Draft Guidance Note 7B: Sharper Focus On Proliferation Financing, Risk Assessment And Due Diligence

The Financial Intelligence Centre (“FIC”) has issued draft Guidance Note 7B for consultation, marking an important update to the current Revised Guidance Note 7A framework. While draft Guidance Note 7B does not rewrite the risk-based approach under the Financial Intelligence Centre Act, 2001 (FICA”), it refines it in ways that accountable institutions should not ignore. In particular, it integrates proliferation financing more explicitly into the guidance, clarifies aspects of risk assessment and systems and controls, and tightens the position when simplified due diligence may not be appropriate.

At a high level, the most obvious change from Revised Guidance Note 7A is linguistic and conceptual expansion. Revised Guidance Note 7A focused on money laundering and terrorist financing risk. Draft Guidance Note 7B updates that framework so that references throughout Chapter 1 now consistently include proliferation financing, with the guidance speaking in terms of money laundering, terrorist financing and proliferation financing (“ML/TF/PF”) risks and risk management. Draft Guidance Note 7B also introduces a dedicated paragraph describing what proliferation financing is and recasts the broader risk framework accordingly. This is a substantive change. It reinforces that accountable institutions should no longer treat proliferation financing as an implied or peripheral consideration within AML/CFT controls, but as an express component of their risk methodology.

The draft also sharpens expectations around risk assessment. Revised Guidance Note 7A already required accountable institutions to identify and assess risk factors and to describe the sources of information and processes for considering those indicators in the institution’s Risk Management and Compliance Programme (“RMCP”). Draft Guidance Note 7B retains that structure but inserts paragraph 37A. That paragraph expressly states that accountable institutions should identify and assess the ML/TF/PF risks posed by new products, new business practices, new delivery mechanisms and the use of new or developing technologies for both new and pre-existing products. This assessment should be reflected in the institution’s risk assessment processes and RMCP. That is a meaningful clarification, especially for institutions operating in sectors where digital onboarding, platform models, automation or newer payment tools continue to evolve.

There is also a more pointed clarification on systems and controls and the use of simplified due diligence. Revised Guidance Note 7A explained that simplified due diligence may be applied where risks are assessed as lower, and enhanced due diligence where risks are higher. Draft Guidance Note 7B preserves that framework but adds paragraph 58A, which states expressly that simplified due diligence includes a basic level of identification and verification applied in low-risk scenarios, and that accountable institutions must not apply simplified due diligence where there is a suspicion of money laundering, terrorist financing or proliferation financing. In those circumstances, the relationship or transaction automatically poses a high risk, enhanced due diligence must be conducted, and a section 29 report must be filed. This is a useful tightening of the line and removes any residual room for institutions to treat suspicion and simplified measures as capable of co-existing.

So, are there new obligations on accountable institutions? In strict terms, draft Guidance Note 7B is more clarificatory than revolutionary. It does not create a wholly new compliance regime. But in practical terms, it raises the standard in some areas by making the FIC’s expectations more explicit. Institutions will be expected to demonstrate that proliferation financing risk is built into their risk frameworks, that new products and technologies are specifically assessed for ML/TF/PF risk, and that simplified due diligence is not applied where suspicion exists. Because FIC guidance is authoritative in nature and must be taken into account in assessing compliance, these clarifications matter operationally even if they do not impose new statutory obligations.

There is a further reason to prioritise RMCP review. Draft Guidance Note 7B’s chapter on RMCPs underscores that inadequate RMCP documentation may constitute non-compliance and may expose not only the institution but also its board, senior management or highest authority to sanction risk. That emphasis, read together with the tighter Chapter 1 wording, suggests that accountable institutions should view draft Guidance Note 7B as a prompt to test whether their existing RMCPs and risk methodologies remain fit for purpose.

Must accountable institutions update their RMCPs? In many cases, yes. If an RMCP currently reflects only money laundering and terrorist financing risk language, does not expressly address proliferation financing, does not describe how the institution assesses new products, delivery mechanisms or technologies, or does not clearly deal with the limits of simplified due diligence, then it would be prudent to revisit it. Draft Guidance Note 7B repeatedly links these themes back to the RMCP. It states that the sources of information on risk indicators and the processes for considering them should be described in the RMCP, that assessments of new products and technologies should be reflected in the institution’s risk assessment processes and RMCP, and that the systems and controls by which an institution manages risk and calibrates due diligence levels must be documented in the RMCP.

Comments on paragraphs 7A, 37A, 40A and 58A of draft Guidance Note 7B are due by close of business on Friday, 26 June 2026. For accountable institutions, this consultation window is therefore not only an opportunity to comment on the draft, but also to assess whether current documentation, onboarding frameworks, product governance and due diligence protocols already align with the direction of travel.

In practice, many institutions may benefit from a targeted gap assessment against Revised Guidance Note 7A and draft Guidance Note 7B, particularly to identify whether RMCP updates, policy amendments, client due diligence refinements or product-risk documentation will be needed.

We assist clients with reviewing RMCPs, mapping the changes between the current and draft guidance, preparing consultation comments where appropriate and identifying practical implementation steps if the draft is finalised in materially similar form.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.