Tag: FICA

Financial Intelligence Centre Act
Combating illicit financial flows

Getting started with FICA

New to FICA Compliance? It can be intimidating to get started, but that is why we are here! We can help. Don’t delay, call today!

At the most basic level, FICA Compliance requires

  • Registration with FICA
  • Developing an RMCP

The Financial Intelligence Centre issues extensive supporting documentation. These documents are also updated frequently. The documents listed on this page can be downloaded directly from the fic.gov.za website and links to the current version of each document as of 13 October 2025.

Registration with FICA

Registration with FIC PUBLIC COMPLIANCE COMMUNICATION 5D

ON REGISTRATION WITH THE FINANCIAL INTELLIGENCE CENTRE IN TERMS OF SECTION 43B OF THE FINANCIAL INTELLIGENCE CENTRE ACT, 2001 (ACT 38 OF 2001)
Issued October 2023 and covers 64 pages. This document contains critical information on the who, what why of registering with FIC. This document provides the background to which organizations need to register, and contains valuable advice on the process to follow.

Developing an RMCP

Guidance on RMCPsPUBLIC COMPLIANCE COMMUNICATION No 53

ON THE RISK MANAGEMENT AND COMPLIANCE PROGRAMME IN TERMS OF SECTION 42 OF THE FINANCIAL INTELLIGENCE CENTRE ACT, 2001 (ACT 38 OF 2001) FOR DESIGNATED NON-FINANCIAL BUSINESSES AND PROFESSIONS
Issued August 2022 and covers 44 pages. This document outlines the expectations of FIC concerning the RMCP and technical content required to be considered compliant. This document forms the core of FICA compliance and an incomplete, or inappropriate RMCP will automatically result in a non-compliant finding.

Revised Guidance Note 7A


Revised-Guidance-Note-7A-–-Implementation-of-various-aspects-of-the-FIC-ActRevised-Guidance-Note-7A –Implementation of various aspects of the FIC Act

ON THE IMPLEMENTATIONOF VARIOUS ASPECTS OF THE FINANCIAL INTELLIGENCE CENTRE ACT,2001 (ACT 38 OF 2001)

Hot NewsIssued September 2025 and covers 76 pages. This revised document replaces Guidance Note 7A issued in February 2025. This document is essential reading for understanding concepts fundamental to the FICA process. Among other essential topics, it covers Know-Your-Client concepts, Ultimate Beneficial Ownership and developing a Risk Based Approach.

These links are presented as a first step approach to FICA compliance, and does not intend to cover all topics for all Accountable Institutions. These three documents cover almost 2oo pages and only provide guidance on what is required. It should be noted that subsequent to registration, FIC allows a grace period of 90 days for new Accountable Institutions to complete their FIC registration and submission of Risk Compliance Returns (a report) and RMCP. This long grace period is intentional. FIC appreciates the time and care required to meet the expected requirements.

If you require assistance in meeting your compliance obligations, please contact us for more information.

RMCP update April 2025

FIC Media Release 9/5/1/3 has reference.

On 13 February 2025 the High Court of South Africa, Gauteng Local Division, Johannesburg issued its first court order in terms of section 23 of POCDATARA. This court order has far reaching implications for FICA related compliance.

POCDATARA – Protection of Constitutional Democracy Against Terrorist and Related Activities Act, 2004 (Act 33 of 2004)
Section 23 allows for the freezing of property in terrorist related matters, upon application to court.

FICA – Financial Intelligence Centre Act, 2001 (Act 38 of 2001)

It should be noted that the practical effect of a court order in terms of Section 23 of POCDATARA has an effect similar to that of Section 26 of FICA, meaning that all transactions involving such an entity must stop immediately and be reported to FIC.

This has serious implication for all Accountable Institutions. At the least the current client base should be scrutinized to determine whether any of the names listed in the judgment appear.

Subsequently, and more importantly, the RMCP must be updated to provide for internal process and procedure to deal with POCDARATA related matters. Several aspects come to mind: sourcing POCDATARA related judgments, maintaining a searchable database of names, the frequency of searches conducted against these names, and finally the internal process for escalation and reporting when a client name is found in a POCDATARA related judgment.

The court order makes it clear that the effect of appearing on in POCDATARA judgment has the same practical effect as if the persons name is found in TFS screening result. The means that, just like with a positive TFS result, all business activities must stop, and a report made to FIC, typically within 24 hours.

FIC.Gov.ZA crashed

On Tuesday 11 March at approximately 16:50 the fic.gov.za site which acts as the portal the goAML page became unavailable.

No reasons have been given for same.

On Wednesday 12 March at approximately 12:18 the site became unresponsive.

Users are urged to return to the site and verify that their uploads are in fact secure.

In addition, the https://www.fic.gov.za/compliance-queries/ query page remains available. Unofficially and as a fallback mechanism, users are encouraged to submit their documents with screenshots of previous attempts through this mechanism.

A very brief overview of FICA Compliance

FICA Compliance requires infrastructure

  1. Registration with FIC/ goAML
  2. Appointment of Compliance Officer
  3. RMCP subject to periodic review
  4. RCR (deadline still May 2023)

Then, operationally

  • Targeted Financial Sanctions list screening (TFS)
  • Risk Assessment
  • KYC this includes client due diligence
  • Ongoing Business Relationships
  • Employee screening (Directive 8)

With resultant record keeping and reports

RMCP Development Consultancy

Here at Be Compliant, we have built the capacity to assist you with developing and maintaining your Risk and Compliance Management Program (RMCP).

Over that past year alone, we have trained or addressed several hundred individuals on FICA Compliance.

We have also assisted in the development and rollout of RMCP’s to numerous satisfied clients. It is no small achievement to state that all the RMCP developments that we have been involved with, have passed inspection.

Should you require assistance in developing your RMCP, please do not hesitate to complete the contact form above.

RMCP Upload Deadline 12 March 2025

URGENT FICA RMCP NOTICE
On 4 March 2025 the FIC instructed all accountable institutions to upload their current RMCP.
Deadline is 12 March 2025.

Please inspect your FIC portal for this notice

___________________________________________

This upload request is new. Historically the FIC requested RMCP’s on a one-by-one basis as a first step during inspection. This is the first time that a mass upload of documents is requested. It coincides with the start of the Financial Year for mist businesses.

Please note that the RMCP should be updated at least annually and that the date of approval required in the filename must not be older than 2024-03-01, in which case you will be uploading an outdated RMCP.

We believe that this is the start of a mass inspection cycle.

2025-02-13 FIC Guidance Note 7A

2025.2-GN-implementation-of-fic-actDownload

This is an extensive Guidance Note, covering some 75 pages.

The document discusses understanding Risk and the recommended steps to follow in order to achieve a risk based compliance state.

Although much of the document is general risk management theory, the document is intended specifically for accountable institutions in South Africa and deals with Money Laundering and Terrorist Financing. Interestingly geographic location features as a contributing risk factor.

The good news is that our documentation currently meet the requirements of this Guidance Note.

Workshops will follow, dealing with the practical implications of this Guidance Note, and FIC enforcement posture.

Watch this space.

RMCP Rollout

RMCP_rollout

Another successful RMCP rollout

The cornerstone of FICA Compliance is the Risk Management and Compliance Program (RMCP). This is the definitive quality control document that contains all the essential policy and procedures concerning the organization’s FICA compliance.

The document in the photo covers some 66 pages of policy, including the Risk Matrix and annexures. KYC is described covering basic, standard and enhanced client due diligence. The Annexures contain specific procedures and templates.

  • This document contains
    • Definitions
    • Governance
    • Risk Based approach (Categories/Factors and procedures)
    • Due Diligence
    • Activity Monitoring
    • Reports
    • Records
    • Directives
    • Annexures

FICA compliance is extensive and onerous.

This is our effort to lighten the burden.

Our business is to facilitate your compliance requirements. If you require support in your compliance journey, do not hesitate to contact us today.

-BC

Basic KYC Repeat

At the most basic level, the client due diligence part of FICA compliance requires at least three steps:

  • Photo ID
  • Proof of Residential Address
  • TFS screening

Of the three, Targeted Financial Sanctions (TFS) screening is the most onerous, creating a duty to screen continuously, not only when on boarding a client, but every day while the mandate remains active. TFS screening must be done daily.

Proof of Residential Address requires the client to submit proof of address that, at the time of verification, is  not older than 90 days.  Certain types of documents readily fall into this category: municipal utility bills, tenant statements, or in some cases, written confirmation of occupation, often by a spouse or family member.

Only the photo ID should not lapse.

Once onboarding is complete, the KYC record remains valid for a year.

This is an important distinction to make. At the time of document verification, the submitted documents may not be older than 90 days. However, once accepted, the KYC profile remains valid for one year.

This has the further implication that at some future date, every single KYC profile will lapse and the document verification process must be renewed.

Even a small firm with as few as 600 active matters, with any mandate exceeding 12, months will face a challenge to repeat the document collection and verification process.

Practical steps will require contacting the client for current documents, receipt and consideration of same and update the local KYC document repository. The time and labour demands of such an activity must not be underestimated.

In the event where more stringent KYC requirements apply, such as a formal Risk Assessment, this will also have to be repeated.

 What steps can be taken to ameliorate this problem?

Certain themes repeat when dealing with structural problems such as this. These include systems, training and time management.

Regardless of whether a manual or computer system is in use, KYC profiles should be scheduled on a calendar for the anticipated renewal date. With online systems, early warning notifications may be expected. Once the return date arrives, the relevant documents must be requested immediately. Where template documents or electronic system are in use, these should be updated regularly.

Training keeps staff aware of the obligations under which they work. Training should include ethics and confidentiality, office procedure and escalation as well as practical use of any systems deployed.

Once the renewal cycle commences, it is important to complete the various relevant activities as rapidly as possible, in order to prevent disruption of other activities as far as possible and avoid potential bottlenecks.

Depending on the level of KYC required, the steps to be completed may include

  • recent proof of Residential Address
  • Risk Matrix assessment
  • Request of supporting documents

Note that TFS is not an annual activity.

-BC

FICA Compliance is everywhere

The Platteland1 is known for it’s that won’t happen here attitude. When it comes to FICA compliance and reporting obligations, this is not true. Even the most idyllic small town may the centre of money laundering, terror financing or other illicit forms of financial proliferation.

As reported by IOL a man appeared in the Lichtenburg Magistrates Court on charges of funding a terrorist organization.

It is worth noting that Lichtenburg is located 140km from Johannesburg, with a population of some 26000 souls. It is the heart of an agricultural community, which mainly produces maize.

The highlights include

  • A small town
  • A South African Citizen
  • R11500
  • Bitcoin
  • A listed terrorist organization

This clearly illustrates that FICA risks exist everywhere, not merely in the big cities.

  1. remote country districts ↩︎