FIC compliance helps advisers combat financial crime
Accountable institutions that still complain about the workload associated with beneficial ownership (BO) or know your customer (KYC) compliance are clearly not keeping an eye on the local news. Hardly a day goes by without a fresh horror story about crime, corruption, fraud, money laundering or murder as a small subsection of the country’s citizenry seek to enrich themselves by any means.
Financial crime mayhem
The standout financial crime stories from 2025 include the R2 billion or so pilfered through tainted procurement from the Tembisa Hospital and the myriad revelations from the ongoing Judicial Commission of Inquiry into Alleged Criminality, Political Interference and Corruption in the Criminal Justice System, aka the Madlanga Commission. “Money laundering is very real in South Africa,” said Tertia Barrett, Area Vice-President for nCino KYC Africa during the firm’s recent FICA 2025 Unpacked webinar.
Barrett commended the Financial Intelligence Centre (FIC) and representatives from the accountable institutions in attendance for their contribution to having South Africa removed from the Financial Action Task Force (FATF) grey list just weeks earlier. “Accountable institutions are at the front line of fighting financial crime, what you do makes a difference,” she said, before introducing Thilomi Govender, Financial Crime Compliance Manager at nCino KYC Africa, to deliver the bulk of the presentation.
Govender commented on South Africa’s exit from the grey list as a return to business as usual, saying that all financial services stakeholders would have to continue to deliver on their FIC Act obligations to ensure the next FATF Mutual Evaluation scheduled for 2026-2027 goes off without a hitch. This evaluation will no doubt reflect on how South Africa’s enforcement agencies follow up on the revelations in the Madlanga Commission and others that predate it.
President Ramaphosa established the Madlanga Commission to investigate and report on the veracity, scope and extent of allegations against SA’s criminal justice system made by KwaZulu-Natal Police Commissioner, Lieutenant General Nhlanhla Mkhwanazi, in July 2025.
Monitoring politically exposed clients
“This development illustrates why knowing who is politically exposed within your client base really matters,” Govender said. Also in July, former Deputy President David Mabuza passed away in a Mpumalanga hospital, leaving a contested estate and raising awareness around naming beneficiaries.
Govender also commented briefly on a shocking human trafficking case that was prosecuted through South Africa’s courts earlier this year. Seven Chinese nationals were convicted of 158 charges linked to a sweatshop that they were running out of the Johannesburg CBD. Charges included human trafficking, debt bondage and contraventions of labour and immigration laws. “A raid of the Village Deep premises of their company, called Beautiful City, uncovered 91 undocumented Malawian nationals, among them 37 children, living and working in shocking conditions,” Govender said.
The presenter singled out the Tembisa Hospital fraud as a case that has really angered South Africans. “The Special Investigations Unit (SIU) has uncovered R2 billion rand of stolen money from the hospital, [siphoned off] through three key syndicates, and enabled by junior officials at the institution and in the Gauteng Health Department,” Govender said. The investigation has unearthed a web of deceit, fraud and money laundering including the use of false supply chain management documentation and fronting.
Customer due diligence matters
The numbers are staggering. Govender reflected on SIU findings that Hangwani Maumela had used a network of 41 companies to extract R820 million rand from the hospital in just two years. To make matters worse, he was actively pursuing a R1 billion food supply tender in the North West province around the time the Asset Forfeiture Unit (AFU) were swooping on his Sandton residence. The lesson for compliance professionals is clear: customer due diligence and transaction monitoring matter.
“Every step in the customer due diligence process matters,” Govender said, before sharing a list of questions that should be asked. Where is the money coming from? Where is the money going? Have you monitored the money flows? Have you established who your ultimate beneficial owner (UBO) is? When a juristic person is transacting with you, have you established who your UBOs are as well as your related parties? Have you risk-rated them? Have you screened your UBOs and your related parties for political and sanctions exposure? Have you applied an enhanced due diligence for high-risk or politically connected clients? Etc.
The FIC is playing its part by reforming its asset recovery hub, fusion centre and setting up the South African Anti-Money Laundering Integrated Task Force. Govender noted that the fusion centre had coordinated multi-disciplinary teams investigating 562 cases in the latest reporting year, including three dealing with serious and complex money laundering arrangements. She added that the asset recovery hub had worked with the AFU, National Prosecuting Authority (NPA) and other law enforcement partners to initiate 11 investigations and recover more than R33 million from the proceeds of crime.
Reporting is making a difference
Data is flowing thick and fast. In the latest year, the 55262 institutions registered on the FIC’s database submitted more than 13.5 million Regulatory Reports. Although a small number by comparison, the FIC conducted 556 inspections of medium and high-risk institutions. “The FIC have been busy, and you can see that actual recoveries are taking place,” the presenter said. The good news for compliance professionals is that “the FIC has documented within their annual report the difference that your reporting is making.”
The most valuable advice from the presentation follows on from a study of the recent fines and penalties levied by the FIC and other regulatory authorities against accountable institutions. Govender singled out failings in developing and implementing a Risk Management and Compliance Plan (RMCP) as a common focus of compliance enforcement. Not having an RMCP that is fully aligned with the legal requirements constitutes non-compliance with the FIC Act. “Accountable institutions that failed to comply with the 12 March 2025 RMCP submission deadline could be in the FIC’s crosshairs too,” Govender said.
Ninety One Fund Managers learned this the hard way, receiving a R5 million fine plus a directive to remediate contraventions and a caution against future breaches for failing to comply with certain provisions of FICA. “The FIC findings included that while Ninety One had developed an RMCP, they had failed to implement it effectively, particularly in respect of the risk rating of its clients,” Govender said. “The RMCP was technically deficient and did not BREAK adequately address customer due diligence and determining whether a transaction was reportable as related to terrorist financing.”
FIC, FSCA and SARB enforcement
Standard Bank ran afoul of FIC Act compliance and was fined R13 million by the South African Reserve Bank (SARB) for its failure to conduct ongoing due diligence and various reporting errors relating to cash and suspicious transactions. Sanlam Collective Investments received a R10.6 million administrative penalty from the Financial Sector Conduct Authority (FSCA). “While Sanlam had developed an RMCP, it was not effectively implemented, particularly regarding the risk rating of its clients,” Govender explained. The list went on and on.
For financial and risk advisers, the main implications from this FICA update are the tighter governance expectations in FIC Guidance Note 7A, the recent Communication 59 ultimate beneficial ownership threshold of 5% requiring far deeper client due diligence, and the added scrutiny around crypto-related transactions under FIC Directive 9. Advisers should also be aware that the FIC can freeze suspicious transactions for up to 10 working days under Section 34 of FICA, which may affect client interactions and turnaround times.
“During 2025, we have witnessed significant developments across the regulatory landscape, economic policy shifts and evolving compliance requirements that have reshaped how businesses operate,” concluded Govender. “Proactive compliance, robust risk management and strategic adaptation will continue to be critical success factors for organizations navigating South Africa’s dynamic compliance landscape in 2026.
Writer’s thoughts:
South Africa’s crime and corruption landscape demonstrates why client due diligence matters more than ever for financial services firms. Are you confident your practice is fully aligned with the latest FIC compliance expectations? Please comment below, interact with us on X at @fanews_online or email us your thoughts [email protected].
