VerifyNow
FICA Compliance for Banks in South Africa: A VerifyNow Guide
FICA Compliance for Banks in South Africa: A VerifyNow Guide
Banks in South Africa operate at the frontline of the fight against money laundering, terrorist financing, and financial crime. The Financial Intelligence Centre Act (FICA), No. 38 of 2001, places significant compliance obligations on banks as accountable institutions. Failure to meet these obligations can result in severe penalties, reputational damage, and regulatory sanctions. This guide breaks down everything banks need to know about FICA compliance and how VerifyNow can help streamline the process.
Banks as Accountable Institutions Under FICA
Under Schedule 1 of FICA, banks registered under the Banks Act, 1990 (Act No. 94 of 1990) are classified as accountable institutions. This classification means banks carry the highest level of compliance responsibility under South African anti-money laundering (AML) legislation.
As accountable institutions, banks are required to:
- Identify and verify the identity of every client before establishing a business relationship or conducting a single transaction above the prescribed threshold
- Maintain a Risk Management and Compliance Programme (RMCP) approved by senior management
- Appoint a compliance officer responsible for overseeing FICA obligations
- Train employees on their obligations under FICA and how to identify suspicious activities
- Report certain transactions and activities to the Financial Intelligence Centre (FIC)
The FIC is the primary regulatory body responsible for overseeing compliance with FICA. Banks must register with the FIC and maintain ongoing communication regarding their compliance status.
KYC Requirements for Banks
Know Your Customer (KYC) is the cornerstone of FICA compliance for banks. The KYC process ensures that banks understand who their customers are, the nature of their business, and the risks associated with each relationship.
Customer Identification and Verification
Banks must collect and verify the following information before establishing a business relationship:
For natural persons (individuals):
- Full name and surname
- Date of birth
- South African ID number or passport number (for foreign nationals)
- Residential address
- Income tax registration number (where applicable)
For legal persons (companies, trusts, partnerships):
- Registered name and trading name
- Registration number
- Registered address and place of business
- Details of authorised persons acting on behalf of the entity
| KYC Requirement | Natural Persons | Legal Persons |
|---|---|---|
| Identity Document | SA ID / Passport | Registration Certificate |
| Proof of Address | Utility bill / Bank statement | Business address confirmation |
| Tax Information | Tax number (if applicable) | Tax number |
| Beneficial Ownership | N/A | Required |
Beneficial Ownership Identification
One of the most critical obligations under FICA is the identification of beneficial owners. Banks must take reasonable steps to establish:
- The natural person who ultimately owns or controls 25% or more of the shares, voting rights, or partnership interest in a legal person
- The natural person who exercises effective control over the management of a legal person
- The identity of trustees, founders, and beneficiaries of trusts
This requirement was strengthened by the FICA Amendment Act, 2017 (Act No. 1 of 2017), which introduced more rigorous beneficial ownership obligations.
Risk-Based Approach to Customer Due Diligence
FICA requires banks to adopt a risk-based approach (RBA) to customer due diligence (CDD). This means that the level of due diligence applied should be proportional to the risk posed by the customer, product, or transaction. Banks must:
- Categorise customers into risk categories (low, medium, high)
- Assess risk factors including the customer's occupation, geographic location, transaction patterns, and source of funds
- Apply simplified due diligence for lower-risk customers where permitted
- Apply enhanced due diligence (EDD) for higher-risk customers, including politically exposed persons (PEPs), customers from high-risk jurisdictions, and complex corporate structures
Enhanced Due Diligence for High-Risk Customers
For high-risk customers, banks must go beyond standard CDD measures. Enhanced due diligence includes:
- Obtaining senior management approval before establishing or continuing a business relationship
- Establishing the source of wealth and source of funds
- Conducting enhanced ongoing monitoring of the business relationship
- Screening against PEP lists, sanctions lists, and adverse media databases
- More frequent reviews of the customer's risk profile
Record Keeping Obligations
FICA imposes strict record keeping requirements on banks. All records relating to customer identification, verification, and transactions must be retained for a minimum of five years from the date the business relationship is terminated or from the date of the transaction.
Key records that must be maintained include:
- Customer identification and verification documents (copies of IDs, proof of address, company registration documents)
- Transaction records including the nature, amount, parties involved, and date of each transaction
- All correspondence related to compliance, including suspicious transaction reports
- Risk assessments and profiles for each customer
- Training records for staff compliance training
Banks must ensure that records are stored securely and can be retrieved within a reasonable timeframe when requested by the FIC, the South African Reserve Bank (SARB), or law enforcement authorities.
Reporting Obligations
Banks have several mandatory reporting obligations under FICA. Failure to report can result in significant penalties.
Cash Threshold Reports (CTRs)
Banks must file a Cash Threshold Report (CTR) with the FIC for any cash transaction exceeding R24,999.99 (or the equivalent in foreign currency). This applies to both single transactions and aggregated transactions that appear linked. CTRs must be filed within two business days of the transaction.
Suspicious and Unusual Transaction Reports (STRs)
Banks are required to file a Suspicious Transaction Report (STR) with the FIC whenever there are reasonable grounds to suspect that:
- A transaction involves the proceeds of unlawful activities
- A transaction is related to money laundering or terrorist financing
- A transaction has no apparent business or lawful purpose
STRs must be filed within 15 business days of forming the suspicion. Importantly, banks are prohibited from tipping off the customer that a report has been filed.
Terrorist Property Reports (TPRs)
Banks must report to the FIC if they become aware that they are in possession of, or have information about, property associated with terrorist activity or a person designated under the relevant United Nations Security Council Resolutions.
Section 29 Reports
Under Section 29 of FICA, any person (including bank employees) who knows or suspects that a transaction or series of transactions may involve the proceeds of crime, money laundering, or terrorist financing must report it to the FIC. This is a personal obligation and cannot be delegated.
Penalties for Non-Compliance
The consequences of failing to comply with FICA are severe. The FIC Amendment Act of 2017 significantly increased the penalties for non-compliance:
- Administrative sanctions of up to R10 million for individuals and up to R50 million for institutions
- Restriction or suspension of the ability to carry on business
- Public reprimands and directives issued by the FIC
- Criminal prosecution for offences such as failure to report suspicious transactions or tipping off, which can result in imprisonment of up to 15 years
| Penalty Type | Individuals | Institutions |
|---|---|---|
| Administrative Sanctions | Up to R10 million | Up to R50 million |
| Criminal Penalties | Up to 15 years imprisonment | N/A |
| Regulatory Action | Personal liability | Licence restrictions |
The SARB's Prudential Authority also has the power to take enforcement action against banks that fail to meet their FICA obligations, including revoking banking licences in extreme cases.
How VerifyNow Helps Banks with FICA Compliance
Meeting the extensive compliance requirements of FICA can be resource-intensive. VerifyNow provides a comprehensive suite of tools designed to help banks comply efficiently and cost-effectively.
Automated ID Verification
VerifyNow enables banks to verify South African IDs, passports, and other identity documents in seconds. Our platform connects directly to the Department of Home Affairs database, ensuring that verification results are accurate and up to date.
AML and PEP Screening
Our platform provides real-time screening against:
- Politically Exposed Persons (PEP) databases
- Global sanctions lists (UN, EU, OFAC, and others)
- Adverse media and watchlists
This helps banks meet their enhanced due diligence obligations and ensures that high-risk individuals are flagged before a business relationship is established.
Company and Director Verification
VerifyNow allows banks to verify company registration details through CIPC and confirm the identities of directors and beneficial owners, a critical requirement for legal person CDD.
Comprehensive Audit Trails
Every verification performed through VerifyNow generates a detailed audit trail, providing banks with the documentation they need to demonstrate compliance during regulatory inspections and audits.
API Integration
VerifyNow offers a robust API that integrates seamlessly with existing banking systems, allowing banks to embed verification and screening processes directly into their onboarding workflows.
Getting Started with VerifyNow
Ensuring FICA compliance does not have to be a burden. With VerifyNow, banks can automate key compliance processes, reduce manual errors, and focus on delivering excellent service to their customers.
Here is what you can expect:
- Instant identity verification connected to official government databases
- Real-time AML/PEP screening to manage risk
- Company and beneficial ownership verification via CIPC
- Secure, compliant record keeping with full audit trails
- Scalable API solutions for seamless integration
Ready to simplify your FICA compliance? Sign up for VerifyNow today, or visit our Pricing page to find the right plan for your institution.
For tailored advice on how VerifyNow can support your bank's compliance programme, contact our team today.