Directive 8 Compliance

Directive 8 Compliance for Accountable Institutions.

02 August 2023
5 min read
Sybrin

In our previous blog, we explored Directive 8 of 2023 from the Financial Intelligence Centre (FIC) in their effort to alleviate South Africa's recent greylisting status by the Financial Action Task Force (FATF).

In this edition, we will focus on what steps the accountable institutions, such as financial service providers, estate agents, and attorneys operating in South Africa need to take in order to meet the requirements of this new directive as well as some gaps we have identified where certain shortfalls and oversights may exist in their efforts to comply.

read insight
  1. Risk-Based Approach.

    Organisations need to adopt a risk-based approach so they can tailor their screening processes according to the level of risk associated with specific employee roles, facilitating the identification, assessment, monitoring, mitigation, and management of Money Laundering (ML), Terrorist Financing (TF), or Proliferation Financing (PF) risks.

    Recognising that not all employees pose the same level ML, TF, or PF risk, Directive 8 highlights the importance of proportionate screening. Accountable institutions must assess the risk level of each employee's role and apply the screening accordingly. When a higher risk is identified based on the employee's role, the institution should conduct more rigorous competence and integrity screening to mitigate potential risks effectively.

  2. Times.

    Directive 8 mandates that prospective employees undergo competence and integrity screening before their appointment, ensuring a pre-emptive approach to risk management. Moreover, the directive emphasises that screening should be an ongoing process, referred to as "periodically." This means that employee information should be continuously scrutinised throughout their tenure.

  3. Frequency.

    To further strengthen risk management, the directive advises a differentiated screening frequency based on the risk-level associated with each role. For employees in higher risk roles, competence and integrity screening should be conducted annually as a minimum requirement. Medium and lower risk roles may undergo screening every 3 and 5 years, respectively.

  4. Roles.

    The directive identifies certain employee roles that present a heightened ML/TF/PF risk. These roles include senior management, committee members involved in approving business relationships or single transactions with high-risk clients, and employees with decision-making authority affecting the institution's AML/CTF/CPF regime. Such individuals should be subject to more frequent scrutiny.

  5. Competence.

    Assessing an employee's skills and expertise is crucial in mitigating financial risks. Companies can tailor their competence screening based on their risk-based approach. This may include reviewing previous employment history, references, qualifications, and relevant accreditations. To maintain a record of these assessments, evidence should be stored in employee personnel files.

  6. Integrity.

    Integrity is paramount in safeguarding against financial crimes. Accountable institutions can determine an employee's integrity by checking for any criminal record related to financial crimes, dishonesty, or money laundering. Additionally, examining past roles in relation to AML/CTF/CPF compliance and potential links to high-risk individuals or regions can provide valuable insights.

  7. TFS List.

    To ensure comprehensive risk mitigation, companies must screen all prospective employees against the Targeted Financial Sanctions (TFS) list before their appointment and whenever updates are made. This practice applies to all employees, regardless of their perceived risk level.

  8. Sanctions and Penalties.

    The FIC may impose sanctions on accountable institutions which fail to comply with FICA, including an order to take remedial action, suspension on business activities and/or financial penalties of up to R50 million. Compliance with FICA and its regulations and directives is therefore essential.

  9. Shortfalls.

    Through engaging with a number of our customers, we have identified some gaps in the current employee screening processes adopted by many organisations. These include:

    Inadequate Continual Monitoring

    The directive stipulates a minimum annual review, while the sanctions list is updated daily.

    Manual and Unscheduled Processes

    Often, employee screening is not automated or scheduled, resulting in inefficiencies.

    Inadequate Record Keeping

    Proper documentation and record-keeping of results and remediation actions are often lacking, hindering effective risk management.

Sybrin's Solution.

Sybrin has developed a comprehensive solution designed to address these challenges. We have both a Software-as-a-Service (SaaS) or a Platform solution to suit our customers' needs.

Our system enables secure and periodic screening of all employees against the sanctions list. By implementing our solution, you can effortlessly obtain reports, effectively manage risk and compliance, and even conduct extended due diligence for high-risk employees.

  1. Screening. Flagging. Alerting.

    Sybrin Screening Services are sets of pre-built API integrations to various RegTech Data Sources. The solution can use the default integration, integrations that exists for most standard sources, or custom integrations can be built to better suit the solution requirements. Our Screening Services involve checking if someone is a Politically Exposed Person (PEP), appears on any international watchlists, or if there are any existing sanctions against this individual. The default integration also returns a rich set of adverse media results.

    PIP / PEP Adverse Media Sanctions / Watchlists Financial Regulatory and Law Enforcement (Where Available)

  2. Data-Driven Decision Making.

    We provide a logical and easy-to-use interface that supports the KYC process, including alerts, correspondence, and reporting. All steps are automated as much as possible with customer adjusted workflows, rules, and reminders. It can be integrated with the customer's systems for a 360° view and improved data for enhanced decision-making.

  3. Compliance. Efficiency. Security.

    Our intelligent process automation and intelligent data extraction capabilities are what drives the speed and efficiency of our classification extraction and validation services for KYC documents and related validations. Intelligent Identity Card Processing is just one example of what we automate.

    With our platform, you can easily configure your rules, schedule screenings, maintain comprehensive records, and track any necessary remediation actions.

Solution Overview
Input

Ingest Employees / Request

Mobile App
Web Portal
File Imports
API Integration
Process

Golden Sources and Lookups

Screening Providers (Acuris, TFS)
Employee and Internal Databases
Contract / Tender / Supplier Documents and Databases
Lifestyle Audit Reports

Sybrin Due Diligence Engine

Service Orchestration
Decision Rule Engine
Manager Verification
Enhanced Due Diligence
Approval
Output

Sybrin APIs

Mobile App
Web Portal
Output to SFTP
External API

Features

Scan / Upload Documents
Verify Documents
Audit Trails (Status)
SLA and Reminders
Dashboards and Reports
Digital Signature
Intelligent Document Processing (OCR)
SMS / Email Templates
Authentication
External Communication

If you would like more detailed insights into Directive 8 or a demonstration on how our platform can enable you to achieve compliance more efficiently, please contact us via our website, contact sales@sybrin.com or view our comprehensive identity and onboarding framework for more clarity.