The role of industry associations within the Risk Based Approach system –  By Nkateko Nkhwashu  



The recent amendments to the Financial Intelligence Centre act 38 of 2001 (FICA) by the Financial Intelligence Centre Amendment Act 1 of 2017 (FIC Amendment Act) focused much on how the new Risk-Based Approach (RBA) to customer identification and verification was going to change the way of doing things for the accountable and reporting institutions and to some extent that of both the regulatory and supervisory bodies. Both the latter are already a step ahead and seems to be a bit mature when it comes to regulating and assessing institutions’ compliance on a risk sensitive basis. In all these however one cannot help but ask the question “what then does this mean for the industry associations or representatives?”.

As Moorcroft, amongst others, would agree that industry associations play a very significant role in all developments within a country’s financial regulatory framework, thus any book or literature, on banking for instances, that claims to be comprehensive must include a chapter or discussion on industry associations. Industry associations are not a mere ‘post-box’ for financial institutions and other financial services providers when it comes to influencing policy as well as the formulation of regulatory positions but are rather the very core that shapes the same and ensures a weighty and consolidated ‘one voice’ of the industry on regulatory issues. Thus, industry associations are as equally important and on the same footing with other key stakeholders on all regulatory development initiatives.

Prior looking at the role of industry associations within the RBA perhaps it is important to take a step back and reflect on what the RBA entails as well as look at some of the ways or methods of engagement which were recently used by the regulator, Financial Intelligence Centre (the Centre), throughout all the processes which culminated in the current FIC Amendment Act. This will then be looked at against one of the primary roles of industry associations which is to influence policy, amongst others, through formulated and consolidated industry positions on regulatory issues.

Loosely, an RBA entails a situation wherein accountable and reporting institutions are now given the discretion as to how they come up with ways to identify and verify clients based on each institution’s risk assessments. This then do away with the one-size fits all rules-based or tick-box approach used previously. Under the latter approach institutions sort of followed what was prescribed to them by the regulatory authorities when carrying out and complying with their legal obligations. This approach further ensured that there was certainty and consistency on the application of various legal requirements. Thus, more often than not, accountable and reporting institutions applied the law in a similar fashion. These then further resulted in industry associations being able to easily formulate consolidated industry positions to present to the regulatory authorities when dealing with such issues. This, however, as evident from the recent developments ushered in by the RBA is set to change. Accountable institution’s responses to issues and interests are going to vary and as such industry associations needs to redefine and reposition themselves within the new regulatory framework or else loose relevance as well as value.

It should be noted that the afore-mentioned concern for industry associations is not only in respect of the FIC Amendment act but also other legislative prescripts which also advocates for an RBA within various fronts of the financial regulatory framework.

Through-out the consultation processes to the FIC Amendment Act and owing to the new approach (RBA) there seem to be a shift or preferred new way of engagement with the industry by the Centre and the National Treasury (Policy-maker). For instances, during the first half of 2017 when various draft guidance notes as well as withdrawal notices were issued by the Centre it was suggested and strongly encouraged by the Centre that accountable institutions were to respond individually and directly to the Centre as opposed to doing so via industry associations. I submit that the suggested approach was and is justifiable within the new RBA. However, a question comes as to how then do industry associations ensure that they play meaningfully within this space?

As once suggested by the regulatory authorities, do industry associations then look at, identify and address common themes on the issued documents or do they simple provide an environment or forum where all these issues can be discussed prior responding to the regulatory authorities or what. If the latter is the case then it becomes difficult to have formulated and consolidate industry positions to take to the regulatory authorities and most important it further becomes difficult for industry associations to add value to the entire regulatory process. In this instance, the least industry associations can do is to merely play the ‘chairmanship’ or the ‘coordinator’s’ role. If that is the case then the value-add question remains. Lastly the industry association’s perception on the new engagement approach is very key. Do they view it as a divide and conquer strategy by the regulatory authorities or as an inevitable consequence of the new RBA wherein individual institutions respond differently to identified risks?

As already alluded to elsewhere in this article industry associations, if they want to continue adding value to various regulatory developments, need to regroup and redefine themselves as well as their role as ‘voices’ of respective industries within the new regime. One, they can hire strategic competent staff with the technical know-how on various regulatory issues who can shape and lead positions and issues for the sector. Additionally, such staff needs to be able to see and understand the regulatory framework five-to-ten years from now as well as the previous or historical underpinnings of issues. These can be the very same people who would ensure that they hold seminars and conferences specifically on regulatory issues for the sector and thus be at the fore front and add value. Lastly, industry associations should be steeped in thorough research so as not to blemish the reputation of the sector on various forums.

Since the RBA is formally being introduced for the first in South Africa but has been in existence in other countries for quite some time, industry associations have the luxury to tap into and learn from their international counterparts. There are various forums in which SA’s industry associations are participants to. The question to ask is whether are we taking advantage of these membership forums and thus participate meaningfully or are we merely there for a free-lunch and ride? If we are not there to add value then the efficiency question comes to fore when it comes to attending each and every international forum on an annual basis.

Still on the issue of efficiency perhaps it is now time for us to looking at the United Kingdom’s experience wherein industry associations have now been consolidated and put under one umbrella which is an organization called UK Finance. UK Finance include, for instance, one of the biggest banking industry association which is the British Bankers Association. I submit that this is one approach or model worth looking at as it allows for sharing of expertise and saving of costs. If such was to materialize in SA it would pull together the likes of Banking Association South Africa (BASA), Payments Association of South Africa (PASA), Association for Savings and Investment South Africa (ASISA) and South African Insurance Association (SAIA), etc.

In support of my suggestion and submission above I call the audience’s attention to the recently introduced conglomerate supervision ushered in by the Financial Regulation Act 9 of 2017 or the often talked about Twin Peaks regulatory framework. Conglomerates or huge international financial institutions usually offers both banking and insurance services under the same roof, for example. Arguably, these can be represented by one industry association as oppose to the now fragmented or scattered arrangement.

Finally, industry associations, for example, ASISA can play the role of holding the policy-makers as well as the regulatory authorities accountable on behalf of their members with respect to promises as well as undertakings made by the authorities. For example, with the new requirements of the FIC Amendment Act and through-out the consultation processes it was acknowledged by all relevant stakeholders that practical application of some of the mandatory new requirements was going to prove to be difficult. In response to this the policy-maker and the regulator promised and undertook to convene various workshops wherein these issues were to be dealt with each in detail. This is yet to take place and no one is being held to account. This is concerning given the fact that during all the processes leading up to the promulgation of the FIC Amendment Act it was clear that there was a trust deficit between the authorities as against the industry.


In summary, in as much as the new RBA holds advantages and challenges for accountable and reporting institutions together with the regulatory authorities it also holds the same for industry associations or representatives. However, the voice of the latter has been missing on recent discourse on the same issue. For instances, Prof de Koker’s recent book which also looks at the challenges to implementation of the RBA fails to discuss some of these issues (see de Koker et alMoney Laundering and Terror Financing Law and Compliance in South Africa 2017-2018 LexisNexis). Finally, industry association or representatives needs to revisit their mandate and revise the same in order to remain relevant and add value with respect to regulatory issues.





Financial Intelligence Centre Act 38 of 2001

Financial Intelligence Centre Amendment Act 1 of 2017

Financial Sector Regulation Act 9 of 2017

Financial Intelligence Centre Homepage

Banking Law and Practice by J Moorcroft and ML Vession LexisNexis

Banking Association of South Africa Homepage

British Bankers Association homepage

De koker et al Money Laundering and Terror Financing Law and Compliance in South Africa 2017-2018 LexisNexis






How Should the Legal Practice Council deal with FICA as amended going forward?  – By Nkateko Nkhwashu


Significant changes are being ushered in by the Legal Practice Act 28 of 2014 (LPA). Most of these will take effect towards the end of 2018 when other provisions of the LPA officially come into effect. Amongst the key changes to be introduced under the LPA includes the constitution and establishment of the Legal Practice Council (LPC) together with relevant Provincial Councils (PC). The LPC is said to, amongst others, have its sight set on the regulation of the profession. In effect both the LPC and PCs will take on some of the functions which previously fell within the purview of the Law Society of South Africa (LSSA) as well as the provincial law societies. With regard to the latter and for the purposes of this article being the four regional law societies(RLS) as envisaged under Section 56 of the Attorneys Act 53 of 1979.

Brief background on the profession’ supervision of FICA

Perhaps before getting deeper into some of the key developments which impacts on the profession it is important to take a step back and look at one of the key function shared by the LSSA and the four RLS. This relates to the supervisory as well as enforcement role of or related to the Financial Intelligence Centre Act 38 of 2001 (FICA). In terms of FICA the LSSA is designated as the supervisor for the profession in terms of Schedule 2. However, since the LSSA is or was more focused on educational related initiatives of the profession the four RLS played a significant role, albeit limited, in this space. For example, the former provided extensive anti-money laundering and counter terrorist financing education to the profession via its LEAD programmes and the latter on the other hand, provided guidelines as well as manuals on how to develop internal controls as required under FICA, amongst others.

Under FICA, which was premised on the rules-based or ‘tick-box’ approach it was easier for either the LSSA and the RLS to issue manuals, guidance and or guidelines. FICA has however since underwent a significant change in that it now introduces what is called a Risk-Based Approach (RBA) to customer identification and verification. This has been introduced via the Financial Intelligence Centre Amendment Act 1 of 2017 (FIC Amendment Act). The essence of the new RBA is that it does away with the one-size fits all approach and as a result each institution, irrespective of sector, will individually have to assess its own risk exposure to money laundering and terrorist financing and as a result respond accordingly. This new change impacts both the accountable as well as the supervisory and regulatory authorities including, in the near future, the LPC and its various PCs. This then raise a question as to how should both deal with FICA as amended going forward?

Prior looking at what should be done for the profession going forward its worth reflecting on some of the concerns raised by the Financial Action Task Force (FATF) in its mutual evaluation report of South Africa, 2009. First, it was noted that the RLS did not have specific powers to impose sanctions in accordance with FICA. More often than not, the contraventions or breaches which were picked up by the RLS related mostly to or came about as a result of probing allegations around attorneys’ trust accounts. What this then shows is that previously much focus was given by the RLS to issues related to trust accounts than anything. Perhaps this is one area in which the LPC and PCs should improve upon.

The possibility of lack of AML/CFT skills and resources by the RLS was also noted by the FATF. In such cases, it was suggested and noted that the profession could tap into the resources of the Financial Intelligence Centre (the Centre) when conducting inspections. Thus, the LPC and PCs can also tap into this in order to enhance skills, expertise and leverage on the Centre’s resources during inspections.

The afore-mentioned concerns and suggestions, amongst others, demonstrated how immature the supervision of FICA was and continues to be for the legal profession. The FATF report played a significant role on the amendments to FICA as a whole. Furthermore, it triggered other developments within the legal framework pertinent to the legal profession. One key such being the proposed amendments to the Schedules of FICA. This came at an opportune moment as the LPA which amends the Attorneys Act 53 of 1979 and the Admission of Advocate Act 74 of 1964, amongst others, was set to take effect. Thus, the substitution of the Attorneys Act (name) from the Schedules (Schedule 1) for that of the LPA will be easy to effect.

Additionally, there was, previously, proposals by the legal profession that the names of all four RLS be specified in the Schedules and as a result these become designated supervisory bodies. The process to amend the Schedules is currently underway and should be mindful or married to the developments within the LPA wherein we now have the LPC and its various PCs as regulators of the profession. Should the LPC and PCs be designated as FICA supervisory bodies then there will be a need to increase their resources substantially to meet their new supervisory and enforcement roles. This is noted and supported in the 2009 FATF report.

These are just some of the concerns which were noted in relation to the legal profession. As already alluded to elsewhere in this article, the FIC Amendment Act introduces significant changes which will need a fresh approach by the LPC and PCs. Evident from the comments and submissions by the LSSA during the consultation period on the FIC Amendment Act was the fact that the profession stands in a unique position compared to other accountable institutions with regard to its legal obligations in terms of FICA. Regard was also had as to how the majority of the law firms were comprised. This then led to a repeated call by the LSSA to have the profession regulated separately from the rest. There was also a call to leave certain exemptions intact, however under the RBA this is not possible as each decision or measure employed to counter risks have to be documented and substantiated on to the supervisory authorities. Higher risk scenarios will be met by enhanced due diligence measures and lower risks by simplified measures. There is no room for complete exemption.

As alluded to before the RBA differs from the rules-based or tick box approach. Under the latter approach rules or prescribed list of requirements and how to go about comply with the same was spelt out in law. Thus, it was easier for the LSSA or either of the law societies to draw from that an issue manuals, guidelines, etc. Now under the RBA firms’ risk responses and appetites will differ one from the other. This then presents a challenge for the supervisors (i.e. LPC and PCs) on how to go about monitor compliance with the law. Furthermore, this then takes us back to the question, how should the LPC and PCs deal with the new requirements of the FIC Amendment Act going forward?

How should the LPC and PCs deal with FICA going forward?

Under the RBA wherein the discretion to choose control measures to deal with identified risks is on the hands of the accountable institutions (i.e. law firms) there are very few key things which the LPC and PCs should do and focus on. The first key important thing to do is ensure that the call for separate regulation of the profession is maintained. This should be done through, for instance, a sector-specific high-level Guidance Note for the profession. The recently issued Guidance Note 7 on the implementation of various aspects of the Financial Intelligence Centre, 2001, is too generic and financial-sector-focused and as a result it does very little justice to the interests of the profession. In any case, it is also acknowledged within that guidance that the regulatory authorities are open to issuing other industry specific guidance notes.

Secondly, and most importantly the RBA hinges on what is called a Risk Management and Compliance Programme (RMCP) as envisaged under Section 42 of the FIC Amendment Act. The RMCP is said to be the foundation and core basis towards an effective implementation of the RBA. It calls for documentation of all efforts as well as reasoning or justification behind all risks-related decisions taken. This is one key section which I submit should occupy and consume the attention of the LPC and PCs. I suggest that both should strive towards coming up with sector specific high-level guiding principles of an RMCP (or its content). These can also be taught and inculcated on legal practitioners via the now proposed Practical Vocational Training (PVT).

Thirdly, it is widely acknowledged that most practices comprise of a minimum of two practitioners at most. In such situations, there might be an issue of lack of risk management skills in general. It should be remembered that the RBA rest upon continuous risk assessments. As also acknowledged previously by the LSSA, provision should be made for risk matrix templates specific to the profession. This can be done by the regulatory authorities or alternatively by the LPC and PCs. Such matrixes are going to be instrumental and helpful to smaller firms when assessing individual risks and threats.

Finally, pursuant to the FIC Amendment Act all exemptions applicable to the legal profession has now been withdrawn. The scope of compliance for the profession has, as a result, been widen. Newer onerous provisions have to be applied by the profession as well, for example, identifying and verifying beneficial owners, Prominent Influential Persons, Legal Entities and Arrangements, continuous risk assessment and the maintenance of RMCPs, etc. The LPC and its PCs will to come up with outreach and or educational initiatives specific to the profession on these. These will require resource and expertise for the LPC and various PCs alike. Again, the regulatory authorities might be helpful in this regard.


In a nutshell, the above background as well as some of the few key suggestions outlined above are intended to get the LPC and PCs started on how to deal with the FIC Amendment Act. The profession’s approach to FICA or AML/CFT was and is still in its infancy and the focus is still much more on the regulation of legal professionals as against the public. Furthermore, the fact that its key supervisors lack enforcement and sanctioning ability adds to its challenges. It should however be noted that there are develops underway which might change this position. The formal RBA, flexible and arguably effective as it is, is still fairly new within SA’s regulatory framework and many lessons will still be learned along the way. Finally, with regard to the RBA, the devil is literally in the details which are not to entertained since risk profiles and appetites will vary, thus the reason why my suggestions are ‘high-level’.


Attorneys Act 56 of 1979

Admissions of Advocates Act 74 of 1964

Financial Intelligence Centre Act 38 of 2001

Financial Intelligence Centre Amendment Act 1 of 2017

Legal Practice Act 28 of 2014

Guidance Note 7 on the implementation of various provisions of the Financial Intelligence Centre Act, 2001

South Africa’s 2009 Mutual Evaluation Report by the Financial Action Task Force

Out with the Old and In with the New – Understanding the Legal Practice Actby Etienne Barnard, 28 October 2015 (De Rebus)