AML Compliance Guidelines: South Africa

South Africa, located on the southern tip of the African continent, is regarded as an upper-middle-income country. Its well-developed infrastructure acts as a gateway for many companies to expand their operations to emerging markets in the Sub-Saharan African region.

A large financial sector, an extensive mining industry, and a growing services sector make it an important choice for trade and investment in the region. Despite decades of vibrant growth, the country still faces chronic challenges like high-income disparity and high unemployment.

South Africa was placed on the Financial Action Task Force (FATF) greylist due to lax in its anti-money laundering and countering terrorist financing (AML/CTF) measures. While the country has introduced significant changes to its AML/CTF landscape, enhanced capacity of risk-based supervision, and increased cooperation between the government, agencies, private sector, and international organizations, it’s still battling its way out of the greylist.

This guide aims to give an overview of South Africa’s sanctions and anti-money laundering compliance obligations for the financial and designated non-financial sectors.

What is money laundering in South Africa?

Money laundering is a criminal offense in South Africa. Money Laundering in South Africa is defined as an activity that is intended to conceal or disguise the nature, source, or location of the proceeds generated from illegal activities. It also includes acts of conducting two or more transactions with the intention to avoid the duty of reporting under the Anti-Money Laundering Act.

Key AML Authorities in South Africa

Financial Intelligence Centre (FIC)

The Financial Intelligence Centre (FIC), established under the Financial Intelligence Centre Act (FIC Act) of 2001, is the primary agency responsible for fighting financial crimes, terrorism financing, and proliferation financing risks through the financial system. The Centre is assigned with a dual role to act as the financial intelligence unit of South Africa as well as the supervisory authority for certain accountable institutions. It’s the primary authority to collect financial intelligence from the reporting entities and analyze and disseminate verified reports to law enforcement and supervisory agencies. FIC administers the implementation of the targeted financial sanctions (TFS). It also issues guidance, directives, and interpretations to assist accountable institutions to comply with AML requirements. FIC is also authorized to impose sanctions where non-compliance is identified.

Prudential Authority (PA):

Operating under the South African Reserve Bank (SARB), the PA supervises the banking and insurance sector, as well as money transfer services, to monitor AML compliance in South Africa. It conducts inspections and enforces compliance among banks, insurers, and other financial entities.

Financial Sector Conduct Authority (FSCA)

The FSCA oversees entities operating in capital markets such as investment advisors and managers, and authorized exchange users ensuring that financial institutions implement effective AML/CFT controls and uphold the integrity of the financial system.

Financial Surveillance Department (FSD)

Operating under the SARB, the Financial Surveillance Department oversees foreign exchange dealers and entities dealing in bearer negotiable instruments.

Key AML/CTF Laws

Financial Intelligence Centre Act (FICA) of 2001

The FICA is the primary legislation that prohibits money laundering in South Africa with a focus on identifying proceeds of crime and preventing money laundering, terrorism financing, and proliferation financing in the financial system. To achieve these objectives FIC Act established the Financial Intelligence Centre and imposes certain duties on companies and individuals that are vulnerable to ML/TF risks. These duties include risk-sensitive customer due diligence and reporting suspicious transactions. Since its entry into force, the FICA regulations in South Africa have undergone significant amendments in the face of growing and changing ML/TF risks.

Prevention of Organized Crime Act (POCA) of 1998

POCA criminalizes money laundering and certain activities associated with gangs to fight organized crime networks. It obligates certain individuals to report suspicion of money laundering and provides mechanisms for asset forfeiture, serving as a critical tool in dismantling organized crime networks.

Protection of Constitutional Democracy Against Terrorist and Related Activities Act (POCDATARA) of 2004:

The POCDATARA Act criminalizes terrorist activities and their financing, complementing the AML framework by targeting Terrorist Financing.

South African Police Service Act of 1995 (SAPS Act)

The SAPS Act regulates and controls the South African Police Service. The main objectives of the SAPS Act include preventing, investigating, and combating crimes including money laundering.

National Strategic Intelligence Act (NSIA) of 1994

NSIA provides for functions of National Intelligence Structures and the establishment of the National Intelligence Coordinating Committee. While NSIA doesn’t address AML measures directly, it supports AML efforts by facilitating intelligence sharing between different govt agencies which is crucial to disrupt money laundering and related crime networks.

Entities Subject to AML/CTF Compliance

The FICA or Money Laundering Act of South Africa designates certain businesses and professionals as “accountable institutions,” which include:

• Banking sector (banks, mutual banks, cooperative banks)
• Life insurance companies
• Clearing system participants
• Foreign Exchange Dealers
• Securities brokers
• High value goods dealers
• Financial service providers
• Investment advisors and managers
• Casinos and Gaming Operators
• Money or value transfer service providers
• Real estate agents
• Dealers in precious metals and stones
• Trust and company service providers
• Crypto asset service providers
• Legal Practitioners (Notaries, Conveyancers & Advocates)

Core Structure of AML Compliance

Risk Management and Compliance Programme (RMCP)

Accountable institutions must develop, document, and implement a Risk Management and Compliance Programme (RMCP) approved by senior management, to identify, assess, monitor, mitigate, and manage ML/TF risks.

The RMCP should include processes for due diligence, record-keeping, reporting obligations, PEP screening, sanctions screening, and internal controls.

Appointment of a Compliance Officer

Institutions must appoint a compliance officer responsible for ensuring compliance with regulatory requirements and internal policies.

Employee Training

Establish regular training programs to ensure employees are well aware of AML/CFT policies, procedures, and emerging typologies.

Registration and Compliance

All accountable institutions must register with the Financial Intelligence Centre (FIC).

Key AML/CFT Obligations

Risk Assessment

Accountable institutions must identify and assess ML/TF risks that may arise when carrying out their business activities. Institutions must conduct a business-level risk assessment as well as a client-level risk assessment. When conducting risk assessment, institutions should consider risks associated with the products or services offered, delivery channels, geographic locations, and clients. FIC Guidance Note 7 recommends that reporting institutions consider adverse media coverage as part of assessing ML/TF risk related to clients. The risk-based approach allows optimal use of resources by directing them to areas where they’re needed the most.

Customer Due Diligence (CDD)

Customer due diligence measures must be performed in the following situations:

• When establishing a business relationship with a customer
• When conducting occasional transactions above a set threshold
• When ML/TF risks appear to be high
• If there are doubts about the accuracy of previously collected customer information

Key CDD Measures

Institutions must perform the following Customer Due Diligence measures where applicable:

• Identify customers and verify their identity using reliable, independent sources (e.g., national ID, passport)
• Identify and verify any third party acting on behalf of a customer (e.g. attorney, agent)
• Identify and verify beneficial owners (for e.g. in the case of companies and trusts)
• Obtain information on the ownership and control structure of legal persons, partnerships, and trusts
• Obtain information on the nature and intended purpose of a business relationship
• Obtain information on the source of the client’s funds intended to be used during the course of a business relationship

Ongoing Monitoring
Monitoring transactions throughout the business relationship to:

• To ensure they match with institution’s knowledge of the customer
• To identify unusual patterns in transactions
• To identify large or complex transactions that lack apparent economic or lawful purpose

Ensure information obtained to establish identity, purpose of business relationship, or ownership or control structure of legal entities is kept up to date.

Enhanced due diligence (EDD)

For high-risk customers, including domestic PEPs (if assessed as high risk) and all foreign PEPs, the following additional due diligence steps are required:

• Obtaining senior management approval before onboarding or continuing the business relationship.
• Obtaining information on the source of funds and wealth of the customer.
• Increasing the frequency and intensity of the ongoing monitoring.

Who is a PEP in South Africa?

A Politically Exposed Person is an individual who currently holds or has held in the past a prominent public function. The FIC Act distinguishes between domestic and foreign PEPs as defined below:

Domestic PEP: A domestic PEP is a person who holds or has held a prominent public function in South Africa in the preceding 12 months. A detailed list of such domestic positions is provided in Schedule 3A of the FIC Act. Schedule 3A also includes executives or heads of international organizations.

Foreign PEP: Similarly, a foreign PEP is someone who holds or has held a prominent public function in any foreign country in the past 12 months. A detailed list of such prominent public functions is provided in Schedule 3B of the FIC Act.

Immediate family members and close associates are also classified as PEPs for the same duration as the domestic or foreign PEPs with whom they are associated.

Record-Keeping

All records related to due diligence activities and transactions must be maintained for a minimum of five years after the termination of a business relationship, the filing of a suspicious activity report, or the execution of an occasional transaction.

Reporting Obligations

Accountable institutions are required to promptly file reports about certain transactions, activities or property to the FIC without alerting the client that a report is being filed. These reports are filed in the following categories:

Cash threshold reports (CTRs): On transactions that involve cash payments that equals or exceed R50,000.

Terrorist property reports (TPRs): Where there are reasonable grounds to suspect that a property is associated with terrorist financing or UN sanctions lists.

Suspicious and unusual transaction reports (STRs): On transactions that are unusual or arouse suspicion in terms of money laundering or terrorist financing activities.

International funds transfer reports (IFTRs): On cross-border transactions that exceed or equal to R20,000 must be reported.

Sanctions Screening:

As a member of the United Nations, South Africa adheres to the sanctions imposed by the United Nations Security Council (UNSC) resolutions. Accountable institutions must have systems in place to screen clients and transactions against applicable sanctions lists to implement measures like asset freezes and prevent dealings with designated individuals or entities.

Sanctions screening should be done for new clients when onboarding and for all existing clients when the UNSC adopts new designations. Sanctions screening must be done before processing both domestic and international transactions.

FIC’s public compliance communication (PPC) 44A recommends considering the implementation of the other regional and unilateral sanctions (e.g. OFAC ofthe  US Department of the Treasury, OFSI of the UK HM Treasury, and EU Sanctions lists) in accordance with risk-based approach and obligations arising from correspondent relationships or due to geographic locations in which it operates.

Penalties for Non-Compliance with Anti-Money Laundering Regulations in South Africa

Failure to comply with AML/CFT obligations can result in both administrative and criminal penalties:

• Administrative Sanctions: The FIC or supervisory authorities may impose fines, issue directives for remedial action, or revoke licenses of non-compliant institutions. A fine issued under administrative penalty may reach as high as R10 million in respect of natural persons and R50 million in respect of any legal person.
• Criminal Penalties: A person convicted of a criminal offense under the FICA Act of South Africa may face financial penalties as high as R100 million or imprisonment for up to 15 years in jail.

AML Compliance Guidelines for Crypto Asset Service Providers in South Africa

Travel Rule: Starting 30 April 2025, crypto assets service providers (CASP) must comply with the “Travel Rule” related to crypto asset transfer as per FATF recommendations. FIC Directive 9 on “Travel Rule” provides certain obligations on ordering, recipient, and intermediary CASP. In general, the crypto travel rule requires ordering VASPs to obtain and pass on certain information about the payer and the beneficiary to the recipient CASP, by ensuring this information remains with the crypto transfer at all times.

Adverse Media Screening for CASP: Crypto assets due to their inherent vulnerabilities have an increased risk of being exploited by criminals and other bad actors. Moreover, crypto assets are used as an alternative to fiat currency to commit other crimes such as fraud, romance schemes, identity theft, and Ponzi schemes.

FIC PCC 57 recommends that crypto assets service providers in South Africa should utilize adverse media screening to be aware of industry-related incidents as such incidents depending on their scale impact their clients. It also recommends identifying blockchain addresses that may have adverse media coverage or may be linked to criminal elements.

Recent Money Laundering Incidents

South African Banks Money Laundering Incidents

Recent years have witnessed a rise in money laundering cases involving the South African banking system. A case emerged in 2023 that involved a gold smuggling gang laundering millions by bribing various officials from different banks. In another incident in 2024, a former head of VBS Mutual Bank was jailed for 15 years for masterminding a $130m banking scandal. These cases highlight the significant vulnerabilities within the banking sector.

Phala Phala or “Farmgate” Scandal

The Phala Phala farm game scandal also known as “farmgate” revolves around South African president Cyril Ramaphosa and a theft incident involving a large sum of foreign currency hidden at his Phala Phala farm in 2020. The incident raised questions about the legitimacy and purpose of the cash.

The National Prosecuting Authority (NPA) launched investigations into the incident on a formal complaint by a former state security agency head Arthur Fraser.

The president was accused of money laundering, tax evasion, and foreign currency laws which were in US dollars. The president later admitted the theft incident but denied the criminal allegations.

After a long investigation into the Farmgate scandal which stirred political turmoil in South Africa, the NPA concluded its investigations in late 2024 stating that insufficient evidence was found to prosecute the president on corruption or money laundering charges.