by Sandiso Dhlomo, Associate and Nhlonipho Mthembu, Candidate Attorney reviewed by Tracy Lee Janse van Rensburg

On 14 March 2025, the Financial Intelligence Centre (“FIC“) published Draft Directive 3A (“DD 3A“) and Draft Public Compliance Communication 50A (“DPCC 50A“) in terms of the Financial Intelligence Centre Act, 38 of 2001 (the “FICA“), for purposes of consultation and public comment. DD 3A and DPCC 50A purport to amend Directive 3 and Public Compliance Communication 50 (“PCC 50“) previously published by the FIC. DD 3A sets out the procedure to be followed by all accountable institutions and any other person obligated to report to the FIC (“Reporting Institutions“) should a reporting failure occur or a defective report be submitted. DPCC 50A prescribes measures for Reporting Institutions to mitigate the loss of intelligence data by the FIC due to reporting failures by a Reporting Institution, including due to defective reports. This article will explore the purpose of and practical effect that both DD 3A and DPCC 50A will have on Reporting Institutions once they are in effect.

It is essential that DD 3A and DPCC 50A be read in conjunction as the two publications speak to one another.

To understand the purpose behind DD 3A and DPCC 50A, we have to remind ourselves of the fundamental obligations and objectives of the FIC. In terms of section 3(1) of the FICA, the principal obligation of the FIC is to tackle activities related to money laundering (“ML“), terrorist financing (“TF“) and proliferation financing (“PF“). To achieve its objectives, the FIC requires Reporting Institutions to be astute in identifying ML, TF and PF activities as well to be fastidious in filing reports to the FIC where they are required to do so.

DD 3A requires Reporting Institutions to notify the FIC of any failure to file a report and thereafter to remedy such failure. For purposes of DD 3A, the FIC obtains information from Reporting Institutions in the form of reports which are filed with it in accordance with sections 28 (which relates to cash threshold reporting), 28A (which relates to terrorist property reporting), 29 (which relates to suspicious and unusual transaction reporting) and the newly added 31 (which relates to international funds transfer reporting (“IFTR“)). In discharging its obligations, the FIC must analyse and interpret information as well as to store such information for the requisite period, upon receipt of reports filed with it. When Reporting Institutions fail to submit the requisite reports to the FIC, the FIC loses intelligence data required to achieve its objectives.

Directive 3 came into effect on 12 September 2014, whilst sections 31 and 56 of the FICA came into effect on 1 February 2023. DD 3A proposes to amend Directive 3 so as to include the obligation, on the part of a Reporting Institution, to notify the FIC of any failure to submit an IFTR or submitting an IFTR that is considered defective by the FIC, as well as to require Reporting Institutions to remedy any such failure or deficiency, as the case may be. Moreover, DD 3A includes a reference to PF which had been omitted from Directive 3.

Upon a Reporting Institution becoming aware of a failure to report to the FIC, it must mitigate the loss of intelligence data by, inter alia –

1. reporting such failure to the Executive Manager, Compliance and Prevention of the FIC, in writing, as soon as the Reporting Institution becomes aware of the failure; and
2. requesting a meeting with the FIC to discuss any mitigating factor(s).

It is noteworthy that the aforementioned arrangements for mitigating lost intelligence as a result of a failure to report does not absolve a Reporting Institution of its ongoing reporting obligations under the FICA or prevent enforcement action from being taken against such Reporting Institution by a supervisory body.

Similar to Directive 3, PCC 50 (published on 31 March 2021) came into effect before sections 31 and 56 of the FICA. DPPC 50A proposes to amend PCC 50 to include, inter alia, IFTRs. DPCC 50A offers guidance to Reporting Institutions and sets out various measures aimed at mitigating lost intelligence data due to reporting failures or defective reporting. A defective report is one that has been rejected by the FIC due to problems relating to its validation or a report in which the data given is inaccurate or outright false.

CONCLUSION

With the deadline for public comment on the DD 3A and the DPCC 50A having closed on 21 March 2025, it is expected that the final publications will be published in the not too distant future. Both publications are a welcome update as they address a major lacuna in the FICA regulations, aid the FIC in fulfilling its obligations and fortify anti‑ML, TF and PF laws of South Africa. Reporting Institutions are advised to remain cognisant of their reporting obligations in terms of DD 3A and the available mitigation measures contained in DPCC 50A to continuously fulfil their obligations and avoid any enforcement action by supervisory bodies such as administrative fines and/or undesirable reputational damage.