The Financial Intelligence Centre Act (FICA) was introduced to fight financial crime, such as money laundering, tax evasion, and terrorist financing activities by making it more difficult for criminals to benefit from the proceeds of crime. The FIC Amendment Act (FICAA) brings South Africa closer to international standards and best practices recommended by the Financial Action Task Force (FATF).

The key obligations in terms of the FIC are:

Register with the FIC ✍️

Accountable and Reporting Institutions are required to register with the Financial Intelligence Centre (FIC). Registration can take place on the FIC’s goAML EE online system which can be accessed via the FIC’s website

The 7 key requirements that need to be met in order to be FICA compliant-01

Appoint an Anti Money-Laundering (AML) / Combating the Financing of Terrorism (CFT) Compliance Officer👮

The senior management or board of directors of an Accountable Institution need to formally appoint a Compliance Officer to ensure compliance with FICAA. Ideally, the person appointed should have the competence and seniority to ensure the effectiveness of the Accountable Institution’s compliance function. 

The 7 key requirements that need to be met in order to be FICA compliant-02

Develop an RMCP 📋

Accountable Institutions are required to apply a risk-based approach when establishing a business relationship and/or conducting a single transaction with a client. Part of this risk-based approach includes developing controls which mitigate and manage the businesses anti-money laundering risks, and fulfil the FICAA requirements. All the controls developed and implemented should be documented to form part of their risk management and compliance programme (RMCP). The RMCP should be reviewed and continuously updated (where necessary) to ensure that they are effective and sufficient.

The 7 key requirements that need to be met in order to be FICA compliant-03

Perform Customer Due Diligence 🔎

An important part of mitigating risk to your business is performing customer due diligence. Customer due diligence refers to the process of analysing information about an individual or legal person from multiple sources. This means that to adequately perform due diligence you will need to collect and evaluate specific information to truly know your client and ultimately ensure that your client is who they say they are.

Not only does this include collecting and analysing documentation but it should also include:

  • Verifying the identity of an individual or the registration of a legal person and their address or location
  • Obtaining information regarding the economic sector or occupation of your client
  • Obtaining information regarding the nature and purpose of your client’s relationship with you
  • Monitoring transactions
  • Developing a risk rating scheme to categorise your clients
  • Checking data against third party data sources
  • Identifying source of funds 
  • Identify whether your client, a related party, authorised person or Ultimate Beneficial Owner (UBO) is on a sanctions list or has appeared in any adverse media
  • Identify whether your client, a related party, authorised person or UBO is a Domestic Prominent Influential Person (DPIP) or Foreign Prominent Public Official (FPPO) and then carry out enhanced due diligence on them. (As of 29 December 2022, Domestic Prominent Influential Persons (DPIPs) and Foreign Prominent Public Officials (FPPOs) have been replaced with the acronyms Domestic Politically Exposed Persons (DPEPs) and Foreign Politically Exposed Persons (FPEPs). Read more here).

The 7 key requirements that need to be met in order to be FICA compliant-05

Submit reports to the FIC 📤

Both Accountable and Reporting Institutions are obligated to report any suspicious behaviour or transactions to the FIC. This includes reporting any cash transaction in excess of R24 999.99 (as of 14 November 2022 the amount has been increased to R49 999). This is known as a cash threshold report (CTR). Other types of reports that can be submitted are known as a suspicious transaction or suspicious activity reports (STRs/SARs). These reports should be submitted when there is either a transaction or activity by the client that appears to be suspicious or unusual. Lastly the fourth type of report that can be submitted is a terrorist property report (TPR). A TPR should be submitted when you think your client may possess or control property belonging to a client that could be linked to terrorism.

To offer you further guidance we have put together a handy guide to identifying and reporting suspicious behaviours and transactions. In the guide, we unpack each of the above reporting duties set out in Part 3 of the FICAA.

The 7 key requirements that need to be met in order to be FICA compliant-04

Record Keeping 📁

FICAA requires Accountable Institutions to keep records of not only the due diligence that was carried out, but also details of any transactions that took place - including any counter-parties to those transactions. This is to ensure that evidence is available should the FIC or the authorities require it for an investigation or a prosecution.

These must be kept for a minimum of five years from the later of either; when a client last transacts, when they cease being a client, when a report about them is submitted to the FIC or an active investigation is closed. The key here is to keep records for at least 5 years. It can be in paper or electronic form - it doesn’t matter as long as it is kept securely, safely, in confidence and is accessible by the FICAA Compliance Officer.

The 7 key requirements that need to be met in order to be FICA compliant-06

Ongoing Training 🎓

According to section 43 of the FICAA Accountable Institutions must provide ongoing training relating to AML/CFT to its employees with the purpose of complying with the provisions set out by FICAA and their internal RMCP.

Accountable Institutions should bear in mind that the FICAA training requirement is not optional and businesses that fail to provide their employees with the required training, are regarded as non-compliant with the Act and could face potential administrative sanctions.

Have a look at our available FICA trainings here.


The 7 key requirements that need to be met in order to be FICA compliant-07

Risk Compliance Returns - Directive 6, 7 ❗

The FIC issued new directives (6,7 & 8) which were gazetted on Sunday 2 April 2023 and backdated to 31 March 2023, when they came into force.

Directive 6 & 7: Serve to inform certain Accountable Institutions that they must submit information regarding their understanding of money laundering, terrorist financing and proliferation financing risks and their assessment of compliance with obligations in terms of the FIC Act to the FIC through a risk and compliance return. Read more about this here.

Employee screening - Directive 8 👥

Directive 8: Requires Accountable Institutions to screen prospective employees and current employees for competence and integrity, as well as to scrutinise employee information against the Targeted Financial Sanctions lists, in order to identify, assess, monitor, mitigate and manage the risk of money laundering, terrorist financing and proliferation financing. Here is a summary of what is required for this directive.

As you can see there are several requirements that need to be met in order to be fully FICA compliant. It is important to remember that all these requirements are set out for a reason and ultimately serve to minimise the risk of money laundering and reduce the risk of your business working with criminals.

Speak to us today and let us ease your FICA work load.


Request a Demo