Menu
Verify Now - Identity Verification Platform
KYC Guide South Africa 2026
Complete Know Your Customer (KYC) guide for South African businesses. Learn about customer identification requirements, verification procedures, risk-based due diligence, and FICA compliance best practices.
1. What is KYC?
KYC (Know Your Customer), also known as Know Your Client, is the process of verifying a customer's identity and assessing their risk profile before establishing a business relationship. In South Africa, KYC is a legal requirement under the Financial Intelligence Centre Act (FICA).
KYC is a critical component of Customer Due Diligence (CDD) and helps businesses prevent money laundering, terrorist financing, fraud, and other financial crimes.
Why KYC Matters
- Legal Compliance: Required by FICA for accountable institutions
- Risk Management: Identifies high-risk customers before onboarding
- Fraud Prevention: Detects identity fraud and impersonation
- AML/CTF: Prevents money laundering and terrorist financing
- Reputation Protection: Avoids association with criminals
2. Legal Framework (FICA)
KYC requirements in South Africa are primarily governed by the Financial Intelligence Centre Act 38 of 2001 (FICA) and its amendments. Key sections related to KYC include:
Section 21: CDD
Customer identification and verification requirements
Section 21A: EDD
Enhanced due diligence for high-risk customers
Section 21B: Beneficial Ownership
Identifying beneficial owners of legal entities
Section 21C: Ongoing CDD
Continuous monitoring and periodic reviews
Section 22-23: Record Keeping
5-year retention of KYC records
Section 42: RMCP
Risk management and compliance programme
POPIA Considerations
While collecting KYC information, you must also comply with POPIA. FICA provides legal grounds for collecting personal information (Section 11(1)(c) of POPIA), but you must still inform customers of how their data will be used and implement appropriate security safeguards.
3. The KYC Process
The KYC process follows a structured approach to identify, verify, and assess customers. Each step builds on the previous one to create a comprehensive customer profile.
Customer Identification
(FICA Section 21)Collect required identification information from the customer before establishing a business relationship.
Key Actions:
- Obtain full legal name
- Record date of birth
- Collect identification number (ID, passport)
- Gather residential address
- Obtain contact details (phone, email)
- For entities: registration number, nature of business, directors
Identity Verification
(FICA Section 21)Verify the customer's identity using reliable, independent sources.
Key Actions:
- Verify ID against Home Affairs database
- Validate document authenticity
- Cross-reference with approved provider data
- Verify proof of address
- For entities: verify CIPC registration
- Conduct biometric verification if required
Risk Assessment
(FICA Section 42)Assess the customer's risk profile to determine the level of due diligence required.
Key Actions:
- Evaluate customer type risk
- Assess geographical risk
- Consider product/service risk
- Evaluate delivery channel risk
- Screen for PEP status
- Check sanctions lists
- Assign overall risk rating
Enhanced Due Diligence
(FICA Section 21A)For high-risk customers, apply additional verification measures.
Key Actions:
- Verify source of funds
- Verify source of wealth
- Obtain senior management approval
- Conduct additional background checks
- Apply enhanced ongoing monitoring
- Document rationale for approval
Beneficial Ownership
(FICA Section 21B)Identify and verify beneficial owners for legal entities and trusts.
Key Actions:
- Identify natural persons with >25% ownership
- Identify persons exercising control
- Verify beneficial owner identities
- Document ownership structure
- Verify trust beneficiaries and trustees
- Screen beneficial owners for PEP/sanctions
Ongoing Monitoring
(FICA Section 21C)Continuously monitor customer activity and periodically refresh KYC information.
Key Actions:
- Monitor transactions for unusual patterns
- Schedule periodic KYC refreshes
- Re-screen against PEP/sanctions lists
- Update customer information as needed
- Escalate suspicious activities
- Document all monitoring activities
4. Documents Required
Individual Customers
| Document | Purpose | Mandatory |
|---|---|---|
| South African ID | Primary identification | |
| Passport (foreign nationals) | Primary identification | |
| Proof of residence | Address verification | |
| Utility bill (≤3 months) | Address verification | - |
| Bank statement (≤3 months) | Address & financial verification | - |
| Payslip/Income proof | Source of funds | - |
| Tax clearance certificate | Tax compliance verification | - |
Legal Entities (Companies, Trusts)
| Document | Purpose | Mandatory |
|---|---|---|
| Registration certificate (CoR14.1) | Company verification | |
| Memorandum of Incorporation | Ownership structure | |
| Company resolution | Authority to transact | |
| Director IDs | Director identification | |
| Beneficial owner IDs | UBO verification | |
| Proof of registered address | Address verification | |
| Financial statements | Business verification | - |
| Tax clearance certificate | Tax compliance | - |
5. Risk-Based Approach
FICA requires a risk-based approach (RBA) to KYC. This means the level of due diligence applied should be proportionate to the assessed risk of the customer relationship.
Low Risk
Simplified due diligence may be applied
Characteristics:
- Established business with transparent ownership
- Long-standing customer relationship
- Simple product/service usage
- Low-value transactions
- South African resident
- No adverse media or negative indicators
Required Actions:
Standard CDD procedures, periodic reviews every 3-5 years
Medium Risk
Standard due diligence procedures
Characteristics:
- New customer relationship
- Moderate transaction values
- Standard business activities
- Some geographic risk factors
- Complex but transparent ownership
Required Actions:
Full CDD procedures, periodic reviews every 2-3 years
High Risk
Enhanced due diligence required
Characteristics:
- PEP (Politically Exposed Person)
- High-risk jurisdiction connection
- Complex ownership structures
- Cash-intensive business
- High-value transactions
- Adverse media or negative indicators
- Unusual transaction patterns
Required Actions:
Full EDD procedures, senior management approval, ongoing monitoring, annual reviews
6. Electronic KYC (eKYC)
Electronic KYC (eKYC) allows businesses to verify customer identity digitally rather than through manual document review. FICA permits electronic verification through independent data sources.
Benefits of eKYC
- Faster customer onboarding
- Reduced manual errors
- Lower operational costs
- Better customer experience
- Automated audit trails
- Real-time verification
Electronic Verification Sources
Department of Home Affairs
Verify SA ID numbers, names, date of birth, and ID photo against the population register.
CIPC
Verify company registration, director information, and company status.
Credit Providers
Cross-reference identity, address verification, and fraud alerts.
Biometric Verification
Facial recognition and liveness detection for identity confirmation.
7. Industry-Specific Requirements
KYC requirements vary by industry based on FICA Schedule 1 (accountable institutions) and sector-specific regulations.
Banks & Financial Services
Full FICA Schedule 1 requirements, account opening KYC, transaction monitoring
Insurance Companies
Policyholder verification, beneficiary identification, claims validation
Estate Agents & Property
Buyer/seller verification, source of funds for property transactions
Motor Vehicle Dealers
Customer identification for vehicle sales >R100,000
Legal Practitioners
Client verification, trust account monitoring, conveyancing KYC
Accountants & Auditors
Client identification for financial services and business transactions
8. Beneficial Ownership
FICA Section 21B requires identification and verification of beneficial owners for legal entities and trusts. A beneficial owner is any natural person who:
Who is a Beneficial Owner?
- Owns or controls >25% of shares/voting rights
- Exercises effective control over the entity
- Is the beneficiary of the entity (for trusts)
- Exercises control through other means (e.g., nominee arrangements)
Trusts Require Special Attention
For trusts, you must identify the founder, trustees, and beneficiaries. Where beneficiaries are not yet determined (e.g., discretionary trusts), identify the class of beneficiaries and document the criteria for benefit distribution.
9. Ongoing Monitoring
FICA Section 21C requires ongoing customer due diligence throughout the business relationship. This ensures customer information remains current and any unusual activity is detected.
Transaction Monitoring
- Monitor for unusual transaction patterns
- Flag transactions inconsistent with customer profile
- Review high-value or complex transactions
- Document and escalate suspicious activity
Periodic Reviews
- High-risk customers: Annual review
- Medium-risk customers: Every 2-3 years
- Low-risk customers: Every 3-5 years
- Trigger-based reviews when information changes
10. Record Keeping
FICA Sections 22-23 require retention of all KYC records for at least 5 years after the business relationship ends or after a transaction is completed.
Records to Maintain
- Copies of identification documents
- Verification steps taken and outcomes
- Risk assessment and rating rationale
- Transaction records
- Correspondence with customers
- STR/SAR reports filed
- Ongoing monitoring activities
11. Frequently Asked Questions
What is KYC in South Africa?
KYC (Know Your Customer) in South Africa refers to the customer identification and verification processes required under FICA (Financial Intelligence Centre Act). It involves verifying customer identity, understanding their business activities, and assessing risk before establishing a business relationship.
What documents are required for KYC in South Africa?
For individuals: South African ID/passport, proof of residence (utility bill, bank statement), and income verification. For companies: Registration documents (CoR14.1), company resolution, director IDs, beneficial owner information, and proof of registered address.
How long must KYC records be kept in South Africa?
Under FICA Section 22-23, KYC records must be kept for at least 5 years after the business relationship ends or after the date of a transaction. Records must include identification documents, verification steps, and transaction history.
What is the risk-based approach to KYC?
The risk-based approach means applying different levels of due diligence based on assessed customer risk. Low-risk customers may undergo simplified due diligence, while high-risk customers (PEPs, high-risk jurisdictions) require enhanced due diligence (EDD) with additional verification and ongoing monitoring.
Can KYC be done electronically in South Africa?
Yes, FICA allows electronic verification of customer identity through independent electronic data sources like the Department of Home Affairs database. Electronic KYC (eKYC) is accepted as long as verification is done against reliable, independent sources and appropriate records are maintained.
Related Resources
Automate Your KYC Process
VerifyNow provides instant ID verification, PEP screening, and CIPC lookups. Streamline customer onboarding while maintaining full FICA compliance.
Get Started Free