Following the high profile court case between previous Finance Minister, Pravin Gordhan, and Gupta-owned companies in 2017, the Financial Intelligence Centre (FIC) received widespread media attention. In his court application, Gordhan included a list of numerous suspicious transaction reports from the FIC which were linked to Gupta-owned companies.
The reason the FIC was able to possess such information, is due to the Financial Intelligence Centre Act 38 which has been in existence since 2001, and mandates all accountable institutions to submit three different kinds of reports where applicable:
- Cash Threshold Reports
- Suspicious Transaction Reports
- Terrorist Property Reports
A Suspicious Transaction Report is defined by any transactions which raise suspicion and which are outside of normal legal business practices. Details of these transactions are required to be reported to the FIC within 15 days.
So is the FIC Act only applicable to Banks? No, there is a list of around 20 types of accountable institutions which are required to report to the FIC. These include long term insurers, trust companies, unit trust management companies and investment brokers.
In the past, government agencies were responsible for investigating and reporting suspicious transactions, but now it is expected that companies be the forerunners in fighting and combatting fraud and crime. Although this has many benefits, businesses affected by this will be expected to spend more money in order to adhere to FIC legislation.
“It seems many corporates are behind the curve in terms of the creation of automated processes in order to report transactions effortlessly to the FIC”, says Geoff Brien, a Principal Consultant at Saratoga specialising in anti-money laundering. “Many smaller companies can get away with manually analysing and reporting transactions, but it becomes very costly to hire enough personnel to meet legislation when dealing with millions of rows of data, if these automated processes are not in place. The added benefits of automation include detailed audit trails, deadline driven operational alerts, as well as easily accessible Management Information Reporting”.
Implementing an automated solution is extremely complex, and requires knowledge of source data systems, business and product configurations and data analytics. Brien explains that the biggest challenge in creating this process is the quality and accessibility of the source data. “It is no use trying to create the perfect automated process if the input data is incomplete and of poor quality”.
There are many advantages in actually creating a dedicated Data Mart relating to customers and their transactional activities, specifically for use in fraud analytics and reporting. “Often you will find that business value can be extracted as a side effect of focusing on compliance and legislation”, says Brien.
One of the best ways to get a clear picture of a company’s customer profiles and transactions, is to implement a Risk based approach. Using this methodology, as much source data as possible is gathered relating to customers and their transactional behaviour, in order to classify the customer into the relevant risk bracket. Risk rating matrixes are used to assign different weightings of risk to the customer, using data such as their Occupation, Location, Nationality and so forth. Sanctions screening of clients is also a very important part of any risk based process, and can instantly alert a company to a client who they should either not be dealing with, or who poses substantial reputational risk.
Unfortunately one of the results of automated detection processes are the high number of alerts created as well as the number of false positives. It is therefore imperative that constant tweaking of algorithms and configurable thresholds is carried out, in order to find a balance between complying with legislation and reducing the amount of time taken to investigate the output results.
The evolving methods of organised crime is another crucial reason why companies have to constantly update their strategies and detection algorithms in order to remain relevant. In most cases, fraudsters will continue to exploit the modus operandi which has been successful for them, until that loophole has been discovered and action taken to prevent it from happening in the future. Unfortunately, this leads the fraudster into implementing new methods and strategies, prompting businesses to constantly and proactively guard against this.
While the cost of compliance in today’s landscape is very high, the cost of non-compliance with multi-million Rand fines being imposed is even higher. "Companies may think they are saving money by not spending large amounts of money on automating these processes, but they may find themselves
spending much more on penalties if they fail their audit checks", says Brien.