Get Started

Menu

Verify Now - Identity Verification Platform

FICA Compliance Guide
South Africa 2026

The complete guide to FICA (Financial Intelligence Centre Act) compliance. Everything South African businesses need to know about requirements, implementation, and penalties.

Comprehensive Guide
Updated January 2026
Act References Included

In This Guide

1. What is FICA?2. Who Must Comply?3. Customer Due Diligence (CDD)4. Enhanced Due Diligence (EDD)5. Record Keeping6. Reporting Obligations7. Penalties8. Implementation Roadmap

1What is FICA? (Act 38 of 2001)

The Financial Intelligence Centre Act (FICA), Act 38 of 2001, is South African legislation designed to combat money laundering and terrorist financing. It establishes a comprehensive regulatory framework that requires certain businesses to implement anti-money laundering (AML) controls.

Purpose of FICA

FICA aims to protect South Africa's financial system from being used for money laundering and terrorist financing. It does this by requiring businesses to know their customers (KYC), monitor transactions, keep records, and report suspicious activities to the Financial Intelligence Centre (FIC).

Key Objectives

Prevent Money Laundering

Stop criminals from disguising illegal funds as legitimate

Combat Terrorist Financing

Prevent funds from reaching terrorist organizations

Enable Detection

Help authorities identify and investigate financial crimes

International Compliance

Meet FATF international standards and recommendations

Key Amendments

2017 Amendment

Introduced risk-based approach, enhanced customer due diligence requirements, and expanded definition of beneficial ownership.

2022 Amendment

Added crypto asset service providers to Schedule 1, strengthened PEP requirements, and enhanced information sharing provisions.

2Who Must Comply with FICA?

FICA applies to accountable institutions listed in Schedule 1 of the Act. These are businesses and professionals that handle financial transactions or provide services that could potentially be used for money laundering.

Accountable Institutions (Schedule 1)

BanksSchedule 1, Item 1
Mutual BanksSchedule 1, Item 2
Insurance CompaniesSchedule 1, Item 4
AttorneysSchedule 1, Item 11
Estate AgentsSchedule 1, Item 12
Motor Vehicle DealersSchedule 1, Item 14
AccountantsSchedule 1, Item 15
Gambling InstitutionsSchedule 1, Item 5-8
Crypto Asset ProvidersSchedule 1, Item 18
Trust CompaniesSchedule 1, Item 10
Foreign Exchange DealersSchedule 1, Item 3
Investment AdvisorsSchedule 1, Item 13

Not Sure If You're Covered?

If your business handles financial transactions, deals with high-value goods (over R100,000), or provides professional services listed above, you are likely an accountable institution. When in doubt, consult the full Schedule 1 of FICA or seek legal advice.

3Customer Due Diligence (CDD) Requirements

Section 21 of FICA requires accountable institutions to establish and verify the identity of every client before entering into a business relationship or conducting a transaction above prescribed thresholds.

Section 21 Reference

"An accountable institution must, in accordance with its Risk Management and Compliance Programme, establish and verify the identity of a client... before establishing a business relationship with the client."

CDD Obligations

1

Identify the Client

Collect full name, date of birth, ID number, residential address, and contact details.

2

Verify Identity

Verify information using reliable, independent sources such as Home Affairs or CIPC.

3

Identify Beneficial Owners

For legal entities, identify all natural persons who own or control more than 25% of the entity.

4

Understand Business Purpose

Establish the purpose and intended nature of the business relationship.

5

Conduct Ongoing Monitoring

Monitor transactions and periodically update client information.

When CDD Must Be Applied

  • Before establishing a business relationship
  • Before carrying out a single transaction above R5,000 (anonymous) or R25,000 (occasional)
  • When there is suspicion of money laundering or terrorist financing
  • When there are doubts about previously obtained identification information
Take our CDD Training Course

4Enhanced Due Diligence (EDD)

Section 21A of FICA requires Enhanced Due Diligence (EDD) for higher-risk clients and situations. EDD involves additional verification measures beyond standard CDD.

When EDD is Required

Politically Exposed Persons (PEPs)

Clients who hold or have held prominent public positions

High-Risk Jurisdictions

Clients from countries with weak AML controls

Complex Structures

Legal entities with complex ownership structures

Unusual Transactions

Transactions that are unusually large or lack apparent purpose

EDD Measures

  • Obtain senior management approval for the relationship
  • Establish the source of funds and source of wealth
  • Conduct additional verification through independent sources
  • Apply enhanced ongoing monitoring
  • Document the rationale for entering the relationship
Take our EDD Training Course

5Record Keeping Obligations

Sections 22-23 of FICA establish record keeping requirements. Accountable institutions must maintain comprehensive records of all CDD measures and transactions.

Retention Period

Records must be kept for at least 5 years after the business relationship has ended, or 5 years after the date of the transaction for occasional transactions.

Records to Maintain

  • Copies of all identification documents
  • Records of all verification steps taken
  • Transaction records and supporting documentation
  • Risk assessments and their rationale
  • Suspicious transaction reports filed
  • Staff training records
  • RMCP and policy documents

6Reporting Suspicious Transactions

Sections 28-29 of FICA require accountable institutions to report suspicious or unusual transactions to the Financial Intelligence Centre (FIC) via the goAML system.

Suspicious Transaction Reports (STRs)

Report any transaction or activity that you know or suspect is related to money laundering or terrorist financing.

Timeline: Report within 15 days of forming the suspicion.

Cash Threshold Reports (CTRs)

Report all cash transactions of R24,999.99 or more (Section 28).

Timeline: Report within 2 days of the transaction.

Tipping Off Prohibition

Section 29B prohibits "tipping off" - informing the client or any other person that a suspicious transaction report has been filed. Violation can result in imprisonment.

7Penalties for Non-Compliance

Sections 51-52 of FICA establish administrative and criminal penalties for non-compliance. The FIC has significantly increased enforcement actions in recent years.

Administrative Penalties

  • • Up to R10 million for natural persons
  • • Up to R50 million for legal persons
  • • Public naming of non-compliant institutions
  • • Directives to take corrective action

Criminal Penalties

  • • Up to 15 years imprisonment
  • • Unlimited fines
  • • Personal liability for directors
  • • Loss of professional licenses

Recent Enforcement

The FIC has issued millions in penalties in recent years. In 2023 alone, major banks and estate agencies received significant administrative sanctions for FICA failures. Enforcement is increasing.

8Implementation Roadmap

Implementing FICA compliance requires a systematic approach. Here's a recommended roadmap:

Phase 1

Assessment

Assess current compliance status, identify gaps, and understand your risk profile.

Phase 2

RMCP Development

Develop or update your Risk Management and Compliance Programme (Section 42).

Phase 3

Policies & Procedures

Create detailed CDD, EDD, and reporting procedures aligned with your RMCP.

Phase 4

Technology

Implement systems for identity verification, transaction monitoring, and record keeping.

Phase 5

Training

Train all staff on FICA obligations and your compliance procedures.

Phase 6

Testing

Test your controls, conduct internal audits, and arrange independent review.

Need Help Getting Started?

Use our free RMCP Generator to create a customized Risk Management and Compliance Programme for your business.

Generate Your RMCP Free

Frequently Asked Questions

What is FICA?

FICA (Financial Intelligence Centre Act, Act 38 of 2001) is South African legislation designed to combat money laundering and terrorist financing. It establishes customer due diligence requirements, record-keeping obligations, and reporting duties for accountable institutions.

Who must comply with FICA?

Accountable institutions listed in Schedule 1 of FICA must comply. This includes banks, insurance companies, attorneys, estate agents, motor dealers, accountants, gambling institutions, crypto asset service providers, and other financial service providers.

What are the penalties for FICA non-compliance?

Under FICA Sections 51-52, administrative penalties can reach up to R10 million for natural persons and R50 million for legal persons. Criminal prosecution can result in imprisonment up to 15 years.

What is an RMCP?

An RMCP (Risk Management and Compliance Programme) is required under Section 42. It documents how your organization identifies, assesses, and manages money laundering risks, and ensures compliance with all FICA obligations.

Related Resources

CDD Training

RMCP Generator

FICA Checklist

Automate Your FICA Compliance

VerifyNow provides instant ID verification, PEP screening, and automated compliance workflows. Reduce manual effort and ensure compliance.

Get Started FreeView FICA Toolkit