QUESTION 1
1. Identify five risks applicable in this case and provide a reason for each.
The following risks are identified based on Standard Bank’s non-compliance as reported by
the Prudential Authority (Pillay, 2025):
Compliance / Legal Risk – The bank failed to comply with section 21C of the FIC Act by not
conducting ongoing due diligence on two clients in 2018 and 2019. This exposes the bank to
regulatory sanctions and legal penalties (RSK4804, Study Guide, 2020, p. 3).
Reason: Non-compliance with statutory obligations directly attracts regulatory fines and
legal action.
Operational Risk – The bank failed to timeously report 1,466 cash transaction reports and
17,259 suspicious transaction reports (STRs) to the Financial Intelligence Centre. Delays in
automated monitoring system alerts (75,729 alerts not attended to within 48 hours) indicate
system or process failures (Colquitt, 2007, p. 41).
Reason: Inefficient internal processes and system failures led to delays in critical reporting
obligations.
Reputational Risk – Public disclosure of a R13 million fine and multiple compliance failures
can damage the bank’s standing with clients, investors, and regulators.
Reason: Negative publicity regarding non-compliance erodes stakeholder confidence and
trust in the bank’s governance (RSK4804, Study Guide, 2020, p. 3).
Record-keeping Risk – The bank failed to keep records of the dates on which 43 suspicious
transaction reports (STRs) were submitted to the FIC, contravening section 23(c) of the FIC
Act.
Reason: Inadequate documentation and data retention increase the risk of audit failures and
regulatory sanctions (Pillay, 2025).
Monitoring and Control Risk – A total of 94,558 STR/SAR alerts were closed beyond the
15-day reporting period, and 75,729 automated alerts were not attended to within 48 hours,
showing weak internal control over transaction monitoring.
Reason: Deficient monitoring systems and failure to adhere to prescribed timelines indicate
weak internal control mechanisms (Colquitt, 2007, p. 42).