KYC is s legal requirement.
Section 20A of the FIC Act prohibits an accountable institution from establishing a business relationship or concluding a single transaction with an anonymous client or a client with an apparent false or fictitious name.
You therefore need to establish (obtain) and verify (validate) a client’s identity and complete a client due diligence either before or during the time that they start doing business with you. Most customers have footprints everywhere and the ability to stitch these information together can be very useful when determining whether or not an individual is involved in a financial crime.
KYC evaluation starts when you welcome a new client into your business.
In your on boarding process, you should obtain consent from the client to verify information using a third party data sources. To comply with the Protection of Personal Information Act, 2013, a client needs to be aware of this and/or give consent for you to obtain this information.
Once this basic data is collected, compare it to lists of individuals that are known for corruption, on a list of sanctions, suspected of being involved with a crime and a lists of Prominent Influential Person, or PIPs.
From there, one can identify how much of a risk the customer appears to be and how likely they are to become involved in corrupt or illegal activity.
The key aim of Sections 21C, 21D and 21E is to ensure that accountable institutions identify any activities of clients which are inconsistent with the knowledge of the client or the purpose of the business relationship. If large transactions are concluded in a suspicious manner, the accountable institution needs to assess these transactions and report a suspicion of money laundering or terrorist funding to the Financial Intelligence Centre. Should an accountable institution not be able to conduct ongoing due diligence, it should consider making a report to the Financial Intelligence Centre.
Section 21.1 & 21.2 places an responsibility on all accountable and/or reporting institutions to carry out a proper client due diligence on all clients, new and existing, and the identity of third party acting on behalf of the client.
The consequences of Non-compliance
Administrative sanctions may take many forms – including, a caution, a reprimand and/or restricting the business activities of the institution and/or a financial penalty of up to R100 million- or 15-years imprisonment per instance of non-compliance.