FIC notice response guide

Received a FIC notice? Here is what to do next

If you or your company received a FIC notice, do not ignore it. This guide explains what a Risk and Compliance Return is, the official 2026 RCR deadlines, what evidence to gather, and what to do if your deadline was missed.

Open official RCR tool Open VerifyNow FICA Toolkit

RCR login access

Where to create an account for rcr.fic.gov.za

The RCR tool does not use a separate VerifyNow account. The official RCR login page says users must log in with their FIC-issued goAML username and password. If you do not have those credentials, start with the FIC's goAML registration and reporting portal.

Register on goAML first

The FIC says registrations are completed electronically on goAML and registration is free. The RCR tool login uses your FIC-issued goAML username and password.

Register the organisation if it is new

If the accountable institution is not yet registered with the FIC, register the organisation on the official goAML portal and wait for FIC approval and an Org ID.

Use the Org ID for RCR access

The FIC RCR overview says only accountable institutions registered on goAML and issued an Org ID may submit an RCR. Capture the goAML-generated Org ID, not a personal ID number or company registration number.

Add users without duplicating the organisation

If the organisation is already registered, the FIC FAQ says additional users should register as a person using the Org ID. Existing registrants should not create a duplicate organisation registration.

Create or manage goAML access Read FIC registration FAQ Open RCR login

Immediate response

What to do if you received a FIC notice

Treat a FIC notice as a formal compliance item. The safest first move is to verify it, identify the affected entity and Org ID, then respond through the official FIC channel named in the notice.

Confirm the notice is genuine

Check the sender, any goAML message board notice, your FIC Org ID and whether the notice refers to Directive 11, an RCR, registration, reporting, an inspection or enforcement.

Identify the accountable-institution item

The 2026 RCR applies to specified Schedule 1 items. Your due date depends on the item registered with the FIC, not only the name of your business.

Check the deadline and reporting period

Directive 11 says the 2026 RCR submission window opens on 4 May 2026 and has either a 30 June or 31 July deadline, depending on the accountable-institution category.

Gather evidence before answering

Use your RMCP, CDD files, KYB records, CIPC documents, AML/PEP screening process, regulatory report history, training records and compliance responsibility records.

Submit or respond through official FIC channels

Use the official RCR tool or the FIC channel named in the notice. Keep screenshots, timestamps, submission references and copies of any query you submit.

Official 2026 dates

FICA RCR 2026 deadlines

The FIC web notice says Directive 11 was issued on 31 March 2026, came into effect on 1 April 2026, and the 2026 RCR submission window commences on 4 May 2026. The due date depends on the Schedule 1 item.

Due date

30 June 2026 at 17:00

Submissions open: 4 May 2026
Who this covers: Item 2 trust and company service providers; item 9 casinos; item 11 credit providers excluding banks, mutual banks and co-operative bank credit providers; item 14 The Postbank; item 21 South African Mint Company; item 22 crypto asset service providers.
Data period: 1 July 2023 to 31 March 2026, unless noted below
Official-note context: For item 2 and item 9 casinos, the official schedule lists the data period as 1 April 2023 to 31 March 2026.

Due date

31 July 2026 at 17:00

Submissions open: 4 May 2026
Who this covers: Item 1 legal practitioners; item 3 estate agents; item 20 high-value goods dealers including dealers in precious stones, precious metals and Krugerrands; item 9 non-casino gambling institutions.
Data period: 1 July 2023 to 31 March 2026 for high-value goods dealers; 1 April 2023 to 31 March 2026 for items 1, 3 and non-casino item 9.
Official-note context: The FIC media release summarises this window as 4 May to 31 July 2026.

Before submitting

Information to gather for the Risk and Compliance Return

The FIC media release says accountable institutions need to source information from their RMCP, CIPC documents, financials, records of regulatory reports filed to the FIC and related records. Build the file before answering.

FIC registration details, goAML access and Org ID

Risk Management and Compliance Programme (RMCP)

Customer due diligence and enhanced due diligence procedures

Identity verification and company verification records

Beneficial ownership and director verification records

AML, PEP and sanctions screening approach

Records of regulatory reports filed to the FIC where applicable

Training and monitoring records

Internal owner for FICA compliance and RCR submission

Missed deadline

What if you missed the RCR deadline?

The FIC RCR overview states that failure to submit an RCR can lead to administrative action. The FIC supervision page explains that sanctions for non-compliance can include cautions, reprimands, remedial directives, restrictions or suspension of business activities and financial penalties.

Check goAML and the original notice immediately for any final demand, inspection request or sanction notice.

If the RCR tool or official channel is still available to you, submit or remediate as soon as possible.

Log a compliance query with the FIC if you cannot submit, are unsure which Org ID applies, or need official guidance.

Preserve evidence: the date you became aware, screenshots, attempted submissions, internal escalation and corrective action.

Get legal or compliance advice if enforcement, inspection or administrative sanction wording appears in the notice.

VerifyNow support

How VerifyNow helps with your compliance evidence

VerifyNow does not submit your RCR or act as your legal advisor. It helps you build the verification evidence and audit trail that supports CDD, KYB and risk controls.

FICA Toolkit

Find RMCP, CDD, EDD, reporting and POPIA resources in one place.

Open resource

RMCP Generator

Create a starting Risk Management and Compliance Programme for your business.

Open resource

South Africa ID Verification

Build CDD evidence with Home Affairs ID checks.

Open resource

Company Verification

Support KYB, company and director checks with CIPC data.

Open resource

AML/PEP Screening

Screen people and entities against sanctions, PEP and watchlist sources.

Open resource

FICA Compliance Guide

Map accountable-institution controls to VerifyNow reports.

Open resource

FAQ

FIC notice and RCR questions

What is an RCR?+

RCR stands for Risk and Compliance Return. It is an online self-assessment submitted to the Financial Intelligence Centre by specified accountable institutions about money laundering, terrorist financing and proliferation financing risks, and the controls used to manage those risks.

What should I do if I received a FIC notice?+

Check the notice against your goAML message board, confirm your FIC Org ID and Schedule 1 item, identify the deadline, gather RMCP and CDD evidence, then respond or submit through the official FIC channel named in the notice.

What if my company received a FIC notice but we are not registered?+

The FIC RCR overview says only institutions successfully registered on goAML and issued an Org ID may submit an RCR, and institutions not yet registered are requested to register immediately. Use the official FIC registration and compliance-query channels.

Where do I create an account to log in to rcr.fic.gov.za?+

Create or manage your FIC access on the official goAML registration and reporting portal. The RCR tool says users log in with their FIC-issued goAML username and password. Once the accountable institution is registered and has an Org ID, use the goAML credentials to access rcr.fic.gov.za.

What if we missed the RCR deadline?+

Do not ignore the issue. The FIC states that failure to submit an RCR can lead to administrative action, and its supervision page explains that non-compliance with FIC Act obligations and Directives can lead to administrative sanctions. Check goAML, submit or remediate through official FIC channels where available, log a compliance query, preserve evidence and seek legal or compliance advice if you received a final demand, inspection request or sanction notice.

Can VerifyNow submit the RCR for us?+

No. VerifyNow helps with verification evidence, CDD, KYB, AML/PEP screening, RMCP resources and audit trails. The accountable institution remains responsible for its own RCR, statutory reporting and official response to the FIC.

Official references

Primary FIC sources to check

Always use the FIC notice, goAML message board and official FIC pages as the source of truth for your own institution.

FIC web notice: Directive 11 and 2026 RCR schedule FIC media release: 2026 Risk and Compliance Returns FIC RCR overview Official FIC RCR tool Official FIC goAML registration and reporting portal FIC FAQ: how to register with the FIC FIC compliance queries FIC supervision and enforcement

Build the evidence file before the deadline

Start with the FICA Toolkit, then run the verification checks that support your CDD, KYB and AML review records.

Open FICA Toolkit View FICA guide