Looks legit, launders millions: How ordinary clients are becoming extraordinary risks

When it comes to financial crime, the warning signs are almost always there, but not always spotted in time. In South Africa’s current, tightened regulatory environment, failing to detect red flags early can expose accountable institutions to reputational, operational, and legal fallout that far outweighs the cost of vigilance.

And despite investing heavily in client due diligence processes post greylisting, many businesses are still getting blindsided by illicit behaviour that could have been detected earlier – something a lot of recent case studies are highlighting.

The need for better approaches isn’t about the obvious fraudsters. It’s about the client who looked legitimate, until a bombshell reveals their illicit shell companies. The law firm that unknowingly handled property transactions for a politically connected fixer. Or the broker who missed a small inconsistency in ID verification that turned out to be a synthetic identity. 

In the spotlight

A clear example is the high-profile case of Zingai Dhliwayo, an alleged illicit gold trader who spent over R4.2 million on luxury assets – including six vehicles and two properties – in the course of just seven months. Dhliwayo had used a stolen identity since 2018 by placing his own photograph onto the ID of a 39-year-old unemployed man from Mpumalanga, named Bethuel Ngobeni. With the stolen identity he had established a multimillion-rand illegal gold trading syndicate operating in Gauteng’s West Rand from 2018 to 2023.

Despite the scale of his cash purchases, none of the accountable institutions involved in the long line of transactions flagged his conduct. It wasn’t a failure of paperwork; it was a failure to spot the pattern – one that had been slowly getting redder over time. Large cash payments with no economic logic, a mismatch between lifestyle and income, and structured transactions to avoid thresholds all should have raised alarm bells. But they didn’t.

What do red flags look like in everyday business practice?

The Financial Intelligence Centre (FIC) has issued extensive guidance, but certain behavioural and transactional signs are especially telling:

• Structured cash deposits just under the R49?999.99 FICA reporting threshold
• Cash refunds requested after a high-value purchase
• Clients unwilling to provide standard identification documentation
• Payments from or to high-risk jurisdictions known for weak anti-money laundering (AML) controls
• Unusual transactions that make no commercial or economic sense
• Goods purchased far from a client’s residential or business address
• Clients transacting in sectors unrelated to their known activity, such as precious metals, with no history or stated rationale

These are not isolated indicators. They often present as a combination of risk behaviours. For example, a client might insist on cash-only payments, refuse to explain the source of funds, and make high-value purchases in a different province. On their own, each behaviour might appear innocuous. Together, they signal risk. This is where asking the right questions and really knowing your client can make all the difference.

Legal, property, and high-value goods sectors

Criminals gravitate toward legal firms, estate agents, and high-value goods dealers because they offer:

• Professional legitimacy that can mask criminal intent
• Access to large transaction flows
• Relatively weaker scrutiny compared to banks

In 2023, law firm Kunene Ramapala Inc. was issued a R7.8 million fine by the FIC for failing to comply with FICA obligations. The non-compliance included failing to screen clients, submit risk-based compliance programmes, and adhere to Directive 6 reporting timelines. The Appeal Board deemed the firm’s conduct “egregious”, highlighting how non-compliance is just as serious when it’s about negligence as it is when it’s malicious.

What can your business do to better protect itself? Gathering comprehensive customer information at onboarding is incredibly important, but the real risk often lies in failing to reassess clients over time. Risk, after all, isn’t static. 

A client who seemed (or was) low-risk at onboarding might become high-risk after a change in ownership, media exposure, or jurisdiction.

At nCino KYC Africa we’ve seen firsthand that dynamic, real-time risk monitoring – through identity triangulation, biometric liveness detection, and adverse media scanning – gives institutions the ability to reassess clients continuously. This is particularly important for industries prone to so-called "gatekeeper abuse", where professionals are unknowingly used to legitimise criminal transactions.

So how can institutions better protect themselves?

1. Automate onboarding and screening processes to reduce human error
2. Use biometric and digital identity verification to detect fraud
3. Monitor clients on an ongoing basis, not just at sign-up
4. Be on the lookout for adverse media on clients to detect reputational risk before formal sanctions arise
5. Ensure senior sign-off on high-risk clients, with evidence of enhanced due diligence 

The risk of complacency

A common misconception is that small institutions are unlikely targets. In reality, criminals prefer smaller firms that, more likely than not, have less robust compliance systems than their bigger counterparts. 

The cost of non-compliance? In South Africa, penalties range from R10 million for individuals to R50 million for corporate entities, and in serious cases, up to 15 years of imprisonment. Operational disruption – including frozen accounts or suspended licences – can also cripple a business.

In a time of heightened risk and scrutiny, these steps have become survival tools and not merely compliance boosters.