AML: RISK MANAGEMENT & COMPLIANCE PROGRAMME

ONVEY

28 PETER PLACE LYME PARK SANDTON 2060

AML:

RISK MANAGEMENT &

COMPLIANCE PROGRAMME

THE PRIME FINANCIAL SERVICES GROUP

AML: Risk Management & Compliance Programme – v3.00

1

CONTENTS 1. APPLICATION OF THE RISK MANAGEMENT & COMPLIANCE PROGRAMME ............................. 5

2. PURPOSE & SCOPE OF RISK MANAGEMENT & COMPLIANCE PROGRAMME ............................ 5

3. DEFINITIONS ......................................................................................................................... 5

4. DUTY TO PERFORM THE REQUIRED CUSTOMER DUE DILIGENCE ............................................. 6

ANONYMOUS CLIENTS & CLIENTS ACTING UNDER FALSE/FICTITIOUS NAMES .............................. 6

IDENTIFICATION OF CLIENTS & OTHER PERSONS ........................................................................... 7

ONGOING DUE DILIGENCE .............................................................................................................. 7

DOUBTS CONCERNING THE VERACITY OF PREVIOUSLY OBTAINED INFORMATION ....................... 7

INABILITY TO CONDUCT CUSTOMER DUE DILIGENCE ..................................................................... 7

SANCTION SCREENING .................................................................................................................... 7

CLIENT RISK-RATING ........................................................................................................................ 7

5. DUTY TO KEEP REQUIRED RECORDS....................................................................................... 8

CUSTOMER DUE DILIGENCE RECORDS ............................................................................................ 8

TRANSACTION RECORDS & FORMAT .............................................................................................. 8

PERIOD FOR WHICH RECORDS MUST BE KEPT................................................................................ 8

RECORDS MAY BE KEPT IN ELECTRONIC FORMAT & BY THIRD PARTIES ........................................ 8

ADMISSABILITY OF TRANSACTION RECORDS .................................................................................. 9

6. REPORTING DUTIES ............................................................................................................... 9

DUTY TO REPORT............................................................................................................................. 9

ACCESS TO RECORDS ....................................................................................................................... 9

CASH TRANSACTIONS ABOVE THE PRESCRIBED LIMIT .................................................................... 9

PROPERTY ASSOCIATED WITH TERRORIST & RELATED ACTIVITIES AND FINANCIAL SANCTIONS.10

SUSPICIOUS & UNUSUAL TRANSACTIONS..................................................................................... 10

CONVEYANCE OF CASH TO OR FROM THE REPUBLIC OF SOUTH AFRICA ..................................... 10

ELECTRONIC TRANSFERS IF MONEY TO OR FROM THE REPUBLIC OF SOUTH AFRICA .................. 10

REPORTING PROCEDURES & FURNISHING OF ADDITIONAL INFORMATION ................................ 10

CONTINUATION OF TRANSACTIONS ............................................................................................. 10

INTERVENTION BY THE FINANCIAL INTELLIGENCE CENTRE .......................................................... 11

REPORTING DUTY & CONFIDENTIALITY RULES ............................................................................. 11

PROTECTION OF PERSONS MAKING REPORTS .............................................................................. 11

ADMISSABILITY AS EVIDENCE OF REPORTS MADE TO THE FINANCIAL INTELLIGENCE CENTRE ... 11

ACCESS TO INFORMATION HELD BY THE FINANCIAL INTELLIGENCE CENTRE & THE PROTECTION

OF CONFIDENTIAL AND PERSONAL INFORMATION ...................................................................... 11


2

7. COMMITMENT TO COMPLIANCE ......................................................................................... 12

THE RISK MANAGEMENT & COMPLIANCE PROGRAMME ............................................................. 12

REGISTRATION WITH THE FIC ........................................................................................................ 12

8. CONSEQUENCES OF NON-COMPLIANCE ............................................................................... 13

GENERAL ........................................................................................................................................ 13

FAILURE TO IDENTIFY PERSONS .................................................................................................... 13

FAILURE TO COMPLY WITH DUTY IN REGARD TO CUSTOMER DUE DILLIGENCE .......................... 13

FAILURE TO KEEP RECORDS ........................................................................................................... 13

DESTROYING OR TAMPERING WITH RECORDS ............................................................................. 13

FAILURE TO GIVE ASSISTANCE ...................................................................................................... 13

CONTRAVENTION OF PROHIBITIONS RELATING TO PERSONS & ENTITIES INDENTIFIED BY THE

SECURITY COUNCIL OF THE UNITED NATIONS .............................................................................. 13

FAILURE TO ADVISE THE FIC .......................................................................................................... 13

FAILURE TO REPORT CASH TRANSACTIONS .................................................................................. 14

FAILURE TO REPORT PROPERTY ASSOCIATED WITH TERRORIST & RELATED ACTIVITIES ............. 14

FAILURE TO REPORT SUSPICIOUS OR UNUSUAL TRANSACTIONS ................................................. 14

UNAUTHORISED DISCLOSURE ....................................................................................................... 14

FAILURE TO REPORT CONVEYANCE OF CASH OR BEARER NEGOTIABLE INSTRUMENTS INTO OR

OUT OF THE REPUBLIC OF SOUTH AFRICA .................................................................................... 14

FAILURE TO SEND REPORTS TO THE FIC ........................................................................................ 14

FAILURE TO REPORT ELECTRONIC TRANSFERS ............................................................................. 14

FAILURE TO COMPLY WITH FIC REQUESTS ................................................................................... 15

FAILURE TO COMPLY WITH THE DIRECTIVES OF THE FIC .............................................................. 15

FAILURE TO COMPLY WITH A MONITORING ORDER .................................................................... 15

MISUSE OF INFORMATION ............................................................................................................ 15

FAILURE TO COMPLY WITH DUTIES IN RESPECT OF THE RMCP .................................................... 15

FAILURE TO REGISTER WITH THE FIC ............................................................................................ 15

FAILURE TO COMPLY WITH DUTIES REGARDING GOVERNANCE .................................................. 15

FAILURE TO PROVIDE TRAINING ................................................................................................... 16

OFFENCES RELATING TO INSPECTION ........................................................................................... 16

HINDERING OR OBSTRUCTING AN APPEAL BOARD ...................................................................... 16

FAILURE TO ATTEND AN FIC SUMMONS ....................................................................................... 16

FAILURE TO ANSWER FULLY OR TRUTHFULLY............................................................................... 16

FAILURE TO COMPLY WITH FIC DIRECTIVES OR THOSE OF SUPERVISORY BODIES ....................... 16


3

OBSTRUCTING OFFICIALS IN THE PERFORMANCE OF THEIR DUTIES ............................................ 16

CONDUCTING TRANSACTIONS TO AVOID REPORTING DUTIES .................................................... 17

UNAUTHORISED ACCESS TO FIC COMPUTER SYSTEMS, APPLICATIONS OR DATA ....................... 17

UNAUTHORISED MODIFICATIONS TO FIC COMPUTER SYSTEM CONTETS .................................... 17

PENALTIES ..................................................................................................................................... 17

9. TRAINING ........................................................................................................................... 17

ANNEXURE 1: GENERAL INFORMATION ...................................................................................... 18

ANNEXURE 2: RISK ASSESSMENT AND CLIENT DUE DILIGENCE PROCESS ...................................... 19

1. GENERAL ............................................................................................................................... 19

2. RISK CALCULATION CRITERIA & REVIEW PERIODS ................................................................ 19

3. RISK RATING REVIEW ............................................................................................................ 20

4. CLIENT DUE DILIGENCE (CDD) ............................................................................................... 20

5. PROCEDURE: ACCEPTANCE & REJECTION OF CLIENTS ......................................................... 21

6. ENHANCED CDD .................................................................................................................... 22

7. POLITICALLY IMPORTANT PERSONS (PIPS) ........................................................................... 22

8. SIMPLIFIED CDD PROCESSES ................................................................................................. 22

9. THIRD PARTY RELIANCE AND INTRODUCED BUSINESS ......................................................... 23

10. RECORD KEEPING .............................................................................................................. 24

ANNEXURE 3: REPORTING .......................................................................................................... 25

1. LODGING OF REPORTS OF SUSPICIOUS TRANSACTIONS ...................................................... 25

2. SPECIFIC REPORTS AND TIMELINES ...................................................................................... 25

ANNEXURE 4: LEGAL FRAMEWORK ............................................................................................. 27

1. AML/CTF REGULATORY AUTHORITIES IN SOUTH AFRICA ..................................................... 27

2. THE FINANCIAL INTELLIGENCE CENTRE ACT OF SOUTH AFRICA ........................................... 27

3. OTHER RELEVANT LEGISLATION ............................................................................................ 28

ANNEXURE 5: OWNERSHIP, APPROVAL & REVISION HISTORY...................................................... 29

POLICY OWNER ............................................................................................................................. 29

POLICY APPROVAL ......................................................................................................................... 29

POLICY REVISION ........................................................................................................................... 29

SCHEDULE 1: COMPLIANCE TRAINING MANUAL AND PROCESS DOCUMENT ................................ 32

1. INTRODUCTION ..................................................................................................................... 32

2. MONEY LAUNDERING AND TERRORIST FINANCING ............................................................. 32

3. CULTURE OF COMPLIANCE ................................................................................................... 33

4. RISK BASED APPROACH ......................................................................................................... 36


4

5. CDD PROCESS: ....................................................................................................................... 37

6. ONGOING MONITORING ....................................................................................................... 40

7. REPORTING ........................................................................................................................... 44

8. RECORD KEEPING .................................................................................................................. 51

9. TRAINING .............................................................................................................................. 52

10. REVIEW .............................................................................................................................. 57

APPENDICES .............................................................................................................................. 58

APPENDIX 1: EMPLOYEE UNDERTAKING ....................................................................................... 59

APPENDIX 2: ADMINISTRATIVE SANCTIONS, OFFENCES & PENALTIES ......................................... 60

APPENDIX 3: JURISDICTIONS ......................................................................................................... 61

APPENDIX 4: CDD PROCESS ........................................................................................................... 62

APPENDIX 5: CLIENT RISK ASSESSMENT ........................................................................................ 63

APPENDIX 6: ACCEPTABLE SUPPORTING DOCUMENTATION ....................................................... 66

APPENDIX 7: ENHANCED CDD FOR HIGH RISK CLIENTS ................................................................ 72

APPENDIX 8: ELIGIBLE INTRODUCER CERTIFICATE ........................................................................ 73

APPENDIX 9: AML CONFIRMATION LETTER .................................................................................. 74

APPENDIX 10: SAMPLE INTERNAL DISCLOSURE FORM TO MLRO ................................................. 76 1


5

1. APPLICATION OF THE RISK MANAGEMENT & COMPLIANCE PROGRAMME 1.1 This Risk Management & Compliance Programme is applicable to the legal entities within the

Prime Financial Services Group (hereinafter referred to as “the Group”), as shown on the Group’s corporate organogram and amended from time to time. The document is also applicable to associate companies (hereinafter referred to as “Associates”).

2. PURPOSE & SCOPE OF RISK MANAGEMENT & COMPLIANCE PROGRAMME

2.1 The purpose of the Risk Management & Compliance Programme as contained herein is to formally document the Group’s commitment to compliance with the Financial Intelligence Centre Act of South Africa as amended from time to time as well as compliance with the requirements of any associated Anti-Money Laundering and Counter-Terrorism Financing legislation.

3. DEFINITIONS 3.1 Accountable Institution: An accountable institution is any person or entity as described in

Schedule 1 of the Financial Intelligence Centre Act No. 38 of 2001 who must ensure adherence to the legal requirements and responsibilities as set out therein. An accountable institution can be split into two distinct categories:

i) Primary Accountable Institution: These institutions are responsible for verifying and

keeping record of the identities of their clientele.

ii) Secondary Accountable Institutions: These institutions rely on the adherence of the Primary Accountable Institutions and as such, are not required to verify the identities of the Primary Accountable Institution’s clients.

3.2 Act: Financial Intelligence Centre Act No. 38 of 2001 (also known as “FICA”), as amended from

time to time.

3.3 AML: Anti-Money Laundering.

3.4 CTF: Counter-Terrorism Financing.

3.5 Customer Due Diligence: The steps and procedures taken to identify and verify clients. For the purposes of abbreviation, it is also referred to as “CDD”.

3.6 Financial Action Task Force: The Financial Action Task Force s an intergovernmental organization founded in 1989 on the initiative of the G7 to develop policies to combat money laundering. In 2001, its mandate was expanded to include terrorism financing. For the purposes of abbreviation, it is also referred to as “FATF”.

3.7 Financial Intelligence Centre: The Financial Intelligence Centre is South Africa’s national centre for gathering, analysis and dissemination of financial intelligence. It was established to identify proceeds of crime, combat money laundering and the financing of terrorism and, in so doing, has a primary role to protect the integrity of South Africa’s financial system. For the purposes of abbreviation, it is also referred to as “FIC”.


6

3.8 Law enforcement Agencies: Financial Intelligence Centre, South African Police, National Prosecuting Authority, National intelligence agencies, South African Revenue Services, the Independent Police Investigative Directorate, Special Investigative Units and supervisory bodies including the Financial Sector Conduct Authority and Prudential Authority.

3.9 MLRO: Money Laundering Reporting Officer. 3.10 Money Laundering: Any process which gives the proceeds of unlawful activities the appearance

that they originate from a legitimate source. 3.11 PIP: Prominent Influential Persons refer to any individuals who are or have in the past been

entrusted with prominent functions in a particular country. PIPs can be split into two distinct categories:

i) Foreign Prominent Public Officials: Individuals who hold or have held prominent positions

at any time during the preceding 12 months in a foreign country.

ii) Domestic Prominent Influential Persons: Individuals who hold or have held (including acting positions exceeding 6 months) prominent positions during the preceding 12 months within the Republic of South Africa

PIPs include the family members and close associates of any person identified as either a Foreign Prominent Public Official or a Domestic Prominent Influential Person. For the sake of definition, family members and close associates includes:

i) A spouse, civil partner or life partner;

ii) A previous spouse, civil partner or life partner (if applicable);

iii) Children and step children;

iv) Parents; and

v) Siblings and step siblings. 3.12 POPIA: Protection of Personal Information Act No. 4 of 2013

3.13 RMCP: Risk Management & Compliance Programme.

3.14 SAR: Suspicious Activity Report

3.15 STR: Suspicious Transaction Report.

4. DUTY TO PERFORM THE REQUIRED CUSTOMER DUE DILIGENCE

ANONYMOUS CLIENTS & CLIENTS ACTING UNDER FALSE/FICTITIOUS NAMES

4.1 The Group and its Associates will not establish a business relationship or conclude a single

transaction with an anonymous client or a client who transacts under an apparent false or fictitious name.


7

IDENTIFICATION OF CLIENTS & OTHER PERSONS

4.2 When engaging with prospective clients to establish a business relationship or enter into a single transaction, the Group and its Associates will establish and verify the identity of such prospective clients and will take additional due diligence measures as necessary when dealing with legal persons, partnerships and trusts.

4.3 Should a client act on behalf of another person, the Group and its Associates will establish and verify the identity of that other person and the client’s authority to establish a business relationship or conclude single transactions on their behalf.

4.4 If another person is acting on behalf of a client, the Group and its Associates will establish and verify the identity of that person and the person’s authority to act on behalf of the client.

4.5 Please refer to Annexure 2 for further information on the processes and documents required when establishing and verifying the identity of a client or other person.

ONGOING DUE DILIGENCE

4.6 The Group and its Associates will conduct ongoing due diligence in respect of all its clients. Due diligence will include the monitoring of transactions undertaken by clients throughout the course of their business relationship with the Group and ensuring that all client-related information is kept current and up-to-date.

DOUBTS CONCERNING THE VERACITY OF PREVIOUSLY OBTAINED INFORMATION

4.7 Should the Group and/or its Associates at any point doubt the veracity or adequacy of information previously obtained from a client, the Group will repeat the steps detailed in paragraphs 4.2 through 4.5 and Annexure 2 to the extent necessary to confirm the information in question.

INABILITY TO CONDUCT CUSTOMER DUE DILIGENCE

4.8 Should the Group and its Associates be unable to establish and verify the identity of a client or other relevant person, or to conduct ongoing due diligence, the Group and its Associates will not establish a single transaction with the client or will terminate an existing business relationship with the client as the case may be. The Group and its Associates shall also consider making a Suspiscious and Unusual Transaction Report, as detailed in Annexure 3.

SANCTION SCREENING

4.9 The Group and its Associates will sceen prospective unit trust clients and other relevant persons prior to establishing a business relationship or concluding a single transaction with such clients and/or other persons against the required sanction lists further detailed in Annexure 2.

CLIENT RISK-RATING

4.10 The Group and its Associates will risk-rate prospective clients and/or other relevant persons


8

prior to establishing a business relationship or concluding a single transaction with the clients or other persons as further detailed in Annexure 2.

5. DUTY TO KEEP REQUIRED RECORDS

CUSTOMER DUE DILIGENCE RECORDS

5.1 The Group and its Associates will keep records of all customer due diligence information as

specified in Annexure 2.

TRANSACTION RECORDS & FORMAT

5.2 The Group and its Associates will keep records of every transaction (whether the transaction is

a single transaction or it has been concluded in the course of an established business relationship with a client) that are reasonably necessary to enable the transactions’ reconstruction. The records will reflect at least the following: i) The amount involved and the currency denomination;

ii) The date the transaction was concluded;

iii) The parties to the transaction;

iv) The nature of the transaction;

v) Any related business correspondence; and

vi) The identifying particulars of all accounts and account files related to the transaction.

PERIOD FOR WHICH RECORDS MUST BE KEPT

5.3 The Group and its Associates will keep the records which relate to the establishment of a business relationship for at least seven years. The seven year period wil begin on the date the business relationship is terminated, or a single transaction concluded.

5.4 In instances where a single transaction gives rise to a STR, the seven year period will commence from the date the STR is submitted to the FIC.

RECORDS MAY BE KEPT IN ELECTRONIC FORMAT & BY THIRD PARTIES

5.5 In the event that the record keeping duty is performed by a third party on the behalf of the Group or its Associates, the Group will ensure that it has free and easy access to the records and that the records are readily available to the FIC and the relevant supervisory body for the purposes of performing its functions in terms of the Act. Records may be kept in electronic form and must be capable of being reproduced in a legible format.

5.6 The Group will inform the FIC and the supervisory body concerned with the prescribed particulars regarding the third party in the event that it appoints a third party to perform any record keeping on its behalf.


9

5.7 The Group and its Associates acknowledge that if the third party referred to in paragraph 5.5 above fails to properly comply with the record keeping requirements, the Group and its Associates will be liable for that failure.

ADMISSABILITY OF TRANSACTION RECORDS

5.8 All records kept in the terms of the Act, or any certified extract of any such record, or a certified printout of any extract of an electronic record, is on its mere production admissible as evidence in a court.

6. REPORTING DUTIES

DUTY TO REPORT

6.1 The Group and its Associates acknowledge the legal duty to report should an authorised

representative of the FIC request the Group, its Associates or any other person required to make a report in terms of the Act: i) Whether a specified person is or has been a client of the Group and/or its Associates;

ii) Whether a specified person is acting or has acted on behalf of a client of the Group and/or

its Associates;

iii) Whether a client of the Group and/or its Associates is acting or has acted on behalf of a specified person;

iv) Whether a number specified by the FIC was allocated by the Group and/or its Associates to a person with whom the Group and/or its Associates has or had a business relationship; or

v) On the type and status of a business relationship with a client of the Group and/or its Associates.

ACCESS TO RECORDS

6.2 The Group and its Associates acknowledge that an authorised representative of the FIC has

access during ordinary business hours to any records kept by or on behalf of the Group and/or its Associates and that such a representative may examine, make extracts from or copies of any such records for the purposes of obtaining further information in respect of a report made or ought to have been made in terms of the Act. This is subject to the requirement that the authorised representative of the FIC may, except in the case of public records, exercise this right of access only by virtue of a warrant issued in accordance with the requirements of the Act. The Group and its Associates will assist authorised FIC representatives in the exercise of their powers as required.

CASH TRANSACTIONS ABOVE THE PRESCRIBED LIMIT

6.3 The Group and its Associates will, as detailed in Annexure 3 and within the prescribed periods,

make a report to the FIC concerning the prescribed particulars of a transaction concluded with a client if, in terms of the transaction, an amount of cash in excess of the prescribed amount is paid by the Group or its Associates to the client, to a person acting on behalf of the client, or to


10

a person on whose behalf the client is acting, or is received by the Group or its Associates from the client, a person acting on behalf of the client, or from a person on whose behalf the client is acting.

PROPERTY ASSOCIATED WITH TERRORIST & RELATED ACTIVITIES AND FINANCIAL SANCTIONS

6.4 The Group and its Associates will, as further detailed within Annexure 3 and within the

prescribed period, make a report to the FIC as soon as it becomes aware that it possesses or controls any property linked to terrorism or entities which are sanctioned pursuant to the provisions of any AML and CTF legislation.

SUSPICIOUS & UNUSUAL TRANSACTIONS

6.5 The Group and its Associates will, as further detailed within Annexure 3 and within the

prescribed period, file a suspicious transaction report with the FIC as soon as they become aware of any suspicious or unusual transactions.

CONVEYANCE OF CASH TO OR FROM THE REPUBLIC OF SOUTH AFRICA

6.6 The Group and its Associates will, when conveying an amount of cash or a bearer negotiable

instrument in excess of the prescribed amount to or from the Republic of South Africa, on demand, report the prescribed particulars concerning that conveyance to a person authorised by the Minister for this purpose and will send a copy of the report to the FIC1.

ELECTRONIC TRANSFERS IF MONEY TO OR FROM THE REPUBLIC OF SOUTH AFRICA

6.7 The Group And its Associates will, when sending or receiving money through electronic transfer in excess of a prescribed amount outside of or from outside of the Republic of South Africa on behalf or on the instruction from another person, within the prescribed period after the money was transferred, report the transfer together with the prescribed particulars to the FIC2.

REPORTING PROCEDURES & FURNISHING OF ADDITIONAL INFORMATION

6.8 The Group and its Associates will ensure that all reports submitted to the FIC are made in the

prescribed manner and acknowledge that the FIC may request additional information, including prescribed information relating to transactional activity and supporting documentation, concerning the report and the grounds for the report that the FIC may reasonably require to perform its functions. Any such additional information will be provided in the prescribed formats and timeframes.

CONTINUATION OF TRANSACTIONS

6.9 The Group and its Associates may continue with and carry out the transaction in respect of

which a cash threshold, suspicious or unusual transaction report is required to be made unless the FIC provides directives not to proceed with the transaction.

1 Commencement date of Section 30 of the Act: To be proclaimed. 2 Commencement date of Section 31 of the Act: To be proclaimed.


11

INTERVENTION BY THE FINANCIAL INTELLIGENCE CENTRE

6.10 The Group and its Associates acknowledge that if, after consultation, the FIC has reasonable

grounds to suspect that a transaction or a proposed transaction may involve the proceeds of unlawful activities or property connected to the financing of terrorism and related activities or a property owned/controlled by or on behalf of identified persons pursuant to a sanctions list or in any way that constitutes money laundering or unlawful/terrorist activity, the FIC may direct the Group and its Associates in writing to cease carrying out any transaction or proposed transaction involving affected funds for a period not exceeding 10 business days. This will allow the FIC to make any and all necessary enquiries concerning the transaction and, should the FIC deem it appropriate, inform and advise investigating authorities and/or the National Director of Public Prosecutions.

REPORTING DUTY & CONFIDENTIALITY RULES

6.11 The Group and its Associates acknowledge that no duty of secrecy, confidentiality, or any other

restriction on the disclosure of information, whether imposed by legislation or arising from the common law or agreements, affects the duty to report as prescribed and required by the Act. No action, whether civil or criminal, can be brought against the Group, its Associates or any other person who complies in good faith with the reporting requirements and obligations imposed by the Act.

PROTECTION OF PERSONS MAKING REPORTS

6.12 The Group and its Associates acknowledge that any person who has made, initiated or

contributed to a report in terms of the Act is competent, but not compellable, to give evidence in criminal proceedings arising from the report. No evidence concerning the identity of such a person in terms of Sections 28, 29 or 31 of the Act, or who has furnished additional information concerning such a report or the grounds for such a report is admissible as evidence in criminal proceedings unless that person chooses to testify at those proceedings.

ADMISSABILITY AS EVIDENCE OF REPORTS MADE TO THE FINANCIAL INTELLIGENCE CENTRE

6.13 The Group and its Associates acknowledge that a certificate issued by an official of the FIC or

information contained within such a certificate shall, on its mere production in a matter before a court, be admmissable as evidence of any fact contained therein of which direct oral evidence would be admissible.

ACCESS TO INFORMATION HELD BY THE FINANCIAL INTELLIGENCE CENTRE & THE

PROTECTION OF CONFIDENTIAL AND PERSONAL INFORMATION

6.14 The Group and its Associates acknowledge that the Financial Intelligence Centre must:

i) Make information reported to it available as prescribed in the Act and that no person may

disclose confidential information held or obtained by the FIC except as prescribed by the Act.

ii) Ensure appropriate measures are taken regarding personal information in its possession or under its control to prevent the loss of, damage to, unauthorised destruction of or unlawful


12

access and processing of such information other than that permitted in accordance with the Act and POPIA.

iii) Take reasonable measires to identify all reasonable and foreseeable internal and external risks to personal information in its possession or under its control, to establish and maintain appropriate safeguards against the risks identified and to regularly verify that the safeguards are effectively implemented and ensure that the safeguards are continually updated in response to the new risks and deficiencies in previously implemented safeguards.

7. COMMITMENT TO COMPLIANCE

THE RISK MANAGEMENT & COMPLIANCE PROGRAMME

7.1 The Group and its Associates have developed, documented, and will maintain and implement

this RMCP and the implementation thereof for AML/CTF risk management and compliance. The RMCP enables the identification, assessment, monitoring, mitigation and management of risks inherent in financial services.

7.2 The Group and its Associates will review this RMCP at regular intervals, but at least annually, to

ensure that the RMCP remains relevant to the Group and its Associates’ operations and the achievement of the purposed of the RMCP.

7.3 The Group and its Associates will make documentation describing this RMCP available to each

of its employees involved in transactions to which the Act applies. 7.4 The Group and its Associates will, on request, make a copy of this RMCP available to the FIC; or

any other supervisory body which performs regulatory or supervisory functions in respect of the Group and its Associates.

7.5 The Boards of Directors of the Group and its Associates will ensure compliance with the provisions of the Act and the RMCP.

7.6 The compliance function of the Group and its Associates will assist the Boards of Directors in discharging their obligations under the Act and the RMCP will assign persons with sufficient competence and seniority to ensure the effectiveness of the RMCP and compliance by the employees of the Group and its Assciates with the provisions of the Act and the RMCP.

REGISTRATION WITH THE FIC

7.7 The Group and its Associates will ensure their continued registration with the FIC as prescribed.

7.8 The Group and its Associates will notify the FIC in writing of any changes to the particulars

furnished to the FIC within 90 days after such a change.


13

8. CONSEQUENCES OF NON-COMPLIANCE

GENERAL

8.1 Any failure by an employee to comply with the requirements of the Act or this RMCP shall result

in the employee being subject to disciplinary action and possible dismissal.

FAILURE TO IDENTIFY PERSONS

8.2 The Group and its Associates will be non-compliant and subject to an administrative sanction

should they perform any act to give effect to a business relationship or single transaction in contravention of the Act.

FAILURE TO COMPLY WITH DUTY IN REGARD TO CUSTOMER DUE DILLIGENCE


should they fail to comply with the duty to perform the prescribed customer due diligence measures in accordance with the Act.

FAILURE TO KEEP RECORDS


should they fail to keep a record of information in terms of and in accordance with the requirements of the Act.

DESTROYING OR TAMPERING WITH RECORDS

8.5 Any person who wilfully tampers with a record kept in terms of the Act or wilfully destroys such

a record, otherwise than in accordance with the Act is guilty of an offence.

FAILURE TO GIVE ASSISTANCE

8.6 The Group and its Associates are guilty of an offence should they fail to give assistance to a

representative of the FIC in accordance with the Act.

CONTRAVENTION OF PROHIBITIONS RELATING TO PERSONS & ENTITIES INDENTIFIED BY

THE SECURITY COUNCIL OF THE UNITED NATIONS

8.7 Any person who contravenes the provisions of the Act and fails to sanction screen clients or

other persons is guilty of an offence3.

FAILURE TO ADVISE THE FIC

8.8 The Group and its Associates are guilty of an offence should they fail to report and inform the

3 Commencement date of section 49A: to be proclaimed


14

FIC in accordance with the Act.

FAILURE TO REPORT CASH TRANSACTIONS

8.9 The Group and its Associates are non-compliant and subject to both an administrative sanction

and guilty of an offence should they fail to report the prescribed information in respect of a cash transaction within the prescribed period in accordance with the Act to the FIC.

FAILURE TO REPORT PROPERTY ASSOCIATED WITH TERRORIST & RELATED ACTIVITIES

8.10 The Group and its Associates are guilty of an offence and are both non-compliant and subject

to an administrative sanction should they have in their possession, or under their control, property owned or controlled by, on behalf of, or at the direction of an entity associated with terrorist and related activities or a sanctioned entity as detailed in the Act, and fail to report that fact within the prescribed period and manner to the FIC or fail to comply with the directions of a Director or fail to scrutinise the information as contemplated in accordance with the Act.

FAILURE TO REPORT SUSPICIOUS OR UNUSUAL TRANSACTIONS

8.11 The Group and its Associates are guilty of an offence should they fail to enquire on or report to

the FIC any suspicious or unusual transaction or series of transactions that they were aware of or ought to have been aware of.

UNAUTHORISED DISCLOSURE

8.12 The Group and its Associates are guilty of an offence should they make any unauthorised

disclosures as detailed in the Act.

FAILURE TO REPORT CONVEYANCE OF CASH OR BEARER NEGOTIABLE INSTRUMENTS INTO

OR OUT OF THE REPUBLIC OF SOUTH AFRICA

8.13 The Group and its Associates are guilty of an offence should they wilfully fail to report the

conveyance of cash or bearer negotiable instruments into or out of the Republic of South Africa in accordance with the requirements of the Act.4

FAILURE TO SEND REPORTS TO THE FIC

8.14 The Group and its Associates are guilty of an offence should they fail to send a report regarding

the conveyance of cash or a bearer negotiable instrument to the FIC in accordance with the requirements of the Act.5

FAILURE TO REPORT ELECTRONIC TRANSFERS


4 Commencement date of section 54: to be proclaimed 5 Commencement date of section 55: to be proclaimed


15

to an administrative sanction should they fail to report to the FIC the prescribed information in respect of electronic transfers of money in accordance with the requirements of the Act.6

FAILURE TO COMPLY WITH FIC REQUESTS

8.16 The Group and its Associates are guilty of an offence should they fail to comply with a request

made by the FIC or an investigating authority acting under the authority of an authorised officer or a supervisory body in terms of the Act.

FAILURE TO COMPLY WITH THE DIRECTIVES OF THE FIC


to an administrative sanction should they fail to comply with the direction provided by the FIC.

FAILURE TO COMPLY WITH A MONITORING ORDER

8.18 The Group and its Associates are guilty of an offence should they fail to comply with an order

by a judge in accordance with the requirements of the Act.

MISUSE OF INFORMATION

8.19 The Group and its Associates are guilty of an offence should they disclose confidential

information held by or obtained from the FIC, wilfully destroy or in any other way tamper with information kept by the FIC for the purposes of the Act, use information obtained from the FIC otherwise than in accordance with any arrangements or safeguards made or imposed by the Director, disclose a fact or information or use such information, otherwise than as permitted in term of the Act.

8.20 Any person who knows, suspects or ought reasonably to have known or suspected that information has been disclosed to the FIC; or that an investigation is being, or may be, conducted as a result of information that has been or is to be disclosed to the FIC, and who directly or indirectly alerts, or brings information to the attention of, another person which will or is likely to prejudice such an investigation, is guilty of an offence.

FAILURE TO COMPLY WITH DUTIES IN RESPECT OF THE RMCP

8.21 The Group and its Associates are non-compliant and are subject to an administrative sanction

should they fail to develop, document, approve, maintain, implement and review the RMCP in accordance with the requirements of the Act.

FAILURE TO REGISTER WITH THE FIC

8.22 The Group and its Associates are non-compliant and subject to an administrative sanction

should they fail to register with the FIC or fail to provide the FIC with updated information.

FAILURE TO COMPLY WITH DUTIES REGARDING GOVERNANCE

8.23 The Boards of Directors or trustees and the compliance function of the Group and its Associates

6 Commencement date of section 56: to be proclaimed


16

will be non-compliant and subject to an administrative sanction should they fail to comply with the governance requirements as detailed in the Act and this RMCP.

FAILURE TO PROVIDE TRAINING


should they fail to provide training to their employees as required in term of the Act and this RMCP.

OFFENCES RELATING TO INSPECTION

8.25 A person who fails to appear for questioning, fails to comply with an order, wilfully gives false

information to an inspector, fails to comply with any reasonable request by an inspector in the performance of his or her functions; or wilfully hinders an inspector in the performance of his or her functions is guilty of an offence.

HINDERING OR OBSTRUCTING AN APPEAL BOARD

8.26 Any person who wilfully interrupts the proceedings of the appeal board or who wilfully hinders

or obstructs the appeal board in the performance of its functions, is guilty of an offence.

FAILURE TO ATTEND AN FIC SUMMONS

8.27 Any person who, having been summoned to attend and give evidence or to produce any book,

document or object before the FIC or a supervisory body or the appeal board, fails without sufficient cause to appear at the time and place specified or to remain in attendance until excused; or attends as required, but refuses to take an oath or to make affirmation; or fails to produce a book, document or other item as ordered, if it is in the possession of, or under the control of, that person, is guilty of an offence.

FAILURE TO ANSWER FULLY OR TRUTHFULLY

8.28 Any person who, having been sworn in or having made an affirmation before the FIC or a

supervisory body or the appeal board fails to answer any question fully and to the best of that, person’s ability; or gives false evidence, knowing or believing it to be false, is guilty of an offence.

FAILURE TO COMPLY WITH FIC DIRECTIVES OR THOSE OF SUPERVISORY BODIES


should they fail to comply with a directive of the FIC or a supervisory body.

OBSTRUCTING OFFICIALS IN THE PERFORMANCE OF THEIR DUTIES

8.30 Any person who obstructs, hinders or threatens an official or representative of the FIC in the

performance of their duties or the exercise of their powers in terms of the Act, is guilty of an offence.


17

CONDUCTING TRANSACTIONS TO AVOID REPORTING DUTIES

8.31 Any person who conducts, or causes to be conducted, two or more transactions with the

purpose, in whole or in part, of avoiding giving rise to a reporting duty under the Act, is guilty of an offence.

UNAUTHORISED ACCESS TO FIC COMPUTER SYSTEMS, APPLICATIONS OR DATA

8.32 Any person who, without authority to do so, wilfully accesses or causes any other person to

access any computer system that belongs to, or is under the control of, the FIC, or any application or data held in such a computer system, is guilty of an offence.

8.33 Any person who, without authority to do so, wilfully causes any computer system that belongs to, or is under the control of, the FIC, to perform or fail to perform a function, is guilty of an offence.

UNAUTHORISED MODIFICATIONS TO FIC COMPUTER SYSTEM CONTETS

8.34 Any person who, without authority to do so, wilfully causes a computer system that belongs to,

or is under the control of, the FIC, or any application or data held in such a computer system, to be modified, destroyed, erased or the operation or reliability of such a computer system, application or data to be otherwise impaired, is guilty of an offence.

PENALTIES

8.35 A person convicted of an offence mentioned in the Act other than an offence mentioned in

paragraph 8.36 below is liable to imprisonment for a period not exceeding 15 years or to a fine not exceeding R100 million.

8.36 A person convicted of an offence mentioned in Section 55, 62A, 62B, 62C or 62D of the Act is liable to imprisonment for a period not exceeding five years or to a fine not exceeding R10 million.

9. TRAINING

9.1 The Group and its Associates will provide ongoing training to its employees to enable their compliance with the provisions of the Act and the RMCP. All employees of the Group and its Associates, whether permanent or part-time, will receive anti-money laundering training necessary to their job function.


18

ANNEXURE 1: GENERAL INFORMATION 1.1. The Compliance Officer details are as follows:

Compliance Officer: Lelani Kemp Tel: (+27) 010 594 2100 / 2121 Email: [email protected]

1.2. The MLRO details are as follows:

MLRO: Lelani Kemp Tel: (+27) 010 594 2100 / 2121 Email: [email protected]

mailto:[email protected]

mailto:[email protected]


19

ANNEXURE 2: RISK ASSESSMENT AND CLIENT DUE DILIGENCE PROCESS

1. GENERAL

1.1. The process used by the Group and its Associates to verify the identity of a client or other person

is further detailed in this Annexure. This includes the client risk assessment, ongoing monitoring, record keeping and the use of third party CDD documentation.

1.2. The Group and its Associates will only establish a business relationship or conclude a single

transaction with the clients or other persons once the risk assessment and client due diligence process is completed. Should any client or any other person refuse to provide any CDD documents or should there be any doubt with regards to the veracity of any CDD documents, the Group and its Associates will not establish the business relationship or conclude the transaction and the refusal of the client or any other person to provide the requested CDD documentation will be reported to the MLRO for investigation and a possible suspicious and unusual transaction report submission.

1.3. In general, the Group and its Associates shall not provide any services to individuals or legal persons who are identified on any sanction lists or reside in high risk jurisdictions as further detailed in Schedule 1 and Appendix 3 respectively.

2. RISK CALCULATION CRITERIA & REVIEW PERIODS

2.1. The Group and its Associates shall perform a risk assessment on every client and assign a risk

rating as part of the CDD process. The risk rating will be reviewed periodically; either in accordance with the predetermined periodic review or due to a significant “trigger” event, which are discussed in the section for Ongoing Monitoring.

2.2. In the event of a reclassification of risk from a lower to higher risk, additional client due diligence

may be required. The additional due diligence should be sufficient to meet the requirements necessitated by the change and mitigate any risks associated with the change in risk rating.

2.3. The Group and its Associates have chosen a risk assessment point scoring system to allocate a weighting to the various risks that the Group and its Associates have identified as being important in the client acceptance process with the objective of preventing money laundering and/or terrorist financing. The cumulative score in the risk assessment process determines the final risk rating on the client entity.

2.4. The risk rating in the Client Risk Assessment (see Appendix 5) considers a number of elements of risk exposure in order to arrive at a risk rating for each client. Should a client utilise numerous services or products the highest scores will be used for the cumulative calculation. Should a client form part of a group it will be individually rated as though the client was a stand-alone entity, but the highest risk rating of any of the entities in the group will be used to define review periods. For example, assume that Trust A owns Company X and Company Y. When calculated using the form in Appendix 5 , Trust A’s risk rating is medium, Company X’s risk rating is medium and Company Y’s risk rating is high. The risk rating for this group of entities is considered high and all entities within the group will be reviewed annually, unless other events warrant a change.

2.5. The following elements of risk are considered:


20

i) Nature of Client: The nature, size and complexity of the client or its business; ii) Type of Product: The risks associated to the products being offered; iii) Investment Amount: The higher the amount the higher the risk; iv) Source of Funds: Legitimate vs. illegitimate sources; v) Client Jurisdiction: The geographical region / jurisdiction of the client; and vi) Client Status: PIP’s or clients on sanction lists

2.6. A client’s risk rating will be used to determine whether enhanced due diligence is required before the client is accepted or rejected and the appropriate timing of a client’s periodic review.

2.7. High risk clients will require enhanced CDD. The Group and its Associates will proceed to establish business relationship only after the enhanced CDD is completed. Should the enhanced CDD not be provided the transaction will be rejected. The enhanced CDD will require additional documents evidencing the source of funds and wealth, and will be subject to signoff of the Board of Directors (given the nature of the risk and how it can damage the business).

3. RISK RATING REVIEW

3.1. The Group and its Associates periodically review the risk rating of its clients. The frequency of

such reviews is dictated by a clients current risk rating. Taking risk ratings into account, reviews are conducted as follows:

i) High risk rated clients will be reviewed annually; ii) Medium risk rated clients will be reviewed at least once every three years; iii) Low risk clients will be reviewed at least once every five years.

4. CLIENT DUE DILIGENCE (CDD)

4.1. Client Due Diligence is the process of collecting and reviewing information to enable the Group

and its Associates to identify and verify all potential new clients in order to determine whether the Group and its Associates are in a position to accept the clients. CDD is also applicable with regards to the periodic reviews of existing clients as part of the ongoing monitoring process.

4.2. Please refer to Appendix 4 which details the new client take on process. Should a prospective client risk rating fall in the low or medium Risk categories, the New Business Take-On Documents (“NBTD”) shall be sufficient to comply with the identification and verification requirements.

4.3. Employees will obtain all the necessary information/document(s) in order to complete the risk rating and to present CDD information/ document(s) to the Compliance Officer for review. The base documents which will provide most of this information is the application form and supporting documents which the client/broker complete and provide to the Group and its Associates. Appendix 6 details the list of acceptable CDD documents required to be collected from a prospective client.

4.4. In the event that a prospective client is rated as high risk, enhanced CDD documents will be required. If a client is risk rated “high risk”, enhanced CDD must be undertaken. The Group and its Associates have decided that enhanced CDD will address the source of funds and wealth, rationale for the transaction, and will require signoff by the Board of Directors. Appendix 7 details the enhanced CDD requirements for a high risk rated client.


21

4.5. In cases where not all CDD received is satisfactory, or if there are any doubts to the veracity of the documents provided by a client, additional documents need to be requested.

4.6. Client acceptance is complete when the CDD documents have been reviewed and approved.

5. PROCEDURE: ACCEPTANCE & REJECTION OF CLIENTS

5.1. Employees will undertake the following actions:

i) Collate the application form and NBTD required to establish a client relationship and

ensure that the identification and verification data is complete and in accordance with this Risk Management Compliance Programme;

ii) Perform sanction screening;

iii) Complete the Client Risk Assessment (Appendix 5);

iv) Ensure that the required CDD documentation is in order for all Low and medium risk investors; and

v) Where necessary with regards to high risk clients, conduct an enhanced CDD, obtain additional information from the client and provide the documents to the Compliance Officer for review and sign off.

5.2. The Compliance Officer will take the following actions with regards to high risk investors:

i) Review all documentation presented by the employee and ensure it complies with this Risk Management & Compliance Programme;

ii) Accept low and medium risk investors and make a recommendation to the Board to accept

or reject a high risk investor; iii) Provide the Board with the recommendation and all of the above-mentioned

documentation to enable the Board to decide if the client should be accepted or rejected. 5.3. The Board will:

i) Review all documentation and make the final decision to accept or reject the client; and ii) Evidence this decision in writing by signing the decision.

5.4. Prospective clients who are rejected for reasons other than suspicious circumstances, activity

or transactions may be advised of the reasons for rejection. A copy of any communication or note of the telephone conversation will be placed in the rejected client’s due diligence file, which will be kept in accordance with record keeping procedures of the Group and its Associates.

5.5. Prospective clients who are rejected because of suspicious circumstances, activity or transactions will be referred to the MLRO for further action and/or advice regarding communication back to the prospective client. No information regarding the suspicion will be


22

noted in the prospective client’s file and the client may not be informed of the reasons for the rejection.

6. ENHANCED CDD

6.1. The Group and its Associates will follow Enhanced CDD (“ECDD”) procedures with regards to

high-risk persons, business relations, transactions and persons established in jurisdictions that do not have adequate systems in place to combat money laundering and financing of terrorism. These ECDD measures are designed to mitigate and manage the potential higher risk of money laundering and/or terrorist financing activity.

6.2. The ECDD measures that may apply for higher risk relationships will depend on each unique high-risk scenario and should include:

i) Requesting additional information on the client and updating CDD information on an

annual basis;

ii) Obtaining additional information on the intended nature of the business relationship and proof of the source of funds and/or source of wealth;

iii) Obtaining information on the intended or performed transactions;

iv) Obtaining the approval of the Board to commence or continue the business relationship;

v) Conducting close monitoring of the business relationship; and

vi) Any other measures which might be reasonably required. 6.3. Should the Group and its Associates be unable to conduct the ECDD, they shall terminate the

business relationship and file a suspicious transaction report if necessary.

7. POLITICALLY IMPORTANT PERSONS (PIPS)

7.1. PIPs are individuals who are or who have been entrusted with prominent public functions (for

example Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state-owned corporations and important political party officials).

7.2. Since PIP status will result in the client being classified as a high risk client, the Group and its Associates will conduct ECDD when conducting business relationships with PIPs, family members or close associates of PIPs (since these individuals are deemed to pose a greater than normal money laundering/terrorist financing risk by virtue of the possibility that they benefit from the proceeds of corruption.)

7.3. The Group and its Associates shall consider the ongoing status of clients classified as PIPs on a case-by-case basis.

8. SIMPLIFIED CDD PROCESSES

8.1. The Group and its Associates will follow a simplified CDD process for all low risk clients. The


23

simplified CDD will require only the verification documents detailed in Appendix 6.

8.2. The rational for simplified CDD on low risk clients focuses on the fact that these clients pose a low level of money laundering/terrorist financing risk. All clients are subject to ongoing monitoring and regular review as per the CDD process document and should such low risk client’s risk profile change at any point in time after the commencement of the business relationship the required additional CDD or ECDD documents will be obtained.

9. THIRD PARTY RELIANCE AND INTRODUCED BUSINESS

9.1. The Group and its Associates may rely on relevant third parties to complete certain CDD

measures, provided that there is a contractual arrangement in place with the third party. An example of a third party reliance arrangement is in the context of the Group, its Associates and their administrators or a relevant third party that acts as a fund distributor.

9.2. The Group and its Associates shall ensure that there is a signed Eligible Introducer Certificate between themselves and the relevant third party, in which the third party consents to being relied upon for these purposes and undertakes to provide copies of any CDD information obtained immediately upon onboarding. Original documents shall remain in the possession of the third party and will be provided to the Group and its Associates, should the applicable AML/CTF Regulatory Authorities request the documents. The signed certificate shall contain clear contractual terms in respect of the obligations of the third party to obtain and maintain the necessary CDD records and to provide the original CDD documents upon request. The signed certificate shall not contain any conditional language, whether explicit or implied, which may result in the inability of the third party to provide the CDD documents, for example, language which qualifies the obligation to provide the CDD documents, such as "to the extent permissible by law" or "subject to regulatory request", is not acceptable.

9.3. Where reliance is placed on a third party for elements of CDD, the Group and its Associates will ensure that the NBTD sought from the third party is adequate and accurate. Since the Group and its Associates remain ultimately responsibility for CDD measures, they shall ensure that the third party complies with their requirements and that the third party is sufficiently regulated, supervised and monitored.

9.4. The Group and its Associates shall review the level of the country risk when determining in which country(ies) the third party can be based and will not allow countries with strategic deficiencies in the fight against money laundering/terrorist financig, e.g those identified by the FATF as having strategic deficiencies. A high risk country can also be those countries that are vulnerable to corruption and which are politically unstable, the above examples are not exhaustive.

9.5. Where it is proposed to rely on a third party or introducer to carry out any of the CDD requirements, the Group and its Associates shall:

i) Obtain explicit written assurance from the third party or introducer that it will carry out

the requirements for CDD;

ii) Ensure that the procedures followed by the third party or introducer are sufficiently robust to ensure that the third party or introducer complies with the requirements of the AML/CTF legislation; and


24

iii) Obtain evidence that the third party or introducer is regulated/ supervised. 9.6. Where CDD identification data and other documentation is to be retained by the third party or

introducer rather than the Group and its Associates, the Group shall ensure that:

i) Such data will be retained by the third party or introducer and will not be disposed of without the consent of the Group and its Associates;

ii) The Group and its Associates will have timely access to such data (including inspection of

documents) upon request; iii) Such data will be promptly transferred to the custody of the Group and its Associate, if the

third party or introducer ceases to act in that capacity; and iv) Periodic testing of the third party or introducer arrangements are conducted to ensure that

the third party or introducer is complying with the requirements of the Group and its Associates.

9.7. Reliance may only be placed on third parties or introducers to carry out CDD measures in

relation to the identification and verification of a client's identity and the establishment of the purpose and intended nature of the business relationship. Third parties or introducers may not be relied upon to carry out the ongoing monitoring of dealings with a client, including identifying the source of wealth or source of funds. Please refer to Appendix 8 for the Eligible Introducer Certificate template. The Compliance Officer may accept another form of an Eligible Introducer Certificate to the extent that it is line with the requirements of the law.

10. RECORD KEEPING

10.1. The Group and its Associates shall maintain all books and records with respect to clients and

transactions and shall ensure that such records and books are kept for at least 7 years. These books and records shall include:

i) All records obtained through CDD measures, including account files, business

correspondence and copies of all documents evidencing the identity of clients and beneficial owners, and records and the results of any analysis undertaken in accordance with the Act, all of which shall be maintained for a period of not less than 7 years after the business relationship has ended;

ii) Records on transactions, both domestic and international, that are sufficient to permit

reconstruction of each individual transaction for both account holders and non-account holders, which shall be maintained for a period of 7 years after the completion of the transaction; and

iii) Copies of all suspicious transaction reports or other reports made to applicable AML/CTF

Regulatory Authorities in accordance with this Act, including any accompanying documentation, which shall be maintained for a period of at least 7 years from the date the report was made.


25

ANNEXURE 3: REPORTING

1. LODGING OF REPORTS OF SUSPICIOUS TRANSACTIONS

1.1. The duty to report is an essential AML and CTF requirement in terms of the Act and the Group

and its Associates are committed to fully comply with these requirements. All reporting requirements will be conducted as per the processes and in terms of the timelines as further detailed below.

1.2. The MLRO or, in their absence, the Deputy MLRO will be ultimately responsible for the reporting of suspicious transactions. In the event that the MLRO is not directly available, please forward all queries to the Deputy MLRO, marked for the attention of the MLRO.

1.3. Every Suspicious Transaction Report (“STR”) shall be lodged with the applicable AML/CTF Regulatory Authorities in the prescribed form within the prescribed time limit and shall include:

i) The identification of the party or parties to the transaction;

ii) The amount of the transaction, the description of the nature of the transaction and all the

circumstances giving rise to the suspicion;

iii) The business relationship of the suspect to the bank, financial institution, cash dealer or member of relevant profession or occupation, as the case may be;

iv) Where the suspect is an insider, any information as to whether the suspect is still affiliated with the bank, financial institution, cash dealer, or member of a relevant profession or occupation, as the case may be;

v) Any voluntary statement as to the origin, source or destination of the proceeds;

vi) The impact of the suspicious activity on the financial soundness of the reporting institution or person; and

vii) The names of all the officers, employees or agents dealing with the transaction. 1.4. No STR shall be required to be disclosed, or be admissible as evidence, in any court proceedings.

2. SPECIFIC REPORTS AND TIMELINES

2.1. Suspicious and Unusual Transactions (STR & SAR)

The MLRO will, as soon as practicable but no later than 15 working days from the day on which they become aware of a transaction which they have reason to believe may be a suspicious transaction, make a report to the applicable AML/CTF Regulatory Authorities of such transaction.

2.2. Cash Transaction Reports The MLRO shall, within the prescribed time, report to the applicable AML/CTF Regulatory Authorities the prescribed particulars of any transaction in excess of the prescribed amount.


26

2.3. Electronic Transfer of Money Where the Group and its Associates send money through electronic transfer in excess of the prescribed amount out of the Republic of South Africa or receives money in excess of the prescribed amount from outside the Republic of South Africa on behalf of or on the instruction of another person, the MLRO shall within the prescribed period after the money was transferred, report the transfer, together with the prescribed particulars, to the applicable AML/CTF Regulatory Authorities7.

7 Commencement date of Section 30 of the Act: To be proclaimed.


27

ANNEXURE 4: LEGAL FRAMEWORK

1. AML/CTF REGULATORY AUTHORITIES IN SOUTH AFRICA

1.1. The Financial Intelligence Centre of South Africa (“FIC”)

The Financial Intelligence Centre (FIC) is South Africa’s national centre for the receipt of financial data, analysis and dissemination of financial intelligence to the competent authorities. The FIC was established by the Financial Intelligence Centre Act of 2001 and has the mandate to identify the proceeds of crime, combat money laundering and terror financing. It does this by seeking to:

i) Supervise and enforce compliance FICA;

ii) Facilitate effective supervision and enforcement by supervisory bodies;

iii) Receive financial data from accountable and reporting institutions;

iv) Share information with law enforcement authorities, intelligence services, the South

African Revenue Service, international counterparts and supervisory bodies;

v) Formulate policy regarding money laundering and the financing of terrorism;

vi) Provide policy advice to the Minister of Finance; and

vii) Uphold the international obligations and commitments required by the country in respect of anti-money laundering and combating financing of terrorism (AML/CFT).

1.2. The Act introduces a regulatory framework of measures requiring certain categories of business

to take steps regarding client identification, record-keeping, reporting of information and internal compliance structures. The Act obliges all businesses to report to the FIC various suspicious and certain other transactions. The FIC uses this financial data and available data to develop financial intelligence, which it is able to make available to the competent authorities and supervisory bodies for follow-up investigations or administrative action. All accountable and reporting institutions are required to register with the FIC. The FIC and supervisory bodies have the authority to inspect and impose administrative penalties on non-compliant businesses. The Act also introduced an appeal process and an appeal board.

1.3. South Africa is a member of the Financial Action Task Force (FATF), the international body which sets standards and policy on anti-money laundering and for combating the financing of terrorism (AML/CFT). In addition, it is also a member of the Eastern and Southern Africa Anti-Money Laundering Group, a regional body of the FATF which aims to support countries in the region to implement the global AML/CFT standards. The FIC is a member of the Egmont Group, which is made up of financial intelligence units from 153 countries. The primary aim of the organisation is to facilitate co-operation and sharing of financial intelligence information among its members.

2. THE FINANCIAL INTELLIGENCE CENTRE ACT OF SOUTH AFRICA

2.1. The Financial Centre Amendment Act of 2017 In 2001, the South African government introduced the Financial Intelligence Centre Act and


28

other legislation with the goal of combatting money laundering and the financing of terrorism. FICA contains a number of control measures designed to aid in the detection and investigation of money laundering activities. Financial institutions such as the Group and its Associates play a unique role in this fight since they are on the forefront of detecting and identifying these illegal activities.

2.2. Customer Identification in particular has proved to be an effective countermeasure in combatting money laundering. In conjunction with record keeping and the reporting of suspicious activities, customer identification forms the modern control regime often referred to as Anti-Money Laundering /Combatting Financing of Terrorism (“AML/CFT”). This regime gained precedence following the events of 9/11 and in many ways, it is the crucial link upon which FICA rests. It is through stringent customer identification processes that criminals are prevented from using false or stolen identities. Without these identities, their criminal activities are hampered and they are unable to generate cash flow from these activities. Further emphasis has been placed on these identification measures following the Financial Intelligence Centre Amendment Act of 2017.

3. OTHER RELEVANT LEGISLATION

3.1. The Prevention of Organised Crime Act of 1998 The legislation introduces measures to fight organised crime and money laundering. It creates reporting obligations for businesses and criminalises any act of money laundering.

3.2. The Protection of Constitutional Democracy Against Terrorism & Related Activities Act of

2004 Due to money laundering expanding to encompass terrorist organisations and the financing thereof, the legislation requires that, in terms of Section 28A of the FICA Act, an accountable institution report any offence linked to terrorist activity or the financing thereof.


29

ANNEXURE 5: OWNERSHIP, APPROVAL & REVISION HISTORY

POLICY OWNER

The FICA Risk Management & Compliance Programme is owned by the Corporate Governance Department who maintains the document through consultation with and the assistance of the Compliance Department.

POLICY APPROVAL

The policy document was approved by the Board of Directors on the 21st of September 2020 during Board meeting proceedings.

POLICY REVISION

Detailed below is a list of policy versions and the changes/amendments/additions made to the policy with each new version:

DATE VERSION CHANGES

Apr 2014 1.0 “FICA” policy established.

Sep 2014 1.1 - Complete format overhaul - Inclusion of Retirement Funds in Group structure - Information on PEP’s included - Information on Non-Disclosures under Section 29(3) of the Act

included - Reference made to the “United Nations Security Council Sanctions

List Compliance Document” with regard to Terrorist fund

Feb 2015 1.2 - Include On-site Review information under Section 4: Clients & FICA

Jun 2015 1.3 - Inclusion of Prime Alternative Investments (Pty) Ltd in Group structure

- Removal of Retirement Funds from Group structure

Aug 2015 1.4 - Inclusion of PAI Holdings in Group structure. - GAA’s name is changed to Ascent Capital (Pty) Ltd.

Sep 2015 1.5 - Inclusion of Prime Asset Management (Pty) Ltd in Group structure. - GAA’s name is changed to Ascent Capital (Pty) Ltd.

Nov 2015 1.6 - Amendments made to Annexure 1 - Inclusion of Annexure 4: Revision History - Inclusion of “Third Party Accounts”.

Apr 2016 1.7 - Amendment to Annexure 1 stating that no FICA documentation is required for Listed companies except a Proof of Listing.

Aug 2016 1.8 - Global Employee Benefits (Pty) Ltd included in Group structure. - Inclusion of “Associates” in Group Structure. Policy reworded to make

reference to both the Group and Associates where applicable. - Group structure amended to refer to “Prime Collective Investment

Schemes Management Company (RF) (Pty) Ltd” and “Prime Alternative Investments (RF) (Pty) Ltd”.

- Header formatting. - “PIP” changed to “PEP”. - Points 4.15 and 4.16 merged with Point 4.14.


30

- Point 4.14 amended as follows: “The audit report will be filed for record keeping purposes with the Compliance department.”

- Section 6 amended to refer to “Politically Exposed Persons”. - Point 6.3 amended as follows: “Conducting ongoing monitoring of

identified PEPs. The client base of the Group and its Associates is regularly verified against an internal database of PEPs. Records of such verifications are kept by the Compliance department for record keeping purposes.”

- Point 8.4 merged with Point 8.3. - Section 10’s point numbering corrected. - Annexure 2 updated to make reference to (RF) provisions.

Nov 2017 1.9 - Global Financial Administrators (Pty) Ltd included in Group structure. - Global Investment Administrators (Pty) Ltd. included in Group

structure. - Global Payroll Services (Pty) Ltd included in Group structure. - Global Nominees (Pty) Ltd - Ascent Capital (Pty) Ltd reclassified as an Associate company. - References to FICA now include reference to the Financial Intelligence

Centre Amendment Act of 2017 throughout the policy. - Policy entirely revised in accordance with the Act Amendments,

including: ➢ The definition of a PIP ➢ Section 3: A Brief Look at Anti-Money Laundering & FICA ➢ Section 4: Risk Management & Compliance Programme ➢ Section 7: Staff Training (specifically “Disciplinary Proceedings” ➢ Annexure 1: Client Risk Rating ➢ Annexure 2: “Customer Due Diligence” Documentation ➢ Annexure 3: Screening & Watchlists ➢ Annexure 4: Politically Influential Persons ➢ Annexure 5: CDD Confirmation Certificate ➢ Annexure 6: Anti-Money Laundering Report

Jan 2018 1.10 - Ascent Capital (Pty) Ltd reclassified as a Group company.

Feb 2018 1.11 - Annexure 2 amended to include investments from retirement funds.

Apr 2018 1.12 - Group name amended to “Prime Financial Services Group” - Prime Trade Finance (RF) (Pty) Ltd removed from the Group

structure. - Mashamba Asset Management (Pty) Ltd removed as an Associate

company. - Orca Global Advisory (Pty) Ltd removed as an Associate company. - Section 2: Definitions updated. - New Annexure (Annexure 6: Screening for Suspicious Transactions

included.)

May 2018 1.13 - New Annexure (Annexure 8: FIC Act Enforcement). - Dormant companies removed from Group structure.

Jul 2018 1.14 - Annexure 2 amended to include a footnote detailing the definition of shell banks and the Group’s treatment of such institutions within the South African Regulatory environment.

Oct 2018 1.15 - PIP Definition expanded. Client Risk Rating (Section 4.7 – 4.9) was amended in line with the

FSCA comments arising from the onsite visit of Sep 2018. - Sections 4.15, 4.20, 4.21 and 4.22 were moved to 4.3 – 4.6.


31

- Footnotes 2 and 3 were amended to include reference to prospective clients.

- Section 5 amended to include some examples of suspicious transactions.

- Section 8 amended to refer to reporting processes outlined in Section 5.

- Annexures renumbered. - Annexure 3 amended with a risk scoring and rating system. - Annexure 4 amended to include client source of funds and processes

to be followed when doubting the veracity of provided documentation.

- Footnote 7 included.

Nov 2018 1.16 - Annexure 5 amended to include specific confirmations related to prospective client screening, PIP validation and risk assessments.

- Annexure 6 amended to broaden the triggers for suspicious transaction reporting.

Jan 2019 1.17 - Annexure 3 amended to state that high risk clients are referred to Board level for final approval.

Jul 2019 2.0 - Section 5: “Reporting Suspicious Activities” amended to refer more comprehensively to the FIC Guidance Notes and reporting timelines.

- Section 8: “Other Reportable Activities” has been incorporated into Section 5.

- Annexure 3 has been amended to expand the risk-rating model, specifically incorporating the nature of an investor.

- Annexure 7 amended. - Address updated. - Format changes. - Global Financial Administrators (Pty) Ltd. removed from Group

structure. - Umbrella Funds removed from Group structure. - Retirement CDD requirements amended in Annexure 4. - Policy Simplification

Dec 2019 2.1 - New heading “Application of Policy” updated. - High Risk Jurisdictions detailed in Annexure 1 updated according to

latest FATF information (December 2019). - Ongoing CDD Measure timeframes in Annexure 1 revised.

Sep 2020 3.0 - FICA: Risk Management & Compliance Programme finalised and implemented in terms of the FICA Amendment Act of 2017.


32

SCHEDULE 1: COMPLIANCE TRAINING MANUAL AND PROCESS DOCUMENT

1. INTRODUCTION

1.1. This purpose of this Compliance Training Manual and Process Document is to provide further

detail and additional information with regards to the various operational processes implemented by the Group and its Associates in order to comply with the requirements of the Risk Management & Compliance Programme, especially with regards to the CDD processes, record Keeping, reporting and training as further detailed below.

2. MONEY LAUNDERING AND TERRORIST FINANCING

2.1. Money laundering is the process by which criminals attempt to conceal the true origin and

ownership of the proceeds of criminal activities. If successful, the criminal property can lose its criminal identity and appear legitimate, resulting in criminals benefitting from their crimes without the fear of being caught by tracing their money or assets back to a crime.

2.2. Money laundering will often involve a complex series of transactions, traditionally represented in three separate phases:

i) Placement: Where the proceeds of crime are placed into the financial system. ii) Layering: Where funds are converted from one form to another. E.g. Money is moved

between various accounts and/or jurisdictions to disguise the audit trail and the illegitimate source of the funds.

iii) Integration: Where funds that now appear legitimate re-enter the economy for what

would appear to be normal business or personal transaction.

2.3. Rather than getting caught up in trying to establish whether an activity relates to a particular phase of the traditional model, employees should ask themselves: “Do I know, suspect or have reasonable ground to suspect that the assets in question are derived from criminal activities?” The assets don’t have to be linked or suspected to be linked to a specific act of money laundering.

2.4. Terrorist financing is the financial support, in any form, of terrorism or those who encourage, plan or engage in terrorism. Terrorist financing differs from money laundering in that the source of funds can either be legitimate, such as an individual’s salary, or illegitimate, like the proceeds of crimes such as selling pirate DVDs, fraud or drug trafficking.

2.5. Usually, the focus of scrutiny for potential terrorist financing activity will be the end beneficiary and intended use of the money or assets. A terrorist financier may only need to disguise the origin of the property if it was generated from criminal activity but in the vast majority of cases they will seek to disguise the intended use i.e. providing support to terrorists or supporting acts of terrorism.

2.6. Terrorist financing often involves a complex series of transactions, generally considered as representing three separate phases and this could be sourced through various means for example through seeking donations, carrying out criminal acts and from genuine charities, as further detailed below:


33

i) Collection: Funds are often acquired through seeking donations, carrying out criminal acts or diverting funds from genuine charities.

ii) Transmission: Where funds are pooled and transferred to a terrorist or terrorist group. iii) Use: Where funds are used to finance terrorist acts, training, propaganda etc.

2.7. Money laundering / terrorist financing can have serious negative consequences for the economy, national security and society in general. Some of these consequences may include:

i) Reputational damage from being perceived as being a haven for money launderers and

terrorist financiers, leading to legitimate business taking their business elsewhere; ii) Attracting criminals including terrorists and their financiers to move to or establish new

business relationships within the jurisdiction; iii) Damaging the legitimate private sector who may be unable to compete against front

companies; iv) Weakening of financial institutions which may come to rely on the proceeds of crime for

managing their assets, liabilities and operations, plus additional costs of investigations, seizures, fines, lawsuits etc.;

v) Economic distortion and instability; or vi) Increased social costs to deal with additional criminality such as policing costs etc.

3. CULTURE OF COMPLIANCE

3.1. The Group and its Associates recognise that effective AML/CTF policies and procedures can only

be delivered through an effective culture of compliance and will therefore ensure the establishment of an open and positive approach to compliance and AML/CTF issues amongst all employees.

3.2. The Board and senior management have a responsibility to ensure that the Group and its Associates’ systems and controls are appropriately designed, implemented and are effectively operated to reduce the risk of the business being used in connection with money laundering / terrorist financing.

3.3. The Boards and senior management of the Group and its Associates have established this Risk Management & Compliance Programme which:

i) Ensures risk assessments of its business and its clients; ii) Determines the true identity of clients and any beneficial owners and controllers; iii) Determines the nature of the business that the client expects to conduct and the

commercial rationale for the business relationship; iv) Requires identification information to be accurate and relevant;


34

v) Requires business relationships and transactions to be effectively monitored on an ongoing basis with particular attention to transactions which are complex, both large and unusual, or an unusual pattern of transactions which have no apparent economic or lawful purpose;

vi) Compares expected activity of a client against actual activity; vii) Applies increased vigilance to transactions and relationships posing higher risks of money

laundering / terrorist financing; viii) Ensures that adequate resources are given to the Compliance Officer (CO) to allow that the

requirements contained in the Risk Management & Compliance Programme are adequately implemented, periodically monitored and tested;

ix) Ensures procedures are established and maintained which allow the MLRO to have access

to all relevant information, which may be of assistance to him/her in considering suspicious transaction reports (“STR’s”);

x) Requires disclosure to the applicable AML/CTF Regulatory Authorities when there is

knowledge or suspicion or reasonable grounds for knowing or suspecting money laundering and/or terrorist financing, including attempted money laundering and/or terrorist financing; and

xi) Maintains records for the prescribed periods of time.

3.4. A hierarchical approach within a business may hinder an effective system of AML/CTF control and the Group and its Associates recognize that the human element is particularly important since policies and procedures only work if they are understood, followed and enforced by those required to comply with them. The hierarchical relationships between employees within the Group and its Associates and with its clients can face the following damaging barriers: i) Senior management being unwilling to lead on the concept of the need for sound corporate

ethics; ii) Junior employees assume that their concerns or suspicions are not significant; iii) Employees are unwilling to subject high value (therefore important) clients to effective

CDD checks; iv) Management or client relationship managers pressure employees to transact without

obtaining all relevant CDD and business relationship information; v) Employees are unable to understand the commercial rationale for client relationships and

the use of certain products / services, resulting in potentially suspicious activity not being identified;

vi) Lack of time and/or resources to address concerns, generating a tendency for line

managers to discourage employees from raising concerns; and vii) Conflict between the desire on the part of employees to provide a confidential and efficient

client service and the requirement for employee vigilance in respect of prevention and detection of money laundering and/or terrorist financing.


35

3.5. The Group and its Associates will ensure that the risks created by the above barriers are monitored and mitigated.

3.6. The Group and its Associates shall designate a CO at senior management level with sufficient knowledge of the institution’s money laundering and terrorist financing risk exposure and sufficient seniority to take decisions affecting its risk exposure. The CO is responsible for the implementation and ongoing compliance of the Group and its Associates with the Compliance Training Manual.

3.7. The CO will have timely and unrestricted access to the records of the Group and its Associates, sufficient resources to perform his or her duties, has the full co-operation of all employees, is fully aware of his or her obligations and reports directly to, and has regular contact with the Board.

3.8. The CO will ensure continued compliance with the requirements of the Act subject to the ongoing oversight of the Board and senior management, will be responsible for the day-to-day oversight of the Compliance Training Manual and will regularly report, including reporting of non-compliance, to the Board and senior management; and will contribute to the design, implementation and maintenance of the Compliance Training Manual.

3.9. The Group and its Associates shall appoint a MLRO to whom an internal report shall be made of any information or other matter which comes to the attention of any person handling a transaction and which, in the opinion of the person gives rise to knowledge or reasonable suspicion that another person is engaged in money laundering / terrorist financing.

3.10. The MLRO shall be sufficiently senior in the Group and its Associates, have sufficient experience and authority, have direct access to the Board of Directors and have sufficient time and resources to effectively discharge his/her functions.

3.11. The MLRO will receive internal disclosures and will consider any report to determine whether an external disclosure to the applicable AML/CTF Regulatory Authorities is required.

3.12. The Group and its Associates shall appoint a Deputy Money Laundering Reporting Officer (“DMLRO”) to exercise the MLRO functions in the MLRO’s absence. The DMLRO will be of similar status and experience to the MLRO.

3.13. The MLRO:

i) Is the main point of contact with the applicable AML/CTF Regulatory Authorities in the handling of disclosures;

ii) Has unrestricted access to the CDD information of the Group and its Associates; clients,

including the beneficial owners thereof; iii) Has sufficient resources to perform his or her duties; iv) Is available on a day-to-day basis; v) Reports directly to, and has regular contact with, the Board; and


36

vi) Is fully aware of both his/her personal obligations and those of the Group and its Associates under the Act and the additional AML/CTF legislation as further detailed in Annexure 4.

3.14. The MLRO shall ensure that he/she has sufficient time and resources available to effectively

discharge his/ her functions.

4. RISK BASED APPROACH

4.1. General The Group and its Associates have adopted a risk-based approach towards the prevention and detection of money laundering/terrorist financing in terms whereof the risks posed by clients, products and systems are identified, mitigated and the mitigating factors and controls documented and reviewed periodically to remedy any identified deficiencies.

4.2. The Group and its Associates will take the appropriate steps to mitigate any risks which have been identified. The internal systems and controls of the Group and its Associates require employees to think about the risks posed by individual clients and relationships, require them to act to mitigate the risks appropriately, to document their thought process accordingly and therefore not to follow a “tick box” approach.

4.3. What is a Risk-Based Approach? Risk can be seen as a function of three factors:

• Threats: A person or group of people, an object or an activity with the potential to cause harm. The threats may vary across clients, countries, geographic areas, products/services and delivery channels.

• Vulnerability: Something which or someone who can be exploited by the threat or that may support or facilitate its activities, such as size and volume of the business and client base profile.

• Consequence: The impact or harm that money laundering or terrorist financing may cause, such as the impact on reputation and imposition of regulatory sanctions.

4.4. A risk assessment involves making judgments about all three of the above-mentioned risk elements. The Group and its Associates will take the appropriate steps to mitigate any risks which are identified by determining the necessary controls or procedures which need to be in place in relation to a particular part of the business in order to reduce the risks identified.

4.5. Systems and controls may not always prevent and detect all money laundering/terrorist financing risks. A risk-based approach will, however, serve to balance the cost burden placed on the Group and its Associates or their clients, with a realistic assessment of the threat of our business being used in connection with money laundering/terrorist financing. It focuses effort where it is needed and has the biggest impact.

4.6. Risk Assessment The Group and its Associates shall take appropriate steps to identify, assess and understand the money laundering and terrorist financing risks inherent to clients and their characteristics or transaction history, countries or geographic areas, products and services, or delivery channels; and shall consider all relevant risk factors before determining what is the level of overall risk and the appropriate level and type of mitigation to be applied.


37

4.7. Prior to the launch of a new product or business practice or the use of a new or developing technology, the Group and its Associates shall identify and assess the money laundering and terrorist financing risks that may arise in relation to such new products or business practices, or new or developing technologies for both new and pre-existing products, and take appropriate measures to manage and mitigate these risks.

4.8. The Group and its Associates shall document the risk assessments in writing, keep it up to date and, on request, make it available to relevant AML/CTF Regulatory Authorities without delay.

4.9. The risk assessment calculation methodology is detailed in Appendix 5.

5. CDD PROCESS:

5.1. The Group and its Associates will not establish a business relationship or conclude a single

transaction with an anonymous client or a client with an apparent false or fictitious name or before the Group and its Associates have performed the required client due diligence to establish and verify the identity of a client or other person.

5.2. The Group and its Associates will identify clients, and where applicable, their beneficial owners and then verify their identities, which is essential to the prevention of money laundering and combatting the financing of terrorism.

5.3. Verification refers to the verification of elements of the identification information, by using independent reliable sources, which may include material obtained from the client such as a passport to verify the client’s name. It is essentially the concept of satisfying oneself that the client is who they say they are.

5.4. CDD Measures Inadequate CDD measures may expose the Group and its Associates to serious client and counterparty risks, as well as reputational, operational, legal and regulatory risks, any of which can result in significant financial cost to its business. Effective CDD measures are vital since it will:

i) Help to protect the the Group and its Associates as well as the integrity of the financial

system (both locally and globally), by reducing the likelihood of the Group’s business or that of its Associates becoming a vehicle for, or a victim of, financial crime;

ii) Assist the relevant law enforcement agencies, by providing them with relevant information ascertained via the CDD process; and

iii) Constitute an essential part of sound risk management, for example by providing the basis for identifying, limiting and controlling the risk posed by particular clients or classes of clients.

5.5. Additionally, CDD information is an essential tool for the MLRO and business employees when examining unusual or higher risk activity or transactions, in order to determine whether or not to submit a required report to the relevant AML/CTF Regulatory Authority.

5.6. The CDD measures which the Group and its Associates will undertake are further detailed in Appendix 4.


38

5.7. Should an employee form a suspicion that one or more actual or proposed transactions relates to money laundering/terrorist financing, he/she should take into account the risk of tipping off when performing the CDD process. If the employee reasonably believes that performing the CDD process will tip off the client or potential client, he/she should stop the CDD process and report his/her suspicions to the MLRO.

5.8. Look Trough Principle An applicant for business may be an individual acting on behalf of others (for example, a trustee of an express trust), or a legal body or legal arrangements seeking to enter into or having entered into a business relationship or to conduct a one-off transaction, as principal or on behalf of a third party.

5.9. Beneficial owner(s) are the natural person(s) who ultimately owns or has control over a client or the person(s) on whose behalf a transaction is being conducted. This also includes any natural person who exercise ultimate control over a legal person.

5.10. The Group and its Associates will take reasonable measures at the time of establishing a business relationship to determine whether the applicant for business is acting on behalf of an identifiable third party for example beneficiaries of a trust. Should the Group and its Associates determine that the applicant is acting for a third party, they will keep the required records setting out the identity of the third party (and any beneficial owners or associated persons as required), proof of identity of all parties involved and details of the relationship between the third party and the applicant for business.

5.11. Where the applicant is a financial institution regulated in terms of AML standards at least equivalent to that of the Republic of South Africa and acting on behalf of underlying investors in pooled vehicles such as for example protected cell companies or the equivalent, nominees or similar structures where the underlying investors do not exercise any control over the applicant, the Group and its Associates will accept written confirmation from the applicant that the required AML verification was performed on the underlying investors to the extent that the Compliance Officer considers it to be satisfactory and in line with the requirements of the law.

5.12. Risk-Based Approach The risk-based approach, with regards to CDD, involves a number of steps in assessing the most effective and proportionate way to manage the money laundering/terrorist financing risks faced by the Group and its Associates.

5.13. The Group and its Associates will carry out and maintain a risk assessment of the applicant, taking into account all the relevant factors and allocating a risk rating based on the client risk with regards to money laundering/terrorist financing which the Group and its Associates deemed necessary.

5.14. The risk assessment of a particular applicant will determine the extent of identification information (and other CDD information) that will be required, how that information will be verified, and the extent to which the resulting relationship will be monitored.

5.15. Systems and controls will never detect and prevent all instances of money laundering/terrorist financing and therefore a risk-based approach may serve to balance the cost burden placed on the Group and its Associates and on applicants and clients with the risk that the business may be used in money laundering/terrorist financing activities by focusing resources on higher risk areas.


39

5.16. The Source of Funds and the Source of Wealth. The source of funds normally refers to the origin of the particular funds or assets which are the subject of the business relationship between the Group and its Associate, its clients and the transactions the Group and its Associates are required to undertake on the client’s behalf (e.g. the amounts being invested or redeemed).

5.17. The source of funds verification requirement refers to confirming where the funds are coming from in order to fund the relationship or transaction.

5.18. The source of wealth is distinct from source of funds and describes the origins of a client’s financial standing or total net worth i.e. those activities which have generated a client’s funds and property.

5.19. The Group and its Associates is required to hold sufficient information and documentation to establish the source of wealth and this information must be obtained for all higher risk clients (for example all PIP’s and all other relationships where the type of product or service being offered makes it appropriate to do so because of its risk profile).

5.20. The Group and its Associates will periodically update relevant CDD information and its risk assessment throughout the business relationship with each client and in the event of any material change (for example, in beneficial ownership or control of the applicant / client or the third parties on whose behalf the applicant/client acts, or an adverse change in the the Group’s perception or that of its Associates concerning the reliability of the CDD information it already holds. Further measures will be taken to re-verify identity of the applicant/client.

5.21. The Group and its Associates will ensure that there is consistency between the information they hold on the applicant/client and the nature of transactions or proposed transactions. Where there is any indication of abnormal or potentially suspicious activity within the context of the product or service being provided, or any other event occurs to cast doubt on the CDD held by the Group and its Associates, additional measures will be undertaken to verify the information already obtained and to obtain such further information as may be necessary.

5.22. Identification and Verification The Group and its Associates will ensure that the relevant CDD information is collected, make an analysis of the information provided and ensure such appropriate verification using external database or sources.

5.23. Any failure to identify and verify clients is an offence under the Act. The Group and its Associates will:

i) Identify and verify the identity of their applicants for business and existing clients on a risk-

based approach (including identifying and verifying the identity of any connected individuals such as beneficial owners and controllers of the applicant);

ii) Determine whether or not an applicant for business is acting or intending to act for a third party; and

iii) Where the Group and its Associates are unable to determine whether the applicant is acting for a third party or not, make a suspicious activity report to the relevant AML/CTF Regulatory Authority.


40

6. ONGOING MONITORING

6.1. As part of the ongoing CDD monitoring process, the Group and its Associates will ensure the regular monitoring of a business relationship, including any transactions and other activity carried out as part of that relationship.

6.2. There are two elements to effective ongoing monitoring:

i) The first element relates to the transactions and activity which occur on a day-to-day basis within a business relationship and which need to be monitored to ensure they remain consistent with the Group and its Associates’ understanding of the client and the product or service it is providing to the client.

ii) The second element relates to the clients themselves and the requirement for the Group

and its Associates to ensure that it continues to have a good understanding of its clients and their beneficial owners.

6.3. This is achieved through maintaining relevant and appropriate CDD and applying appropriate

ongoing screening. The Group and its Associates shall conduct ongoing monitoring of all business relationships, including:

i) Scrutiny of transactions undertaken throughout the course of the relationship, including,

the source of funds, to ensure that the transactions are consistent with the Group and its Associates’ knowledge of the client and the business and risk profile of the client;

ii) Ensuring that documents, data or information collected under the CDD process are kept up to date and relevant by undertaking regular reviews of existing records;

iii) Ensuring that additional measures are applied for higher risk business relationships including conducting enhanced monitoring of the business relationship, by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination;

iv) Enhanced ongoing monitoring on high risk clients, whether a client or beneficial owner, in addition to performing the CDD measures:

a. Undertaking more frequent reviews of high-risk relationships and updating CDD; b. Updating information on a more regular basis; c. Undertaking more regular reviews of transactions and activity against the profile and

expected activity of the business relationship; d. Applying lower monetary thresholds for the monitoring of transactions and activity;

e. Reviews being conducted by persons not directly involved in managing the

relationship; f. Ensuring that the CDD information is readily available to provide the board and CO

with the timely information needed to identify, analyse and effectively monitor high risk relationships and accounts;


41

g. Appropriate approval procedures for high value transactions in respect of high-risk relationships;

h. A greater understanding of the personal circumstances of high-risk relationships,

including an awareness of sources of third-party information.

v) When conducting ongoing monitoring, the following are examples of red flags which may indicate high risk transactions or activity within a business relationship: a. An unusual transaction in the context of the financial institution’s understanding of

the business relationship (for example, abnormal size or frequency for that client or peer group, or a transaction or activity involving an unknown third party);

b. Funds originating from, or destined for, an unusual location, whether specific to an

individual business relationship, or for a generic client or product type; c. Transactions or activity unexpectedly occurring after a period of dormancy; d. Unusual patterns of transactions or activity which have no apparent economic or

lawful purpose; e. An instruction to effect payments for advisory or consulting activities with no

apparent connection to the known activities of the client or their business; f. The involvement of charitable or political donations or sponsorship; or g. A relevant connection with a country or territory that has significant levels of

corruption or provides funding or support for terrorist activities.

vi) It is important to note that a client who is, or may be, attempting to launder money may frequently structure his/her instructions in such a way that the economic or lawful purpose of the instruction is not apparent or is absent entirely. When asked to explain circumstances or transactions, the client may be evasive or may give explanations which do not stand up to reasonable scrutiny.

vii) Should an employee have any suspicions, or have knowledge of, money laundering/terrorist financing ,he/she should not unquestioningly carry out instructions as issued by the client. When faced with unreasonable client instructions that lead the relevant person to know or suspect money laundering/terrorist financing, the applicable reporting procedures should be followed.

viii) The use of cash and monetary instruments as a means of payment or method to transfer funds can pose a higher risk of money laundering/terrorist financing than other means. In order to mitigate this risk, the Group and its Associates will not accept any direct cash and will report any direct cash deposits.

ix) The ongoing monitoring procedures should involve a combination of real-time and post-event monitoring. Post-event monitoring involves periodic, for example monthly, reviews of transactions and activity which have occurred over the preceding period. Real-time monitoring of activity can be effective at reducing exposure to money laundering/terrorist financing and predicate offences such as bribery and corruption, whereas post-event monitoring may be more effective at identifying patterns of unusual transactions or


42

activities. In this respect, regardless of the split of real-time and post-event monitoring, the over-arching purpose of the monitoring process employed should be to ensure that unusual transactions and activity are identified and flagged for further examination. The Group and its Associates will ensure that the flags / alerts raised are examined within the shortest delay and properly documented prior to closure.

x) The Group and its Associates utilise a combination of automated and manual monitoring.

xi) The Group and its Associates shall ensure that where automated monitoring methods are used employees:

a. Understand how the systems work and how to use the systems; b. Understand when changes are to be made to the system (including the nature and

extent of any changes); c. Understand the system’s coverage (including the extent of the transactions, activity

and/or parties monitored); d. Understand the sources of data used (including both the source(s) of internal data fed

into the system and the source(s) of external data to which it is compared); e. Understand the nature of the system’s output (exceptions, alerts etc.); f. Set clear procedures for dealing with potential matches, driven on the basis of risk

rather than resources; and g. Record the basis for discounting alerts (for example, false positives) to ensure there is

an appropriate audit trail.

xii) It is important to note that the use of computerised monitoring systems does not remove the requirement for relevant employees to remain vigilant. It is essential that employees understand the importance of human alertness. Factors such as a person’s intuition; direct contact with a client either face-to-face or on the telephone; and the ability, through practical experience, to recognise transactions and activities which do not seem to have a lawful or economic purpose, or make sense for a particular client, cannot be automated.

xiii) Should there be, within a business relationship, complex, or large and unusual transactions, or unusual patterns of transactions, which have no apparent economic or lawful purpose, employees should examine the background and purpose of those transactions. As part of the examination, the employee should give consideration to the following:

a. Reviewing the identified transaction or activity in conjunction with the relationship

risk assessment and the CDD information held; b. Understanding the background of the activity and making further enquiries to obtain

any additional information required to enable a determination as to whether the transaction or activity has a rational explanation and economic purpose;

c. Reviewing the appropriateness of the relationship risk assessment in light of the

unusual transaction or activity, together with any supplemental CDD information obtained; and


43

d. Considering the transaction or activity in the context of any other connected business relationships and the cumulative effect this may have on the risk attributed to those relationships.

xiv) What constitutes a large and unusual or complex transaction will be based on the particular

circumstances of a business relationship and will therefore vary from client to client. Employees should ensure that the examination of any large and unusual, complex, or otherwise higher risk transaction or pattern of transactions or other activity is sufficiently documented and that such documentation is retained in a readily accessible manner in order to assist the applicable AML/CTF Regulatory Authorities.

xv) Ongoing CDD will ensure that the Group and its Associates are aware of any changes in the development of a business relationship. The extent the Group’s ongoing CDD measures, and those of its Associates, are determined on a risk-sensitive basis.

xvi) In order to reduce the burden on clients in low risk relationships, trigger events (for example, the opening of a new account or the purchase of a further product) present a convenient opportunity to review the CDD information held. The review will take account of the CDD obtained on the client, whether there have been any changes to the client’s activity / circumstances.

xvii) When obtaining CDD or performing ongoing monitoring, the Group and its Associates will

conduct sanction screening searches against the name of an individual or entity and will consider adverse media searches.

xviii) Sanction lists play a significant part in the global fight against financial crime and aim to restrict or prohibit business activities with entire countries, individuals or legal persons who are involved, or suspected of being involved, directly or indirectly in illegal activities. The Group and its Associates shall not provide any services to individuals or legal persons who are identified on any sanction lists. Should an employee become aware of a sanction list hit with regards to a client, potential or existing, the employee shall immediately report this to the MLRO and the MLRO will ensure that any sanction list hits are reported to the applicable AML/CTF Regulatory Authorities as prescribed.

xix) “Adverse media” is the term given to any negative media information, whether alleged or factual. This could be anything from an allegation of fraud by a disgruntled former client to an article in a newspaper relating to a criminal investigation. Consideration should be given to the credibility of the information source, the severity of the negative press, how recent the information is and the potential impact the negative press would have on the business relationship with that client.

xx) The sanction screening process also provides the ability to identify where a client or beneficial owner becomes a PIP during the course of the business relationship. Should a client or beneficial owner become a PIP during the course of an existing business relationship, as part of the enhanced CDD measures subsequently applied, the Group and its Associates shall obtain senior management approval to continue the applicable relationship. The Group and its Associates will never be able to have a thorough knowledge of, or fully research, a family connection. The extent to which a connection is researched should be based upon the size, scale, complexity and involvement of the person in the context of the business relationship and the profile of the business relationship, including its asset value. It is possible that family members and/or associates may not inform the


44

Group and its Associates, or even be aware, of their PIP status and therefore, independent screening and monitoring will be conducted. It is also possible that an individual’s PIP status may not be present at take-on, for example, where that person takes office during the life of a business relationship. The ongoing monitoring process is aimed at mitigating the risks in order to identify changes of status and risk classification.

xxi) The CO will have access to and will familiarise himself/herself with, the results and output from the monitoring processes of the Group and its Associates. The output will be reviewed by the CO who will report regularly to the Board, providing relevant management information such as statistics and key performance indicators, together with details of any trends and actions taken where concerns or discrepancies have been identified. The Board will consider the appropriateness and effectiveness of the afore mentioned monitoring processes as part of its annual review of the Group and its Associates’ business risk assessments and associated policies, procedures and controls.

7. REPORTING

7.1. Financial institutions have the opportunity to observe the day to day transactions of their

clients. Law enforcement agencies do not have unlimited resources to monitor every transaction performed in the financial system by every individual or business but do have access to confidential information relating to known or suspected criminals and terrorists. Communication between the financial institutions and the law enforcement agencies is therefore fundamental with the aim of preventing money laundering and terrorist financing. Financial institutions have a critical responsibility in determining transactions which give rise to reasonable ground to suspect any potential link to money laundering and terrorist financing.

7.2. A suspicious transaction is a transaction (actual, proposed or attempted) which gives rise to a reasonable suspicion (reasonable grounds to suspect should suffice) that it may involve:

i) The laundering of money or the proceeds of any crime;

ii) Funds linked or related to, or to be used for, terrorist financing or by proscribed

organisations, whether or not the funds represent the proceeds of a crime;

iii) Circumstances surrounding a transaction or transactions of unusual or unjustified complexity;

iv) The appearance of having no economic justification or lawful objective;

v) Transactions made by or on behalf of a person whose identity has not been established to the satisfaction of the person with whom the transaction is made; or

vi) Which gives rise to suspicion for any other reason.

7.3. The MLRO/ DMLRO is the person who is nominated to ultimately receive internal disclosures and who considers any report to determine whether an external disclosure is required.

7.4. The reporting responsibilities of the MLRO include:

i) Undertaking a review of all internal disclosures in the light of all available relevant information and determining whether or not such internal disclosures have substance and


45

require an external disclosure to be made to the applicable AML/CTF Regulatory Authorities;

ii) Maintaining all related records;

iii) Giving guidance on how to avoid tipping off the client if any disclosure is made;

iv) Liaising with the applicable AML/CTF Regulatory Authorities and participating in any other third-party enquiries in relation to money laundering/terrorist financing prevention, detection, investigation or compliance; and

v) Providing reports and other information to senior management.

7.5. Should the Group and its Associates identify any unusual activity in the course of a business relationship or occasional transaction it will:

i) Perform appropriate scrutiny of the activity;

ii) Obtain enhanced CDD only if this will not tip off the client; and

iii) Consider whether to make an internal disclosure in accordance with the reporting

procedures.

7.6. Unusual activity includes, but is not limited to, any activity or information relating to a business relationship, occasional transaction or an attempted transaction where there is no apparent economic or lawful purpose, including transactions that are complex; both large and unusual; or of an unusual pattern.

7.7. Unusual activity also includes, but is not limited to, anything that causes the Group, its Associates or any employee of the Group and its Associates to doubt the identity of the client (including beneficial owners and controllers or introducer, where appropriate) or anything that causes the Group, its Associates or any employee to doubt the good faith of the client (including beneficial owners and controllers or introducer, where appropriate).

7.8. Situations that are likely to appear unusual include, inter alia:

i) Transactions or instructions which have no apparent legitimate purpose and appear not to have a commercial rationale;

ii) Transactions, instructions or activity that involve apparent unnecessary complexity;

iii) Where the transaction being requested by the client is out of the ordinary range;

iv) Where the size or pattern of transactions is out of line with expectations for that client;

v) Where the client is not forthcoming with information about their activities, reason for a transaction, source of funds, CDD documentation etc.;

vi) Where the client who has entered into a business relationship uses the relationship for a single transaction or for only a very short period of time where that was not expected;


46

vii) The extensive use of offshore structures where the client’s needs are inconsistent with the use of such services;

viii) Transfers to or from high risk jurisdictions which are not consistent with the client’s expected activity;

ix) Unnecessary routing of funds through third party accounts;

x) Unusual investment transactions with no discernible purpose; and

xi) Extreme urgency in requests from the client, particularly where they are not concerned by large transfer fees, early repayment fees etc.

7.9. Unusual activity is likely to be detected during the ongoing monitoring process, when receiving

an application from a new client, when receiving an instruction to carry out a transaction or during other communications with the client.

7.10. Where an employee identifies unusual activity, he/she should perform ‘appropriate scrutiny’ of the activity and will obtain enhanced CDD. Appropriate scrutiny of the activity may involve making enquiries of the client and asking the questions as per the circumstances.

7.11. The aim of conducting ‘appropriate scrutiny’ is to enable the Group and its Associates to determine whether the activity is in fact suspicious and, if so, make a disclosure. If the activity is not deemed to be suspicious but still appears unusual or risky, the Group and its Associates should consider other actions such as reviewing and updating the client’s risk assessment, arranging further ongoing monitoring or considering whether they have the risk appetite to continue doing business with the client.

7.12. When conducting ‘appropriate scrutiny’, other connected clients, accounts or relationships may need to be examined. Connectivity can arise though commercial connections e.g. linked accounts, introducers etc., or through connected individuals e.g. third parties, controllers, signatories etc. The need to search for information concerning connected accounts or relationships should not delay making an external disclosure to the applicable AML/CTF Regulatory Authorities.

7.13. The nature and scale of the scrutiny required will vary greatly depending on the type of activity, the risk factors involved and the size and scope of the activity. Regardless of the methods adopted, it is essential that the investigation and outcome are clearly documented in a prompt and timely manner.

7.14. The following are likely to cause suspicion after conducting appropriate scrutiny:

i) The client is unable or refuses to provide a reasonable explanation for the activity and this is perceived as being an attempt to conceal criminal conduct rather than the client being awkward, unhelpful or secretive for personal reasons;

ii) The explanation does not “sit right” or does not make economic sense;

iii) Documentation supplied appears to be fraudulent, incomplete or doctored;


47

iv) Independent data sources reveal negative information on the client or related parties such as allegations of corruption; or

v) activity appears consistent with known money laundering/terrorist financing typologies.

7.15. The following tips should be borne in mind when conducting ‘appropriate scrutiny’:

i) Investigate until you feel comfortable with the activity or have sufficient information to submit a disclosure.

ii) Consider using a broad range of data sources – e.g. companies’ registers, address verification sites, social networks, news.

iii) Obtain an understanding of the relationships between the client and any related parties.

iv) Find out if the client is or was acting on behalf of another person. If so, who and why?

v) Compare the client’s explanation with publicly available information. For example, if a large credit supposedly relates to the sale of a house, consider checking the address and average prices in that area.

vi) Consider the information held against known typologies and high-risk indicators, transaction type, client background, location and currency.

vii) By checking the client’s historic activity you may be able to detect a pattern. For example, a local travel agency may always see a surge in cash deposits in peak seasons due to tourism.

viii) If requesting information or documentation from a client, allow a reasonable timeframe for them to respond and communicate by phone and email wherever possible to expedite the process. However, it should be noted that further CDD should not be pursued if it may tip off the client.

7.16. Should an employee identify any suspicious activity or has reasonable ground to suspect that a transaction is suspicious in the course of a business relationship or occasional transaction including prospective clients and transactions that were attempted but that did not take place, he/she should:

i) Consider enhanced CDD documentation; and ii) Make an internal disclosure in accordance with the procedures established under

Annexure 3. Please refer to Appendix 10 for the sample internal disclosure form. 7.17. Following the internal disclosure, the MLRO should then consider the facts surrounding the

internal disclosure to assess whether an external disclosure need to be made to the applicable AML/CTF Regulatory Authorities.

7.18. The Group and its Associates have a documented reporting procedure in place which:

i) Enables all its directors, management and all appropriate employees to know to whom they should report any knowledge or suspicion of ML/TF activity;


48

ii) Ensures that there is a clear reporting chain to the MLRO; iii) Requires reports to be made to the MLRO (“internal disclosures”) of any information or

other matters that come to the attention of the person handling that business and which in that person’s opinion gives rise to any knowledge or suspicion that another person is engaged in money laundering/terrorist financing activity;

iv) Requires that the MLRO considers the internal reports in the light of all other relevant

information available to determine whether or not it gives rise to any knowledge or suspicion of money laundering/terrorist financing activity;

v) Ensures that the MLRO has full access to any other available information that may be of

assistance; and vi) Enables the information or other matters contained in a report (“external disclosure”) to

be provided as soon as is practicable to the applicable AML/CTF Regulatory Authorities if the MLRO knows or suspects that another person is engaged in ML/TF activity.

7.19. The following is a non-exhaustive list of possible money laundering and terrorist financing red

flags that employees should be mindful of when dealing with a business relationship or occasional transaction: i) The deposit/investment or withdrawal of unusually large amounts of cash from an account; ii) Unwillingness to provide CDD documentation on beneficial owners/ controllers; iii) Deposits/investment or withdrawals at a frequency that is inconsistent with the Group and

its Associates’ understanding of that client and their circumstances. iv) Transactions involving the unexplained movement of funds, either as cash or electronic

transfers. v) Payments received from, or requests to make payments to, unknown or un-associated

third parties. vi) Personal and business-related money flows that are difficult to distinguish from each other. vii) Financial activity which is inconsistent with the legitimate or expected activity of the client. viii) An account or business relationship becoming active after a period of dormancy. ix) The client is unable or reluctant to provide details or credible explanations for establishing

a business relationship, opening an account or conducting a transaction. x) The client holds multiple accounts for no apparent commercial or other reason. xi) Payments in foreign currency. xii) Early surrender of an insurance policy incurring substantial loss.


49

xiii) Frequent early repayment of loans. xiv) Frequent transfers indicated as loans sent from relatives. xv) Funds transferred to a charity or non-profit organisation with suspected links to a terrorist

organisation. xvi) High level of funds placed on store value cards. xvii) Insurance policy being closed with a request for the payment to be made to a third party. xviii) Large amounts of cash from unexplained sources. xix) Obtained loan and repaid balance in cash. xx) Purchase of high value assets followed by immediate resale with payment requested via

cheque. 7.20. The existence of one or more red flag does not automatically indicate suspicion and there may

be a legitimate reason why a client has acted in the manner identified. It is however imperative to investigate all possible red flags to ensure that there is no money laundering/terrorist financing risk involved in a specific transaction.

7.21. Where a suspicious activity is identified, an internal disclosure must be made to the MLRO in accordance with the process described in Annexure 3.

7.22. It is the responsibility of the MLRO to consider all internal disclosures he/she receives in the light of full access to all relevant documentation, this may include reviewing CDD, transaction patterns and other connected accounts / relationships and the evaluation process will be fully documented. All relevant persons must ensure that the MLRO receives full cooperation from all employees and full access to all relevant documentation so that he/she is in a position to decide whether there are reasonable grounds to suspect money laundering/terrorist financing.

7.23. Failure by the MLRO to diligently consider all relevant material may lead to vital information being overlooked and the suspicious transaction or activity not being externally disclosed to the applicable AML/CTF Regulatory Authorities in accordance with the requirements of the Act. As a result, the MLRO must document internal disclosures made by employees to record the results of the assessment of each disclosure.

7.24. The Group and its Associates will ensure that all employees are made aware of the identity of

the MLRO and his/her Deputy, and the procedures to follow when making an internal disclosure report to the MLRO. The direct reporting line to the MLRO ensures speed, confidentiality and accessibility to the MLRO. All disclosure reports must reach the MLRO without any undue delay. Under no circumstances should reports be filtered out by supervisors or managers such that they do not reach the MLRO.

7.25. All suspicions reported to the MLRO must be documented (in urgent cases this may follow an initial discussion by telephone). The report must include the full details of the client and as full a statement as possible of the information giving rise to the suspicion.

7.26. The MLRO should acknowledge receipt of the internal disclosure and at the same time, provide a reminder of the obligation to do anything which may prejudice enquiries, such as tipping off the client or any other third party.


50

7.27. MLRO will assess the information contained within the disclosure to determine whether there are reasonable grounds for knowing or suspecting that the activity is related to money laundering/terrorist financing and will make an external disclosure (in the form prescribed by the applicable AML/CTF Regulatory Authorities) as soon as practicable but within the prescribed timeframes after he/she becomes aware of a suspicious transaction.

7.28. The MLRO will establish and maintain a register of all money laundering/terrorist financing internal disclosures made. The register must include the following details of:

i) The date the report was made;

ii) The person who made the report;

iii) Whether the report was made to the MLRO or Deputy MLRO; and;

iv) Information to allow the papers and relevant documentation to be located.

7.29. The MLRO will establish and maintain a register of all money laundering/terrorist financing external disclosures made to the applicable AML/CTF Regulatory Authorities. The register will include details of:

i) The date of the disclosure;

ii) The person making the disclosure; and

iii) Information to allow the records relevant to the disclosures to be located.

7.30. Tipping Off No employee whether he/she is directly/indirectly involved in the reporting of a suspicious transaction shall inform any person involved in the transaction or an unauthorised third party that the transaction has been reported or that information has been supplied to the applicable AML/CTF Regulatory Authorities.

7.31. Reasonable enquiries of a client, conducted in a discreet manner, regarding the background to

a transaction or activity which has given rise to the suspicion is prudent practice, forms an integral part of CDD and ongoing monitoring, and should not give rise to tipping off.

7.32. If an employee suspects that CDD will tip off the client, the employee should stop conducting CDD and instead inform the MLRO who will immediately file a STR with the applicable AML/CTF Regulatory Authorities.

7.33. Terminating a Business Relationship The termination of a business relationship is a commercial decision, except where it is required by law, for example, where the business cannot obtain the required CDD information.

7.34. To prevent tipping off when terminating a business relationship, the Group and its Associates shall consider the following points when interacting with its client:

i) It will become apparent to criminals that elements of their criminal activity is known to the

Group and its Associates, if it begins to ask probing questions regarding certain activities or if it seeks to terminate the relationship or decline entering into a business relationship


51

without a meaningful pretext and the Group and its Associates shall be careful when considering the wording of any statements made to clients explaining their decision; and

ii) The more information which is included in a STR, the more valuable it will be to the applicable AML/CTF Regulatory Authorities. The Group and its Associates shall therefore endeavour to obtain and provide as much information as possible in the STR.

8. RECORD KEEPING

8.1. The Group and its Associates will keep the following records either in the form of original

documents or copies, including electronic copies:

i) All records obtained through CDD measures, including account files, business correspondence and copies of all documents evidencing the identity of clients and beneficial owners, and records and the results of any analysis/assessment, all of which shall be maintained for a period of not less than 7 years after the business relationship has ended.

ii) Records on transactions, both domestic and international, that are sufficient to permit reconstruction of each individual transaction for both account holders and non-account holders, which shall be maintained for a period of 7 years after the completion of the transaction; and

iii) Copies of all reports to the applicable AML/CTF Regulatory Authorities, including any accompanying documentation, which shall be maintained for a period of at least 7 years from the date the report was made.

8.2. Records shall include account records of the client during the course of the relationship and shall be kept as long as prescribed above and the following information where applicable will be kept for every transaction carried out in the course of a business relationship or one-off transaction:

i) The name and address of the client;

ii) If a monetary transaction, the kind of currency and the amount;

iii) If the transaction involves a client’s account, the number, name or other identifier for the

account;

iv) The date of the transaction;

v) Details of the counterparty, including account details;

vi) The nature of the transaction; and

vii) Details of the transaction.

8.3. The Group and its Associates will maintain records of all AML/CTF training delivered to employees. These records will include:

i) The dates on which the training was provided;


52

ii) The nature of the training, including its content and mode of delivery; and

iii) The names of the employees who received the training.

8.4. Should the above-mentioned records be held electronically, the Group and its Associates will ensure that the documents can be reproduced in a legible form and are stored in a usable filing system, so that they can be retrieved/found without undue delay and produced on a timely basis especially where the originals are not to be retained.

9. TRAINING

9.1. The MLRO shall ensure that the Group and its Associates provides ongoing training to all

employees to enable them to comply with the provisions of the Act and the Risk Management Compliance Programme. The training may be provided by third party training providers.

9.2. The training program will educate employees on the following:

i) The CDD duties and process;

ii) The record keeping duty and process; and

iii) The reporting duties and process and the AML/CTF Regulatory Authorities’ right to access to information.

9.3. Different training programmes may be designed and implemented for the different employees

in line with their responsibilities, activities and skills. For example, employees who are responsible for the identification and verification of clients are required to have more intensive training on the provisions of the Act and Compliance Manual than employees who are not involved in the aforementioned activities and who may only require basic training which will include training on the Act and other relevant legislation and the Compliance Training Manual

9.4. All existing employees will receive training on the Compliance Training Manual after adoption thereof and following any changes or amendment thereto and regular but at least annual refresher training.

9.5. All new employees who will be responsible for client identification and verification will not be allowed to interact with clients before they have completed the required training. All other employees will receive training as part of the training induction program.

9.6. The training program will include an assessment to evaluate the level of knowledge and understanding on the compliance obligations imposed by the provisions of the Act and Compliance Training Manual.

9.7. Training attendance registers will be kept ensuring that a record of training attendance and frequency is kept.

9.8. Employee Screening and Training One of the most important tools available to the Group and its Associates, to assist in the prevention and detection of financial crime, is to have appropriately screened employees who are alert to the potential risks of money laundering/terrorist financing and who are well trained


53

with respect to the CDD requirements and the identification of unusual activity, which may prove to be suspicious.

9.9. The effective application of even the best designed systems, policies, procedures and controls

can be quickly compromised if employees lack competence or probity, are unaware of, or fail to apply, the appropriate policies, procedures and controls or are not adequately trained. The Group and its Associates will sanction screen potential candidates when hiring employees.

9.10. Ongoing training programmes are in place for the directors, officers and employees of the Group and its Associates, to maintain awareness of the laws and regulations relating to money laundering/terrorist financing to:

i) Assist them in recognising transactions and actions that may be linked to money laundering

or terrorism financing; and ii) Instruct them in the procedures to be followed where any links have been identified under

sub subparagraph (i).

9.11. The Board must be aware of the obligations in relation to employee screening and training and shall ensure that the training provided to officers and employees is comprehensive and ongoing and that the officers and employees are aware of money laundering and terrorist financing, the associated risks and vulnerabilities of the Group and its Associates, and their corresponding obligations.

9.12. The Group and its Associates shall establish and maintain mechanisms to measure the effectiveness of the AML and CTF training in order to measure the effectiveness of AML and CTF training including the applicable assessment of employees on a sufficiently regular basis in order to satisfy itself that the employees are suitably trained to fulfil their personal and corporate responsibilities.

9.13. In order to ensure that employees are of the required standard of competence, which will depend on the role of the employee, the Group and its Associates shall give consideration to the following prior to, or at the time of, recruitment:

i) Obtaining and confirming details of employment history, qualifications and professional

memberships; ii) Obtaining and confirming appropriate references; iii) Obtaining and confirming details of any regulatory action or action by a professional body

taken against the prospective employee; iv) Obtaining and confirming details of any criminal convictions, including the provision of a

check of the prospective employee’s criminal record; and v) Screening the employees against the UN’s list of designated persons under terrorist and

proliferation financing targeted financial sanctions.

9.14. The Group and its Associates shall carry out periodic ongoing screening of its employees against the UN’s list of designated persons under terrorist and proliferation financing targeted financial sanctions.


54

9.15. Training Methods The Group and its Associates shall ensure that the training provided to employees is adequate and relevant to those being trained and that the content of the training reflects good practice.

9.16. The guiding principle of the AML and CTF training shall be to encourage directors, officers and

employees, irrespective of their level of seniority, to understand and accept their responsibility to contribute to the protection of the Group and its Associates against the risks of money laundering and terrorist financing.

9.17. Training shall highlight to directors, officers and employees the importance of the contribution that they can individually make to the prevention and detection of money laundering and terrorist financing. There is a tendency, in particular on the part of more junior employees, to mistakenly believe that the role they play is less crucial than that of more senior colleagues. Such an attitude can lead to failures in the dissemination of important information because of mistaken assumptions that the information will have already been identified and dealt with by more senior colleagues.

9.18. Frequency and Scope of Training The Group and its Associates shall provide the appropriate level of AML/CTF induction training to all new employees, board members and senior management, before they become actively involved in the operations.

9.19. Satisfactory completion and understanding of the induction training shall be a requirement to

the successful completion of an employee’s probation period.

9.20. The Group and its Associates shall provide basic AML/CTF training to all employees at least annually. Some categories of employees should receive additional, specialized training according to their roles on an ad hoc basis.

9.21. Additional training will be provided in the event of significant amendments to legislation or regulations or where there have been significant technological developments within the Group and its Associates or with the introduction of new products, services or practices.

9.22. Content of Training In providing the training required, the Group and its Associates shall:

i) Provide appropriate training to directors, officers and employees to enable them to competently

analyse information and documentation, so as to enable them to form an opinion on whether the transactions and actions may be linked to money laundering/terrorist financing;

ii) Detail procedures that need to be followed if any links to money laundering/terrorist financing have been identified;

iii) Prepare and provide to employees a copy, in any format, of this Compliance Training Manual;

iv) Ensure employees are fully aware of all applicable legislative requirements;

v) ensure that the ongoing training provided by the Group and its Associates shall cover:

a. The Act and all other regulatory requirements;


55

b. The implications of non-compliance by employees to the Act and the regulatory requirements;

c. This Compliance Training Manual;

d. the requirements for the internal and external disclosing of suspicion;

e. The criminal and regulatory sanctions in place, both in respect of the liability of the financial institution and personal liability for individuals, for failing to report information in accordance with the policies, procedures and controls of the financial institution;

f. The identity and responsibilities of the MLRO, CO and Deputy MLRO;

g. Dealing with business relationships or occasional transactions subject to an internal disclosure, including managing the risk of tipping off and handling questions from clients;

h. Those aspects of the Group and its Associates’ business deemed to pose the greatest money laundering and terrorist financing risks, together with the principal vulnerabilities of the products and services offered by the financial institution, including any new products, services or delivery channels and any technological developments;

i. New developments in money laundering and terrorist financing, including information on current techniques, methods, trends and typologies;

j. The Group and its Associates’ policies, procedures and controls surrounding risk and risk awareness, particularly in relation to the application of CDD measures and the management of high risk and existing business relationships;

k. The identification and examination of unusual transactions or activity outside of that expected for a client;

l. The nature of terrorism funding and terrorist activity in order that employees are alert to transactions or activity that might be terrorist-related;

m. The vulnerabilities of the financial institution to financial misuse by PIP’s, including the effective identification of PIP’s and the understanding, assessing and handling of the potential risks associated with PIP’s; and

n. The relevant regulatory sanctions and the Group and its Associates’ controls to identify and deal with natural persons, legal persons and other entities subject to sanction;

o. Any other matters deemed appropriate to include.

9.23. Additional Training requirements The Group and its Associates shall also identify employees who, in view of their particular responsibilities, should receive additional and ongoing training, appropriate to their roles, and shall provide such additional training.

9.24. The Board and Senior Management The Board and senior management will receive adequate training to ensure they have the knowledge to assess the adequacy and effectiveness of policies, procedures and controls to


56

counter the risk of money laundering and terrorist financing. The additional training provided to the board and senior management will include, a clear explanation and understanding of:

i) Offences and penalties arising for non-reporting or for assisting money launderers or those

involved in terrorist financing; ii) Requirements for CDD including verification of identity and retention of records; and iii) In particular, the application of the financial institution’s risk-based strategy and

procedures.

9.25. The MLRO and Deputy MLRO Ongoing professional development, including participating in professional associations and conferences, is vital for the MLRO and the Deputy MLRO as well as in depth training on all aspects of the prevention and detection of money laundering/terrorist financing, including, but not limited to:

i) AML/CTF legislative and regulatory requirements; ii) The international standards and requirements; iii) The identification and management of money laundering/terrorist financing risk; iv) The design and implementation of internal systems of AML/CTF control; v) The design and implementation of AML/CTF compliance testing and monitoring programs; vi) The identification and handling of suspicious activity and arrangements and suspicious

attempted activity and arrangements; vii) The money laundering and terrorist financing vulnerabilities of relevant services and

products; viii) The handling and validation of internal disclosures; ix) The process of submitting an external disclosure; x) Liaising with law enforcement agencies; xi) Money laundering and terrorist financing trends and typologies; and xii) Managing the risk of tipping off.

9.26. The Compliance Officer

The Compliance Officer is responsible for ensuring continued compliance with the requirements of the Act and having an overall oversight of the program for combatting money laundering and terrorism financing and will receive training on all aspects of the prevention and detection of money laundering and terrorist financing, including, but not limited to addressing the monitoring and testing of compliance systems and controls (including details of the policies and procedures) in place to prevent and detect money laundering and terrorist financing. The details of the Compliance Officer is further detailed in Annexure 1.


57

10. REVIEW

10.1. The processes and procedures contained in the Compliance Manual will be reviewed on a

continuous day to day basis since it forms part of the practical operational environment and employees should communicate any deficiencies to ensure that the deficiencies are corrected, or processes amended immediately.

10.2. The Compliance Training Manual will be subject to an annual review to ensure efficiency and applicability of the processes and procedures.

10.3. Any material changes or amendments to the Compliance Training Manual or the annexures will be subject to formal review and approval by management and will be communicated to the boards.

10.4. All changes or amendments to the Compliance Training Manual or the annexures will be documented in future versions of the Compliance Training Manual in order to keep an accurate revision history of the Compliance Training Manual.


58

APPENDICES 1. Employee Undertaking

2. Offences and Penalties

3. Jurisdictions and List of Non-Cooperative Countries and Territories and Countries with

Deficiencies in their AML/CTF Regime

4. CDD Process & Application Form

5. Client Risk Assessment

6. Acceptable Supporting Documentation

7. Enhanced CDD for High Risk Clients

8. Eligible Introducer Certificate

9. AML Confirmation Letter

10. Sample Internal Disclosure Form


59

APPENDIX 1: EMPLOYEE UNDERTAKING

To: Directors of [Name of relevant Group or Associate entity] (“PRIME”) RE: Compliance Training Manual – Anti Money Laundering and Terrorist Financing I confirm that:

• I have read and understood the PRIME Compliance Training Manual and I have been advised of the requirements of the current version of the relevant laws, regulations and guidance as of the date of this undertaking;

• I have been made aware of the South African laws relating to money laundering and terrorist financing;

• I have been provided with training in the recognition and handling of potential money laundering transactions; and

• I understand that breach of the Money Laundering Laws and Regulations potentially carries severe criminal penalties, both for PRIME and me.

I agree that this undertaking extends to any further amendment, or replacement of, the Legislation, Regulations or Guidance that PRIME may, from time to time, set out in any notice. Signed: Print name: Date:


60

APPENDIX 2: ADMINISTRATIVE SANCTIONS, OFFENCES & PENALTIES

Administrative Sanctions Administrative sanctions may arise as a result of non-compliance with the Act. They can include any one or more of the following:

• A caution not to repeat conduct which led to non-compliance;

• A reprimand;

• A directive to take immediate remedial action;

• A restriction or suspension of a specified business activity; and/or

• A financial penalty not exceeding R10 million for a natural person and R50 million in respect of a legal person.

Offences & Penalties Offences are more serious than Administrative Sanctions and carry harsher penalties. The Act details many such offences, which include the following:

• Destroying or tampering with records: R100 million fine / 15 Years Imprisonment

• Failure to report transactions: R100 million fine / 15 Years Imprisonment

• Tipping Off: R100 million fine / 15 Years Imprisonment

• Failure to comply with FIC Directives: R100 million fine / 15 Years Imprisonment

• Obstructing a FIC Inspection: R10 million fine / 10 Years Imprisonment

• Failure to attend a FIC Summons: R10 million fine / 10 Years Imprisonment

• Failure to answer truthfully at a Summons: R10 million fine / 10 Years Imprisonment


61

APPENDIX 3: JURISDICTIONS

FATF Introduction

The Group and its Associates will use the Financial Action Task Force (FATF) recommendations as a guide with regards to dealing with investors domiciled in foreign jurisdictions. The FATF is the global money laundering/terrorist financing watchdog and an inter-governmental body setting international standards which aim to prevent money laundering/terrorist financing activities and the harm they cause to society. As a policy-making body, the FATF works to generate the necessary political will to bring about national legislative and regulatory reforms in these areas, with more than 200 countries and jurisdictions committed to implementing them. The FATF reviews money laundering/terrorist financing techniques and continuously strengthens its standards to address new risks, such as the regulation of virtual assets, which have spread as cryptocurrencies gain popularity. The FATF monitors countries to ensure they implement the FATF Standards fully and effectively, and holds countries to account that do not comply. On the basis of the results of the review by the International Co-operation Review Group (ICRG), the FATF identifies jurisdictions with strategic AML/CTF deficiencies in public documents that are issued three times a year: High-Risk Jurisdictions subject to a Call for Action and Jurisdictions under Increased Monitoring Call for Action Jurisdictions

The Group and its Associates will not establish a business relationship or conduct a single transaction with persons residing in or established in the call for action jurisdictions.

The call for action jurisdictions can be confirmed via the following link: https://www.fatf-gafi.org/countries/#high-risk

Monitored Jurisdictions

The Group and its Associates will follow Enhanced CDD (ECDD) procedures with regards to persons residing in or established in the monitored jurisdictions. The monitored jurisdictions can be confirmed via the following link: https://www.fatf-gafi.org/countries/#other-monitored-jurisdictions

Compliant Jurisdictions

The FATF members are Countries or Territories whose regulated Financial Services Businesses may be treated as if they were local financial services businesses since their AML/CTF requirements comply with the objectives of the FATF to set standards and promote the effective implementation of legal, regulatory and operational measures for combating money laundering/terrorist financing and other related threats to the integrity of the international financial system. The monitored jurisdictions can be confirmed via the following link: https://www.fatf-gafi.org/countries/#FATF

https://www.fatf-gafi.org/countries/#high-risk

https://www.fatf-gafi.org/countries/#other-monitored-jurisdictions

https://www.fatf-gafi.org/countries/#FATF


62

APPENDIX 4: CDD PROCESS

NEW CLIENTNatural Person NBTDAs per the Forms of Verification

document requirementsMinimum documents required to verify identity of Natural Person /

Representative

Legal Person NBTDAs per the Forms of Verification

document requirementsMinimum documents required to verify existence of Legal Person as well as identify the shareholding

structure / authorised representatives and ultimate

beneficial holders

SCREENING

Any sanction list hits: immediate rejection

No sanction list hits: proceed with risk-rating

DPIP/FPEP hits will impact risk-rating but will not automatically warrant

rejection

Frequency of Updated CDD Documentation Required

Low RiskEvery 5 years

Medium RiskEvery 3 years

High RiskEvery 12 months

Any doubt to the veracity of the docs provided by a client will require that

new docs be provided ASAP. Client refusal to comply - reject the

application and possible STR. Any further doubt to the veracity of new docs - classify the client as high

risk and conduct enhanced CDD

New Business Take On Docs (NBTD) prescribed by operations used for initial screening of client. The NBTD requirement is not impacted by

client risk-rating but the docs are used as part of the risk-rating process

.

All business relationships subject to ongoing CDD which will consist of daily sanction screening reviews and suspicious/unusual transaction monitoring. Any hits will be investigated and might impact a clients initial risk

rating. In the event the abovementioned process will be repeated.

RISK-RATINGMethodology to determine ML/TF risk of customer

Natural personsAdditional

enhanced CDD documents

required and subject to

Management signoff and

approval

Legal personsAdditional

enhanced CDD documents

required and subject to

Management signoff and

approval

Natural persons

Verified NBTD will meet the medium

risk CDD requirements

Legal persons

Verified NBTD will meet the additional CDD requirements

pertaining to medium risk Legal

Persons

Natural personsonly require

simplified CDDNBTD will meet the

low risk CDD requirements

Legal PersonsOnly applicable to

registered RFs, listed companies & regulated financial services businesses

and only require simplified CDD

NBTD will meet the low risk CDD requirements

Low RiskProceed to establish business

relationship if NBTD was received

REJECT if NBTD can not be provided – operational principle

Natural persons & regulated retirement

funds or listed companies

Medium RiskProceed to establish business

relationship if NBTD was received

REJECT if NBTD can not be provided – operational principle

High RiskEnhanced CDD Required

Proceed to establish business relationship ONLY if enhanced

CDD is completed REJECT if NBTD/enhanced CDD can not be provided/conducted

– operational principle


63

APPENDIX 5: CLIENT RISK ASSESSMENT

The risk rating is an automated calculator utilising a third party system provider (currently DocFox) functionality. This will be completed and stored electronically. The risk rating considers a number of elements of risk exposure in order to arrive at a risk rating for each client. Should a client utilise numerous services or products the highest scores will be used for the cumulative calculation. Should a client form part of a group it will be individually rated as though the client was a stand-alone entity, however the highest risk rating of any of the entities in the group will be used to define review periods.

Risk Rating Framework: Natural Persons

Type of Product

Living Annuity 1

Retirement Funds 1

Endowment 4

Tax Free Savings 3

Investment Plan 4

CIS / Mutual Funds 4

Investment Amount (IA)

IA< R5 000 1

R5 000 < IA < R25 000 2

R25 000 < IA < R1M 3

R1M < IA < R10M 4

IA > R10M 5

Source of funds

Savings or Investment 1

Salary or Income 1

Bonus 1

Inheritance 1

Sale of property 1

Other legitimate source - confirmation provided 1

Other - no confirmation 100

Investor Jurisdiction

Local Investor 1

Foreign Investor 2

High Risk Jurisdiction 15

Investor Status

Domestic Prominent Influential Person 100

Foreign Prominent Public Officials 100

Sanction List Hits - NTU 100

N/A 0

Risk Bucket Lower Bound Upper Bound Renewal Period

Low Risk 1 8 5 years / 60 months

Medium Risk 9 17 3 years / 36 months

High Risk 18 100 12 months


64

Risk Rating Framework: Juristics

Type of Product

Partnership 3

Closed Corporation 3

Sole Proprietor 3

Unlisted Company 3

Societies 3

Foundations 3

Non-Profit Organisation 5

Trusts 5

Other 5

Type of Product

Endowment 4

Investment Plan 4



IA< R5 000 1

R5 000 < IA < R25 000 2

R25 000 < IA < R1M 3

R1M < IA < R10M 4

IA > R10M 5

Source of funds

Savings or Investment 1

Income 1

Sale of Property 1




Local Investor 1

Foreign Investor 2


Investor Status




N/A 0






65

Risk Rating Framework: Low Risk Entities

Type of Product

Registered Retirement Fund 1

Regulated Financial Services Business 1

Listed Company 1

Type of Product

Endowment 1

Investment Plan 1



IA< R5 000 1

R5 000 < IA < R25 000 1

R25 000 < IA < R1M 1

R1M < IA < R10M 1

IA > R10M 1

Source of funds

Investment 1

Income 1

Sale of Property 1




Local Investor 1

Foreign Investor 2


Investor Status




N/A 0






66

APPENDIX 6: ACCEPTABLE SUPPORTING DOCUMENTATION

Format of Documentation

Financial institutions must maintain records of all transactions undertaken on behalf of the customer during the course of a business relationship, either in the form of original documents or copies. Where copies of the original identification documents (passports, national ID, drivers’ licence or any acceptable form of identification) are maintained, these copies should be duly certified in accordance with the CDD measures in place. The Group and its Associates decided to follow a risk-based approach to determine its own risk tolerance. The risk assessment and sanction screening conducted on all clients sufficiently ensures that the risk rating is sufficient and in addition thereto ongoing monitoring which includes sanction screening will ensure that the Group and its Associates are made aware of any change to a low risk client’s risk rating. Should any change occur the client will be requested to provide additional CDD documents as per the amended risk rating. Certified copies will also not be required where documents are digitally verified through the use of third-party verification software.

CDD Documentation Requirements

The client risk rating will determine the CDD documents which are required. Any doubt to the veracity of the CDD documentation provided by a client will require that new CDD documentation will have to be provided. Refusal to comply will result in the rejection of the application and possible STR reports. Any further doubt to the veracity of new CDD documentation will result in the classification of the client as high risk and will require that enhanced CDD is conducted.

• Low Risk Clients

Natural Persons & their Representatives:

This category will generally be natural persons who do not reside in or originate from the high-risk jurisdictions and who invest in low risk products or who invest small amounts per annum.

IDENTIFY VERIFICATION DOCUMENT VERIFICATION PROCESS

Full Name, Surname and ID nr

of Client and Representative

ID Document / Passport / Driver’s Licence

with visible photograph and legible text /

Birth Certificate / Proof of guardianship ico

Minors / Proof of Address / Source of

Funds

Certified copy / signed

verification certificate by third

party confirming that

documents were verified or

digital biometric verification

Proof of Representation (if

applicable)

Letter of authority, Court order etc.

Legal Persons & their Representatives

Registered retirement funds, listed companies and regulated financial services business which do not originate from the high-risk jurisdictions are deemed to be low risk due to the nature of these juristic entities and the regulatory oversight they are subject to and compliance requirements imposed on them. Should the Group and its Associates have any doubts with regards to the CDD documents provided by these entities they will immediately be regarded as high risk and enhanced CDD documents will be required (Reference table on next page).


67


Name and registration nr of

RF/Company/Business:

RF registration certificate and fund rules

Listed status confirmation and a copy of

the annual report and accounts of the

public company

Official documents (constitution and

register of directors/members etc or

equivalent as a minimum) from the

applicable regulatory entity witnessing

incorporation of the company, bearing the

registered and trade name, number and

address

Register of directors or equivalent list

Organogram indicating shareholding

structure and register of shareholders or

share certificates in order to identify the

ultimate beneficial owner(s) and

confirmation of nature of business

Documentary evidence of the existence of

the financial services business and of its

regulated status

Certified copy of document or

signed verification certificate by

third party confirming that

documents were verified or

digital biometric verification

Additionally, registration/ listing

/ authority to act can be

confirmed on the applicable

regulatory authority/ exchange

website

Proof of Representation Letter of authority/appointment or

resolution confirming authority to act on

behalf of RF or company or business

Full Name & Surname

of Representative(s)

ID Document / Passport / Driver’s Licence

with visible photograph and legible text

The Group and its Associates acknowledge that the decision to apply the simplified CDD measures with regards to all low risk clients does not remove its responsibility to adopt CDD measures, it only allows for application of reduced measures.

• Medium Risk Clients

The NBTD which are requested as part of the application process shall be sufficient to cover the CDD requirements of medium risk clients.

Natural Persons & their Representatives: Natural persons who do not reside in or originate from the high-risk jurisdictions.


Full Name, Surname and ID nr

of Client and Representative

ID Document / Passport / Driver’s Licence with

visible photograph and legible text/ Birth

Certificate ico Minors

Certified copy of document

or signed verification

certificate by third party

confirming that documents

were verified or digital

biometric verification

Residential Address of Client: Proof of Address (not older than 3 months)

• a recent utility bill issued to the Client by name;

• a recent bank or credit card statement;

• a recent reference or letter of introduction from

a regulated financial services business which is

operating in an equivalent jurisdiction or a

jurisdiction that complies with the FATF

standards; or

• co-habitant affidavit


68

Proof of Representation (if

applicable)

Letter of authority, Court order etc.

Source of Funds: As per confirmation in Application Form Confirmation in application

is sufficient Income Tax Number of Client: As per confirmation in Application Form

Legal Persons & their Representatives Any local and foreign legal persons which does not originate from the high-risk jurisdictions.

LEGAL ENTITY IDENTIFY VERIFICATION DOCUMENT VERIFICATION PROCESS

Trusts Name and registration

nr of Trust and address

of Master’s office/

Government

department if

applicable:

1.The Trust Deed (including

Testamentary (Will) Trusts)

2.The Will and letter of

Executorship in the case of

Testamentary Trust

3.The Letter of Authority

appointing the Trustees

4. AFS and or annual report

5. Confirmation of all

beneficiaries in order to

identify the ultimate beneficial

owner(s) – either in Trust

Deed or confirmation from

Trustees(s)





were verified

Founder, Trustees,

Beneficiaries

Proof of banking details Bank statements on a bank

letterhead or a bank printed

statement not older than 3

months

Proof of Representation

(if applicable)

A Resolution signed by all

trustees appointing the

authorised signatories of the

Trust

Full Name & Surname of

Founder, Trustees,

Beneficiaries, and

Representative(s)

ID Document / Passport /

Driver’s Licence

Proof of Address for

Founder, Trustees,

Beneficiaries, and

Representative(s)

Proof of residential address for

each authorised signatory

Source of funds Bank statement or bank

reference letter or any

applicable document

confirming source of funds

Income Tax Nr Confirmation in Application Confirmation is sufficient


Unlisted / private

companies

Closed Corporations

Name and registration

nr

Directors / Members

Shareholders / UBO

1. Official documents

(constitution and register of

directors or equivalent as a

minimum) from the applicable

regulatory entity witnessing

incorporation of the company,

bearing the registered and

trade name, number and

address





were verified

Additionally, registration be


regulatory entity’s website


69

2. Organogram indicating

shareholding structure and

register of shareholders or

share certificates in order to

identify the ultimate beneficial

owner(s) and confirmation of

nature of business

3. AFS and/or annual report




months


(if applicable)

Resolution on company

letterhead signed by all

directors confirming authority

to act on behalf of the

company


each company director,

all managers, authorised

signatories and

individuals holding 25%

or more of the

ownership interest


Driver’s Licence




signatories and


or more of the

ownership interest


each authorised

representative

Source of fund Bank statement or bank


applicable document




Partnerships

Societes

Foundations

Other Legal Entities

Name and registration

nr

Members / Partners

UBO

1.A copy of the constitution or

other founding documents for

the legal entity

2.Identification of the ultimate

beneficial owner and

confirmation of nature of

business

3.Proof of trade name and

business address

3. AFS and or annual report





were verified

Additionally, registration be



if possible




months


(if applicable)





70

to act on behalf of the

company




signatories and


or more of the

ownership interest


Driver’s Licence




signatories and


or more of the

ownership interest


each authorised

representative



applicable document




REGISTERED CIS

FUNDS

Name and confirmation

of registration or

regulation

1. Copy of the Prospectus/

PPM/ Main Deed of the

Scheme and supplement/

supplemental deed of the

specific fund / confirmation of

registration with regulatory

authority if not clear from the

aforementioned documents





were verified

Additionally registration be






months


(if applicable)




to act on behalf of the scheme



and person authorised

signatories and


or more of the

ownership interest


Driver’s Licence



and person authorised

signatories and


or more of the

ownership interest


each authorised

representative




71

applicable document



HIGH RISK CLIENTS

High risk clients will require the NBTD as well as the ECDD process as detailed in Schedule 1 and

Appendix 7.


72

APPENDIX 7: ENHANCED CDD FOR HIGH RISK CLIENTS

The information below needs to be collected when conducting an ECDD to enable the CO to make a recommendation to the board with regards to the acceptance or rejection of a high-risk client. The list below is not exhaustive, and the CO should make necessary enquiries and request for documents as he deems appropriate on a case to case basis.

Sources of Funds:

1. Are the funds being transferred from an account in the client’s name? State evidence

2. Are the funds being transferred on behalf of the client from a third party?

A CDD review needs to be performed on the third party. State evidence

3. Are the funds being transferred from a client or third party located in an Appendix 3 call for action,

monitored or FATF compliant jurisdiction? State evidence

Documentary support to substantiate source of funds as stated by the client should be obtained and attached hereto (e.g. confirmation / declaration from accountant or banker). Original documents or original certified copies of the documents are required. Rationale for the Business Relationship

4. Has the client’s motivation for approaching the Group and its Associates for this business

relationship, transaction or service been determined? State evidence

5. Has the nature of the client’s business or activities been independently confirmed?

State evidence 6. Is the size and nature of the transaction consistent with the rational for the transaction and the

business or activities of the client? State evidence

7. In the case of a business relationship where activity will occur in more than one jurisdiction, is there

a legitimate reason for structuring it in this way? State evidence

8. In the case of a legal body or legal arrangement, is the proposed activity within the parameters of

the Constitutive document(s) (e.g. Memorandum and Articles of Association or the Trust Deed etc.)?

State evidence


73

APPENDIX 8: ELIGIBLE INTRODUCER CERTIFICATE

Specimen Eligible Introducer Certificate

Name of Client: ____________________________

Address of Client: ____________________________

(including postcode)

Full Name of Regulated Introducer: ____________________________ Licence or Registration No: ____________________________

Name of Regulator: ____________________________ Country of Regulator: ____________________________

I/We certify that in accordance with the provisions of the Financial Intelligence Centre Amendment Act of 2017: 1. I/We have undertaken and completed Customer Due Diligence measures for the Client and

confirm that I/we have in our possession sufficient information to establish the ownership and control structure of the Client (if a corporate entity) or the Client’s identity (if a natural person).

2. Original or certified copies of Customer Due Diligence documentation will be made available to

the Prime Financial Services Group upon request without delay.

AND

3. The Client(s) is/are applying on his/her own behalf and not as a representative, nominee, trustee

or in a fiduciary capacity for any other person.

4. I/We am/are unaware of any activities of the Client(s) that cause me/us to suspect either that the Client(s) is/are engaged in money laundering or any other form of criminal conduct.

Signed:

____________________________

Full Names:

____________________________


74

APPENDIX 9: AML CONFIRMATION LETTER

NOTE: THIS ONLY SERVES AS A POSSIBLE TEMPLATE FOR REFERENCE PURPOSES. EACH ENTITY MIGHT PREFER TO USE THEIR OWN TEMPLATE AND THE COMPLIANCE OFFICER WILL DETERMINE IF THE AML LETTER RECEIVED IS APPROPRIATE ON A CASE BY CASE BASIS.

RE: Verification of Investor Identity & Compliance with Applicable Laws and Regulations Dear Sir or Madam: TBC entity name with an address of TBC hereby wish to confirm that we are the (TBC administrator/manager etc) of the TBC underlying investment respectively. We are regulated for anti-money laundering purposes by the TBC entity and jurisdiction. i. We have established AML/CTF policies, procedures and internal controls to ensure ongoing

compliance with applicable AML/CTF and economic sanctions laws and regulations and FATF standards;

ii. Our AML/CTF policies, procedures internal controls incorporates systems and controls to identify

and verify our customers, and where applicable their beneficial owners and controlling parties, and performs (i) appropriate risk-grading procedures to differentiate between customer due diligence for high and low risk relationships (ii) ongoing customer due diligence, (iii) regular AML/CTF monitoring and sanction screening, (iv) staff AML/CTF training and (v) detect, investigate and, as required, report any suspicious activities to the relevant authorities.

iii. We have systems and controls in place to identify Politically Exposed Persons, their relatives and

close associates (PEPs) and we conduct enhanced due diligence, including establishing the source of wealth and the source of funds and enhanced ongoing monitoring on PEPs and other high-risk customers.

We hereby confirm the following in connection with all shareholders (“Shareholders”) and all underlying beneficial shareholders in the TBC respectively:

1. We have performed the anti-money-laundering and counter-terrorist financing identification and verification of the above Shareholders and underlying beneficial shareholders and no single person holds more than 25% of the shares of TBC.

2. We confirm, we have access to and have verified the true name, permanent address and other relevant customer due diligence (CDD) of the above Shareholders and underlying beneficial shareholders as appropriate.

3. The evidence we have obtained to verify the identity of the above Shareholders and underlying beneficial shareholders meets the requirements of our national anti-money laundering and counter-terrorist financing legislation and regulations as contained in the TBC applicable AML Legislation.

4. We are aware that you are placing reliance upon the anti-money laundering and counter-terrorist financing identification carried out by us for the above Shareholders and underlying beneficial shareholders and that such reliance may result in detriment to you if there is a deficiency in the anti-money laundering and counter-terrorist financing identification carried out by us.


75

5. We will inform you immediately if we are unable to verify the identity of the above

Shareholders or underlying beneficial shareholders. 6. We will provide you with all documents and information, which we may have on our files

relating to the identity of each Shareholder and underlying beneficial shareholders without delay upon written request.

7. We will retain these documents and information for a period of at least 7 years after the relationship with a Shareholder has ended.

8. We will inform you immediately if we are aware of the above Shareholders or underlying beneficial shareholders are engaging in activities which lead us to suspect that the above Shareholders or underlying beneficial shareholders are involved in money laundering or terrorist financing, subject to such disclosure not being prohibited under our regulatory requirements.

9. We will inform you if we identify that any of the above Shareholders or underlying beneficial shareholders should be considered to be Politically Important Persons or are immediate family members or close associates of Politically Important Persons.

10. We will take measures to ensure that the Shareholders and underlying beneficial shareholders are neither individuals or institutions against whom sanctions have been imposed by the EU or United Nations or persons or entities that are included on the List of Specially Designated Nationals and Blocked Persons maintained by the U.S. Treasury’s Department’s Office of Foreign Asset Control (“OFAC”).

We further undertake to provide updated confirmation, to the effect above, upon your reasonable request in the future Yours faithfully

Name: Title: Date:


76

APPENDIX 10: SAMPLE INTERNAL DISCLOSURE FORM TO MLRO

A copy of the completed report must be retained by the person reporting the suspicious activities elaborated on therein. This retained copy should be signed by the MLRO.

DETAILS OF CLIENT BEING REPORTED Full name: Address (registered if required): Postal: Physical: Telephone numbers (as appropriate): Home: Work:

Cell: Email: Identity /passport / company registration No: Income Tax Number: Bank account details (as appropriate): ____________________________ Name of organization client represents or works for: Capacity: NATURE OF SUSPICION:


77

REASON(S) FOR SUSPICION: SUPERVISOR / MANAGER REFERRED TO: Name: Position: Contact details: Supervisor / Manager Comments: Attach any copy of supporting documentation to this report. Further information can be written on the back of the report. NAME OF STAFF MEMBER MAKING THIS REPORT Contact details: Date handed to MLRO:


78

SIGNATURE: RECEIPT FOR ANTI-MONEY LAUNDERING REPORT HANDED TO MONEY LAUNDERING REPORTING OFFICER Report received from: Name: ________________________________________________________ Email address: ______________________ Cell: _________________________ Date received: ______________________ Signed by: ___________________ Signature: ___________________ Entered in registry: