New beneficial ownership regulations address South Africa’s AML grey listing

Jurisdictions on the grey list are subject to increased monitoring and work actively with FATF to address strategic deficiencies in their regimes within agreed timeframes. State capture, a lack of efficient and adequately resourced law enforcement, inadequate record-keeping and South Africa’s regime of monitoring beneficial ownership (BO) were identified as factors contributing to South Africa’s grey listing.

Prior to being officially grey listed, and in an effort to address the concerns raised by FATF, the South African parliament passed two key amendment acts in 2022 which were aimed at strengthening its institutions. The two amendments acts are the 2022 General Laws (Anti-Money Laundering and the Combating the Financing of Terrorism) Amendment Act, and the 2022 Protection of Constitutional Democracy Against Terrorism and Related Activities Amendment Act. The AML and CFT Amendment Act amended various pieces of legislation including the 2008 Companies Act, the 1998 Trust Property Control Act and the 2017 Financial Sector Regulation Act.

One of the eight areas of deficiencies identified by the FATF is the challenges law enforcement authorities face in timeously accessing accurate and updated BO information of natural persons who ultimately own or exercise effective control over companies. This ultimately hinders the effective investigation of money laundering and terrorist financing, as well as other related crimes like corruption.

The Companies and Intellectual Property Commission

The Companies and Intellectual Property Commission (CIPC) is essentially the regulator of companies in South Africa. While it retains certain centralised records of companies – including the details of directors – it does not maintain a record of who the shareholders of companies are, nor does it maintain a central record of BOs. As a result, shareholder information is generally not publicly available in South Africa. It is also not centrally available to the CIPC and any other regulators or law enforcement bodies.

New powers for CIPC to collect information

The AML and CFT Amendment Act introduce a new definition of “beneficial owner” and amend the Companies Act to mandate the CIPC to request companies to provide up-to-date BO information in order to create a central record of who owns companies in South Africa. This mandate is intended to deal with the FATF recommendation that the CIPC should be permitted to collect BO information for companies.

The BO register will serve a key role in promoting transparency and identifying potentially illicit schemes. It will assist in providing law enforcement with relevant information for investigations of who ultimately owns companies and mitigate the risks identified by the FATF, which found that companies were identified as a means prone to abuse for money laundering and terror financing activities.

BO requirements for South African companies

Section 33 of the Companies Act requires that all companies, when filing annual returns, must include a copy of their section 50 securities register. They must also provide a copy of the register disclosing the beneficial interest held in the company in terms of section 56 of the Companies Act. Section 50 of the Companies Act requires companies which are not “affected companies” to record and update BO information within a securities register.

Section 56 goes one step further, requiring “affected companies” to establish and maintain a register of the persons who hold beneficial interests equal to, or in excess of, 5% of the total number of securities of a particular class of securities. All of the BO information now required in terms of sections 33, 50 and 56 is to be filed with the CIPC. An “affected company” is defined as: “A company regulated as set out in section 117(1)(i) and a private company that is controlled by or a subsidiary of a regulated company as a result of any circumstances contemplated in section 2(2)(a) or 3(1)(a).”

Section 117(1)(i) of the Companies Act refers to a regulated company in terms of section 118(1) and (2) of the Companies Act. Section 118 stipulates that a regulated company includes public companies, state owned companies which have not been exempted under section 9, and private companies where more than 10% of issued securities have been transferred within the previous 24 months, or a private company’s memorandum of incorporation stipulates that it is to comply with Part C of the Companies Act and the Take Over Regulations.

A “beneficial owner” is defined as a natural person who, directly or indirectly, owns 5% or more of a company, or who exercises effective control over the company. Importantly, this definition makes it clear that a company or a trust cannot be regarded as a beneficial owner. In order to ensure compliance, companies have six months from 1 April 2023 to file their BO information. Failure to provide the required information may result in an administrative fine which is not to exceed the greater of 10% of the companies’ turnover during the non-compliance period and R1 million.

The person who files such information with the CIPC must have a valid, written mandate from the company authorising them to file the information. Along with the BO information, the following is required when filing with CIPC:

• the mandate of the filer;
• the companies’ security register;
• certified copies of the beneficial owners’ identification documents;
• certified copies of the beneficial owners’ passports; and
• any other supporting documentation as requested by the CIPC.

Any changes to a company’s BO register need to be filed with CIPC within five days of the changes coming into effect.

These new requirements are anticipated to create a significant company secretarial burden on companies and failure to comply could have serious consequences. Companies should ensure that they comply with the initial obligation to file the information before the end of September 2023 and that they also comply with their ongoing obligations. Should a company be unsure of what is required, legal advice and support should be obtained.

In addition to imposing an obligation on the CIPC to maintain a BO register, the AML and CFT Amendment Act also requires the Masters Office to maintain a BO register for trusts and directors of registered non-profit organisations (NPOs) to keep a register of prescribed information about the office-bearers, control structure, governance, management, administration and operations of the registered NPO. While the creation of the additional registers mentioned above has a sound rationale, in practice, a single national repository of such information may well have proved more efficient than parallel systems.

Access to BO information

At this stage only the CIPC itself, law enforcement and “competent authorities” will be able to access BO information. The information will not be publicly available. While law enforcement plays a key role in investigating and dealing with potential money laundering, terrorist financing and corruption, private companies play an equally important role and are often under legal obligations to conduct due diligence on companies.

The CIPC itself has provided guidance on what a corporate compliance programme should entail in Guideline 1 of 2018. In this guideline, the CIPC has indicated that a corporate compliance programme should include due diligence and that: “The company should know who they are doing business with, and ensure that business relationships are transparent and ethical.” If companies could access the BO register it would make it a lot easier for them to “know who they are doing business with”, and it seems like limiting access to law enforcement and so-called “competent authorities” is a missed opportunity to enhance the ability of private companies to implement effective due diligence.

Even though the register is not publicly accessible, the public can still gain access to the shareholder registers of companies by relying on section 26 of the Companies Act. Under this section, anyone can ask a company for access to its shareholder register and access cannot be refused unless there are compelling reasons for the refusal. While this provides a route for companies to know who they are dealing with, the process is cumbersome and having access to the CIPC register could present a simpler route.

Although there are challenges in mandating such disclosures – especially from an administrative and costs perspective – within the context of state tenders, inefficient methods to combat corruption and deteriorating trust in South Africa’s commercial environment, the introduction of the BO register is a welcomed addition. South African companies should ensure that they make the necessary submissions to the CIPC before the end of September 2023 and that they keep this information up to date. A failure to do so could result in significant fines. It remains to be seen whether the current policy position will change to allow wider access to the information, particularly during due diligence being done by private companies.

Co-Written by Marlene Murphy, Vishana Mangalparsad and Kyle Melville of Pinsent Masons.