Financial institutions, law firms, estate agents and other accountable institutions operating in South Africa must vet all employees for competence and integrity, or risk sanction, including a fine of up to ZAR 50 million.
On 31 March 2023, the South African Department of Finance published Directive 8 on the compulsory screening of employees. In terms of this directive, accountable institutions (including lawyers, estate agents, financial services providers and other forms of companies listed in Schedule 1 of the Financial Intelligence Centre Act (FICA)) must periodically screen prospective and current employees for competence and integrity, and to determine whether such employee is a person subject to UN Sanctions in terms of Section 26A(3) of FICA. Additionally, accountable institutions are obliged to record how the screening has been conducted and must keep records of the outcome of such screening. These records must be made available to the Financial Intelligence Centre (FIC) upon request.
In February 2023, the Financial Action Task Force (FATF) Plenary concluded that it would adopt the Report on South African Anti-money Laundering and Counter Terrorist Financing Measures and officially “greylist” South Africa. The FATF sets out a comprehensive framework that countries should strive towards to combat money laundering and terrorist financing. South Africa aims to be removed from the greylist by implementing its legal framework for combating money laundering more effectively. Although not yet confirmed at the time, greylisting was explicitly mentioned as the trigger for certain proposed amendments to FICA in 2022. This new directive seems to be one of the actions taken to assist South Africa in overcoming its greylisting.
In Public Compliance Communication 55 (PCC 55), the FIC advised the public on mechanisms to abide by Directive 8. Such mechanisms include:
Screening for competence must entail determining whether an employee has the necessary skills, knowledge and expertise to perform their function effectively and includes scrutinising, amongst other information, the employee’s previous employment history, employment references, qualifications and relevant accreditations.
Screening for integrity involves scrutinizing the morality and integrity of the employee, which may include considering criminal records (with a particular emphasis on crimes involving an element of dishonesty) and financial crimes. The FIC emphasised that such screening should be more stringent in respect of employees that pose a greater risk of money laundering, terrorist financing and proliferation financing (including senior management and certain other categories of employees).
Risk-based approach to screening
In Directive 8 and PCC 55, the FIC emphasizes a risk-based approach to the screening of employee information. This involves a proportionality exercise in which an employer is required to balance the risk of a particular employee/category of employees (from a money laundering, terrorist financing and proliferation financing perspective) with the measures taken, detail and frequency of employee screenings (with high-risk employees being screened in greater depth and more often than low-risk employees).
Sanctions and Penalties
Accountable institutions that fail to uphold the directive may be subject to administrative sanctions in terms of Section 45C of FICA. These sanctions vary and could take the form of a caution, reprimand, directive to take remedial action, restriction on business activities or financial penalty not exceeding ZAR 10 million in respect of natural persons and not exceeding ZAR 50 million in the case of legal persons such as companies.
Other legislative considerations
PCC 55 explicitly states that these mechanisms and Directive 8 must be applied in compliance with applicable South African labour laws. Additionally, when conducting such screenings, employers must abide by the provisions of the Protection of Personal Information Act, which adds further considerations when contracting with third parties that process personal data (such as outsourced background checks), evaluations of security measures to store personal data, mandatory notifications and obtaining of consent.
Impact on employers
PCC 55 obliges accountable institutions to perform screening for competence and integrity and targeted financial sanctions (following the risk-based approach). At the time Directive 8 was gazetted on 31 March 2023, and without giving specific timelines for enforcement, PCC 55 stipulated that screenings should begin as soon as possible.