FICA Compliance in SA: What Every Business Must Know

The Financial Intelligence Centre Act 38 of 2001 (“FICA”) plays a pivotal role in South Africa’s fight against money laundering, terrorist financing, and illicit financial flows. For accountable and reporting institutions, FICA imposes mandatory compliance obligations with serious legal consequences for non-compliance.

This article provides a 2025-aligned summary of the obligations placed on regulated entities and the key updates every compliance officer, business owner, or director must understand.

Who Must Comply with FICA?

FICA applies to Accountable Institutions (Schedule 1) and Reporting Institutions (Schedule 3). These include, but are not limited to:

Accountable Institutions:

• Banks and financial service providers

• Attorneys and estate agents

• Investment managers and forex dealers

• Crypto asset service providers (added Dec 2022)

• High-value goods dealers

• Co-operative banks

• Trust and company service providers

• Long-term insurers and brokers

• Stock exchange members

• Payment clearing operators

• The South African Mint

Reporting Institutions:

• Motor vehicle dealers

• Kruger Rand traders

Key FICA Compliance Obligations (2025)

• Register with the FIC - All institutions must register with the Financial Intelligence Centre (FIC) within 90 days of commencing operations.

• Appoint a Compliance Officer - This individual must have sufficient seniority and competency to oversee implementation of FICA obligations.

• Develop a Risk Management and Compliance Programme (RMCP)

  • A tailored RMCP must:

    • Identify risk exposure

    • Outline due diligence procedures

    • Set internal controls for record-keeping and reporting

    • Be reviewed regularly and remain aligned with legislative updates

• Client Due Diligence (CDD)

  • Accountable Institutions must:

    • Verify the identity of all clients

    • Understand how the client’s activities may pose a risk

    • Maintain documentation of this process

    • Reporting Institutions are not required to conduct full CDD, but must record minimum client details and transaction data.

• Reporting Obligations to the FIC

  • Required reports include:

    • Cash Threshold Reports (CTR): for any cash transaction exceeding R49,999.99

    • Suspicious Activity Reports (SAR): for unusual or high-risk transactions

    • Terrorist Property Reports (TPR): if client assets may be linked to terrorism or listed entities

• Record-Keeping

  • Records must be retained for at least 5 years from:

    • End of a business relationship

    • Completion of a once-off transaction

    • Filing of a FIC report

    • Conclusion of an investigation

      • Records may be stored in hardcopy or digital form, provided they are secure and accessible.

• Ongoing FICA Training

  • Accountable Institutions must offer:

    • Regular, updated training

    • Covering FICA and the institution’s RMCP

    • Rolled out across all relevant departments

      
      

Non-Compliance Penalties

Institutions that fail to meet their obligations may face:

• Fines up to R100 million

• Imprisonment for up to 15 years

• Administrative sanctions, including:

  • Formal reprimands

  • Directives for remedial action

  • Suspension of business activities

  • Fines up to R10 million (individuals) or R50 million (companies)

    
    

Conclusion

FICA compliance is not a tick-box exercise, it is a legal and reputational imperative. Businesses must proactively manage risk and ensure that their governance frameworks meet current statutory requirements.

Need help developing a compliant RMCP, onboarding staff, or preparing for a FIC audit? The Compliance Law team at Kern, Armstrong & Associates is ready to assist - info@kernattorneys.co.za