Apart from ensuring their own compliance with the money laundering control laws, accountants and auditors can play a very positive role by providing guidance to their clients on compliance with the money laundering control laws. They are often in key positions to assist clients to implement well-structured and inexpensive compliance procedures. Every client who benefit from such guidance will not only be compliant with the law, but will also be making a key contribution to crime combating in South Africa. If accountants and auditors fulfil these obligations they will assist in protecting the integrity of the South African economy and will play a pivotal role in making South Africa a safer country for all.
References
Public Accountants’ and Auditors’ Board Money Laundering Control: A Guide for Registered Accountants and Auditors (June 2003)
Institute of Chartered Accountants in England and Wales Money Laundering Guidance Notes for Chartered Accountants (September 2000)
South African Auditing Standards
Endnotes
1 See, in general, De Koker KPMG Money laundering control service (Butterworths (1999-); De Koker "Money laundering control: The South African model" 2002 Journal of Money Laundering Control (vol 6(2)) 166-181; Smit Clean money, suspect source: Turning organised crime against itself ISS (2001); Itzikowitz "The prevention and control of money laundering in South Africa" 1999 Tydskrif vir Hedendaagse Romeins-Hollandse Reg 88-107; De Koker & Henning Money laundering control in South Africa Transactions of the Centre for Business Law (vol 30) UOFS (1998).
2 See, in general, De Koker "Money laundering trends in South Africa" 2002 Journal of Money Laundering Control (vol 6(1)) 27-41 for the types of money laundering transactions that are generally encountered by investigators.
3 Section 21 of FICA.
4 Section 22 of FICA.
5 Chapter 1-3 of the FICA regulations.
Bernard Agulhas, CA(SA), is Director: Auditing Standards, Public Accountants’ and Auditors’ Board. Professor Louis de Koker is Director: Centre for the Study of Economic Crime, RAU.