The boxing gloves are on! Since the commencement of POPIA (“Protection of Personal Information Act”) on 01 July 2021, individuals and companies on occasion find themselves at conflict when attempting to gather personal information.
While these two pieces of legislation appear to be on different ends of the compliance stick, the fundamental purpose of FICA (“Financial Intelligence Centre Act”) and POPIA is the identification and verification of personal information belonging to an individual or entity and how one stores or processes this personal information. Ultimately, non-compliance with FICA and/or POPIA will result in a penalty or fine.
An accountable institution in terms of FICA, has numerous responsibilities and duties that must be complied with.
When confronted with someone who uses POPIA to shield them from providing you with the information you require in order to fulfil your FICA obligations, which includes identifying, keeping records, and reporting suspicious clients and/or prospective clients to the Financial Intelligence Center, how does one find the balance?
POPIA does not prohibit any of those actions and merely places an obligation on the person or entity identifying, recording, and reporting to ensure that this process maintains a high standard of protection from any potential harm or damage.
POPIA and FICA should not be seen as competing with each other, but rather that these two pieces of legislation are working side-by-side for the same purpose, which is protecting the law-abiding citizen of South Africa.