Protect your real estate business from being exploited by criminals

People looking to profit from their criminal activities often seek to disguise the source and ownership of illicit proceeds through the real estate sector. Property practitioners should be vigilant about their exposure to possible money-laundering activities that could put their businesses at risk or damage their reputation. 

To help safeguard against potential exploitation, those in the real estate sector must develop a clear understanding of the risks they face and put in place mitigating measures. This forms part of a risk-based approach to combating money-laundering.

Certain property practitioners are listed in the Financial Intelligence Centre (FIC) Act as an accountable institution; FIC’s Public Compliance Communication (PCC) 56 provides further guidance in this regard. 

Such property practitioners are required to identify, assess, monitor, mitigate and manage the risk that their products or services may be abused by criminals for the purpose of money-laundering (ML), terrorist financing (TF) or proliferation financing (PF).

In light of this, property practitioners must develop, document, maintain and implement a risk management and compliance programme (RMCP) in terms of section 42 of the FIC Act.

An RMCP is a written document, which explains the manner and processes by which the institution implements and complies with its FIC Act obligations, and how they manage their ML, TF and PF risks.

Guidance on drafting of RMCPs is offered in the FIC’s PCC 53, which will be updated in line with the recent amendments as set out in the General Law (Anti-Money Laundering and Combatting Terrorism Financing) Amendment Act, 2022. 

Identifying ML, TF and PF risks

As a first step in developing an RMCP, property practitioners must conduct risk assessments to identify and understand existing and emerging ML, TF and PF risks specific to their business, products, services and clients. 

A client-level risk matrix could serve as a tool for the assessment of several risk indicators in relation to a business relationship or single transaction with a client.

The RMCP must document how the accountable institution risk rates the various factors and the method of determining the overall risk ratings. The monitoring, mitigating and management controls that must be applied to the different risk ratings must be clearly articulated. 

In 2019, the FIC conducted a risk assessment of the inherent ML and TF risks affecting the real estate sector in SA. This sector risk assessment can assist property practitioners in understanding industry-level risk. 

Customer due diligence

Property practitioners must include customer due diligence (CDD) processes in their RMCPs. This includes conducting CDD on the different types of clients, beneficial owners, people acting on behalf of clients and other people.

Enhanced due diligence must be applied where a high-risk business relationship or single transaction has been identified. If an accountable institution reasonably believes that, in performing ongoing due diligence (ODD), it would tip off the client when a suspicious and unusual transaction report (STR) will be made, it may discontinue the ODD process. The institution should consider filing an STR with the FIC.

Targeted financial sanctions

Accountable institutions should note the changes to SA’s targeted financial sanctions (TFS) regime. Previously this meant that accountable institutions had to scrutinise two sets of lists. As a result of the repeal, accountable institutions are now only required to search client information against the comprehensive TFS list on the FIC website.

Accountable institutions must outline the process for scrutinising client information when onboarding them, and processing transactions in the RMCP. Where a person is listed on the TFS list, the accountable institution may not provide services to that person. 

Account transaction or activity monitoring

Accountable institutions must include in their RMCP, their processes for monitoring transaction activity to determine whether the client’s activity is consistent with their business and risk profile.

The RMCP should include the way in which an institution will examine complex and unusually large transactions and unusual patterns of transactions which have no apparent business or lawful purpose, as well as the process to keep written findings of their decisions in this regard.

Reporting controls

The institution should include the reporting process in its RMCP. This must set out:

• The end-to-end internal process for identifying possible reportable transactions in terms of cash threshold reports, suspicious and unusual transaction reports, and terrorist property reports;
• Who must submit the report, and the periods within which the reports must be submitted to the FIC; 
• The process in place to deal with section 27, section 32 and section 34 requests and section 35 monitoring orders in terms of the FIC Act; and 
• A clear instruction of no tipping off and the non-disclosure of reports to other people as per section 53 of the FIC Act.

Further information on the different types of reports can be found in the Guidance Notes 5C, 4B and 6A on the FIC website.

Record-keeping controls

An institution must document its record-keeping process in the RMCP. This process should clearly indicate records access and confidentiality controls. 

Property practitioners should be prepared to amend and update their RMCP as it is a living document, which may change depending on new or evolving risks identified through their risk assessments.

For more information and guidance, refer to the FIC website for various guidance notes and PCCs. Alternatively, contact the FIC’s compliance contact centre on 012-641-6000 or log an online compliance query on the FIC website.

This article was sponsored by the Financial Intelligence Centre.