FICA Compliance in South Africa: A Practical Guide for Financial Services

The Financial Intelligence Centre Act (Act 38 of 2001), commonly referred to as FICA, is one of the most important pieces of legislation affecting financial services professionals in South Africa. It forms the backbone of the country's anti-money laundering (AML) and counter-terrorism financing (CTF) framework, and compliance with its provisions is not merely recommended but legally mandated.

For financial advisors, intermediaries, and anyone working within an accountable institution, understanding FICA is critical for both regulatory examination success and daily professional practice. This guide provides a practical, comprehensive overview of FICA compliance requirements and how to implement them effectively.

What Is FICA?

The Financial Intelligence Centre Act was enacted in 2001 to establish a framework for combating money laundering, terrorist financing, and other forms of financial crime in South Africa. The Act created the Financial Intelligence Centre (FIC), an independent body responsible for collecting, analysing, and disseminating financial intelligence to combat financial crime.

FICA applies to a wide range of businesses and professionals designated as accountable institutions. These include:

• Banks and other financial institutions
• Long-term and short-term insurance companies
• Financial services providers (FSPs) licensed under the FAIS Act
• Estate agents
• Attorneys and accountants in certain circumstances
• Motor vehicle dealers (above certain thresholds)
• Gambling institutions

If you work for or operate an accountable institution, you have specific obligations under FICA that must be fulfilled.

The Purpose Behind FICA

South Africa, as a member of the Financial Action Task Force (FATF), is committed to meeting international standards for anti-money laundering and counter-terrorism financing. FICA is the legislative vehicle through which these commitments are implemented.

The Act aims to:

• Detect and deter money laundering and terrorist financing activities
• Ensure transparency in financial transactions
• Protect the integrity of the South African financial system
• Facilitate cooperation between South Africa and international bodies in combating financial crime
• Hold accountable institutions responsible for identifying and reporting suspicious activities

Customer Due Diligence (CDD)

Customer due diligence is the cornerstone of FICA compliance. It requires accountable institutions to verify the identity of their clients and understand the nature and purpose of the business relationship. CDD must be performed:

• When establishing a business relationship with a new client
• When a single transaction exceeds R25,000 (or the equivalent in foreign currency)
• When there is a suspicion of money laundering or terrorist financing, regardless of the transaction amount
• When there are doubts about the veracity of previously obtained client identification information

Standard CDD Requirements

For natural persons (individuals), the following information must be obtained and verified:

• Full name and surname
• Date of birth
• Identity number (South African ID or passport number for foreign nationals)
• Residential address
• Income tax registration number (where applicable)

For legal persons (companies, trusts, partnerships), additional information is required:

• Registered name and registration number
• Registered address and place of business
• Details of natural persons who own or control the entity (beneficial owners)
• Details of persons authorised to act on behalf of the entity

Verification Requirements

It is not enough to simply collect information. The identity of the client must be verified using reliable, independent source documents. Acceptable verification documents include:

Client Type	Verification Documents
South African citizen	South African ID document or smart card
Foreign national	Valid passport
Company	Registration certificate, memorandum of incorporation
Trust	Trust deed, letter of authority from Master of the High Court
Partnership	Partnership agreement

Enhanced Due Diligence (EDD)

In certain higher-risk situations, enhanced due diligence must be applied. These situations include:

• Politically exposed persons (PEPs): Individuals who hold or have held prominent public functions, either domestically or internationally
• High-risk jurisdictions: Clients from countries identified as having deficient AML/CTF frameworks
• Complex or unusual transactions: Transactions that have no apparent economic or lawful purpose
• Non-face-to-face business relationships: Where the client is not physically present for identification

Enhanced due diligence involves obtaining additional information, conducting more rigorous verification, and applying ongoing enhanced monitoring to the business relationship.

Record-Keeping Obligations

FICA imposes strict record-keeping requirements on accountable institutions. All records related to CDD and transactions must be kept for a minimum of five years from the date the business relationship is terminated or the transaction is completed.

Records that must be maintained include:

• Client identification and verification documents
• Transaction records, including the nature, date, and amount of each transaction
• Correspondence related to the business relationship
• Internal reports and suspicious transaction reports
• Risk assessments conducted on clients

Records must be kept in a manner that allows them to be readily retrieved and made available to the FIC, the FSCA, or other relevant authorities upon request. Failure to maintain adequate records is a serious compliance breach.

Suspicious Transaction Reporting

One of the most critical obligations under FICA is the requirement to report suspicious or unusual transactions. There are several types of reports that accountable institutions must file:

Suspicious Transaction Reports (STRs)

If a person within an accountable institution knows or suspects that a transaction or series of transactions may involve the proceeds of crime or be related to terrorist financing, they must file a suspicious transaction report with the FIC. This obligation applies regardless of whether the transaction has been completed or not.

Key points about STRs:

• There is no monetary threshold for suspicious transaction reporting
• Reports must be filed as soon as possible after the suspicion arises
• The person filing the report must not disclose to the client or any other person that a report has been made (known as the tipping-off prohibition)
• Filing a report in good faith provides legal protection to the reporting person

Cash Threshold Reports (CTRs)

All cash transactions of R24,999.99 or more must be reported to the FIC within two business days of the transaction. This applies regardless of whether the transaction is suspicious or not. The purpose is to create a comprehensive database of large cash movements for intelligence analysis.

Terrorist Property Reports

If an accountable institution knows or suspects that property in its possession or under its control is owned or controlled by a person or entity associated with terrorist activities, it must report this to the FIC immediately.

The Risk-Based Approach

FICA, as amended, requires accountable institutions to adopt a risk-based approach (RBA) to compliance. This means that rather than applying a uniform set of procedures to all clients and transactions, institutions must:

1. Identify and assess the money laundering and terrorist financing risks they face
2. Develop and implement internal controls, policies, and procedures that are proportionate to those risks
3. Apply enhanced measures where risks are higher and potentially simplified measures where risks are lower
4. Monitor and review the effectiveness of their risk management framework on an ongoing basis

Risk Management and Compliance Programme (RMCP)

Every accountable institution must develop, document, and implement a Risk Management and Compliance Programme. This programme must include:

• A risk assessment identifying the ML/TF risks faced by the institution
• Policies and procedures for CDD, record-keeping, and reporting
• Internal rules governing the implementation of compliance processes
• Training programmes for all employees
• Designation of a compliance officer responsible for overseeing the programme
• Independent audit of the programme's effectiveness

Penalties for Non-Compliance

FICA provides for both administrative and criminal penalties for non-compliance:

Administrative Sanctions

The FIC may impose administrative sanctions for contraventions, including:

• Financial penalties of up to R50 million for accountable institutions
• Cautions or reprimands
• Directives requiring specific remedial actions
• Restriction or suspension of business activities

Criminal Penalties

Certain contraventions may result in criminal prosecution, with penalties including:

• Imprisonment of up to 15 years for money laundering offences
• Imprisonment of up to 5 years for failure to report suspicious transactions
• Imprisonment of up to 5 years for tipping off a suspect about a report
• Substantial fines in addition to or instead of imprisonment

Reputational Consequences

Beyond legal penalties, non-compliance carries significant reputational risk. Regulatory action against an institution or individual becomes a matter of public record and can severely damage client trust, business relationships, and career prospects.

Practical Steps for FICA Compliance

Implementing effective FICA compliance does not have to be overwhelming. Here are practical steps that every financial services professional should follow:

1. Know your obligations: Understand which FICA requirements apply to your specific role and institution.
2. Implement robust CDD processes: Establish clear procedures for client identification, verification, and ongoing monitoring.
3. Train your team: Ensure that all staff members understand their obligations and can recognise suspicious activities.
4. Maintain thorough records: Keep all CDD and transaction records organised, accessible, and up to date.
5. Report promptly: File suspicious transaction reports and cash threshold reports within the required timeframes.
6. Review regularly: Conduct periodic reviews of your RMCP to ensure it remains effective and up to date.
7. Seek guidance: Consult the FIC's guidance notes and directives for practical compliance advice.

FICA and the RE5 Exam

FICA is a significant component of the RE5 regulatory examination syllabus. Candidates are tested on their understanding of CDD requirements, reporting obligations, the risk-based approach, and the penalties for non-compliance. A strong understanding of FICA is essential for both passing the exam and practising compliantly.

How Regulatory Exams Can Help

Mastering FICA compliance is essential for your regulatory exam and your career in financial services. The Regulatory Exams app gives you the tools to build comprehensive knowledge of FICA and all related RE5 topics.

Here is how the app supports your preparation:

• Practice Exams: Work through questions that cover CDD requirements, suspicious transaction reporting, the risk-based approach, record-keeping, and penalties. Each practice exam replicates the format and rigour of the actual RE5 exam.
• Custom Quiz Builder: Create focused quizzes on FICA-specific topics. If you need to strengthen your knowledge of enhanced due diligence or cash threshold reporting, build a quiz that targets exactly those areas.
• Analytics Dashboard: Track your performance on FICA-related questions over time. See where your understanding is strong and where it needs reinforcement.
• Weak Areas Analysis: The app automatically identifies FICA topics where you are underperforming. Instead of spending equal time on every section, you can focus your energy where it will have the greatest impact.
• Bookmarking: Save challenging FICA questions for later review. Come back to tricky scenarios about suspicious transaction identification or PEP screening until you have them mastered.
• Leaderboards: Stay motivated by seeing how your FICA knowledge compares to other candidates preparing for the same exam.

Choose the right plan for your study needs:

• Free: Access a selection of practice questions to get started.
• Pro Simulator (R99 / 30 days): A once-off payment, no subscription, that unlocks unlimited practice questions and quizzes, the complete question bank, unlimited practice tests, and advanced analytics with the QC heatmap.
• 1 Year Mastery (R299 once-off): Everything in Pro Simulator plus the complete Interactive Study Course — all 11 chapters of the RE5 syllabus with knowledge checks and a final exam — with a full year of access.

FICA compliance is a professional responsibility that begins with understanding. Start with Regulatory Exams today and build the knowledge you need to stay compliant and pass your exam with confidence.

Sign up free at regulatoryexams.co.za and test your FICA knowledge right now. Practise CDD, suspicious-transaction reporting, and the risk-based approach in exam-style questions, see exactly where you are losing marks, and target those areas before you sit — free to start, no card required.