The FIC has issued a directive requiring accountable institutions to screen employees to help manage the risks of illegal activities, but this screening also has to comply with employment laws.
In the wake of South Africa's greylisting by the Financial Action Task Force, the Financial Intelligence Centre (FIC) issued a directive in terms of section 43A(1) of the Financial Intelligence Centre Act (FIC Act) on 31 March 2023 (the directive). It requires accountable institutions to screen prospective and current employees for competence and integrity to help identify, assess, monitor, mitigate, and manage the risks associated with illegal activities related to money laundering, terrorist financing, and proliferation financing. A full list of entities deemed to be accountable institutions is set out in Schedule 1 of the FIC Act.
Various employment law considerations may arise in implementing this directive.
The directive became effective from 31 March 2023 and applies to all accountable institutions governed by the FIC Act. One of the requirements is for these institutions to periodically screen their employees in a risk-based manner. The frequency and degree of the screening will depend on the level of risk associated with the employee's position or role within the organisation. For instance, employees in high-risk roles, such as compliance officers, will be subject to more frequent and intensive scrutiny than employees in low-risk roles such as receptionists.
Apart from screening for competence and integrity, accountable institutions must also scrutinise employee information against targeted financial sanctions lists to ensure that employees are not involved in any prohibited financial activities. The FIC will provide institutions with a list of individuals prohibited from conducting certain financial transactions due to their involvement in illegal activities.
Accountable institutions have to record how this screening will be conducted, as part of their risk management and compliance programme, which is critical as it ensures that the screening process is transparent. Records have to be maintained for regulatory purposes, such as responding to FIC or supervisory body requests for information.
Failure to comply with the directive exposes accountable institutions to administrative sanctions in terms of section 45C of the FIC Act. These sanctions may include fines, reprimands, directives, and suspension or withdrawal of registration or licence. Non-compliance may also result in further action by the FIC or court-imposed penalties, depending on the nature and extent of the non-compliance and potential harm or risk posed.
Accountable institutions must ensure that measures adopted to comply with the directive also comply with legal considerations governing the employment relationship. For example, employers must ensure that:
- screening does not fall foul of anti-discrimination requirements in terms of the Employment Equity Act;
- the process of screening and scrutinising information for employee involvement in illegal activities does not contravene the right to privacy, particularly as the Protection of Personal Information Act (POPI Act) classifies details of criminal behaviour, among other information, as special personal information. Employers are prohibited from processing that information unless employee consent has been obtained or if legal necessity requires it; and
- a fair procedure is followed in dealing with any adverse findings.
To comply with the FIC directive on employee screening and scrutiny, accountable institutions will require tailored solutions that analyse the workforce profile and the nature of the institution's business activities. Accountable institutions must have a keen understanding of the regulatory framework governing the employment relationship to implement the procedures and protocols necessary for compliance.
To assess whether an organisation falls within the ambit of an accountable institution, read the Webber Wentzel alert on the topic here.