The Financial Intelligence Centre (FIC) released its 2024/25 annual report this week, highlighting improvements in the submission of mandatory Risk and Compliance Returns (RCRs) by accountable institutions. However, 30% of institutions targeted by the FIC’s directives failed to comply by March 2025, exposing persistent gaps in anti-money laundering (AML) compliance under the Financial Intelligence Centre Act (FICA).
By the end of March, the FIC had 55 262 registered accountable institutions, an 8.3% increase from the previous financial year. An accountable institution is an individual or institution that, by virtue of the business it conducts, falls within the ambit of Schedule 1 to FICA.
In March 2023, the FIC issued Directives 6 and 7, mandating specific accountable institutions – primarily designated non-financial businesses and professions (DNFBPs) – to complete and submit RCRs.
These returns require institutions to report their understanding of money laundering, terrorist financing, and proliferation financing risks, as well as their compliance with FICA obligations. The deadlines were 31 May 2023 for Directive 6 and 31 July 2023 for Directive 7, although late submissions were accepted thereafter.
Despite multiple FIC communications urging compliance and fines imposed on non-compliant entities, submission remains incomplete. By March 2025, 24 356 registered DNFBPs had submitted their RCRs, an increase of 3 839 from the previous year. However, 28% of institutions under Directive 6 and 36% under Directive 7 had not submitted their RCRs.
Directive 6 covers four types of accountable institutions. Casinos and company service providers achieved full compliance, while legal practitioners lagged, with 31% of the 16 480 registered practitioners failing to submit their RCRs.
Directive 7 applies to five institutions, including the South African Postbank and South African Mint Company, both of which submitted their RCRs.
Crypto asset service providers (CASPs) achieved 55% compliance, with 156 of 287 registered CASPs submitting their returns. High-value goods dealers (HVGDs) averaged 63% compliance, ranging from 54% for motor vehicle dealers to 83% for dealers in precious stones.
The FIC employed risk profiling to tailor its supervisory actions, including:
- Inspections for high-risk institutions.
- Compliance reviews for medium- and lower-risk institutions.
- Outreach and awareness sessions to address specific compliance gaps.
- Ongoing monitoring of low-risk institutions to track changes in risk profiles.
This risk-based approach, informed by RCR data, also supported South Africa’s efforts to address deficiencies identified by the Financial Action Task Force (FATF), contributing to the country’s efforts to be removed from the FATF grey list.
Admission of non-compliance process
In 2023/24, the FIC introduced an admission-of-non-compliance process to streamline enforcement for DNFBPs failing to submit RCRs.
Upon the imposition of a sanction, an RCR submission must be remediated within seven working days, while the fine must be paid within a further seven days. The FIC introduced a fine of R10 000 specifically for the non-submission of RCRs, which was intended to speed up the enforcement process and the submission of the Returns.
The FIC issued 351 admission-of-non-compliance notices in 2024/25, of which 118 were finalised following remediation (admission of non-compliance and payment of the fine). The remaining 233 sanctioned entities had not fully remediated – that is, they had failed to submit an RCR, register with the FIC, or pay the fine by the end of the financial year. These institutions will be subject to the ordinary sanctioning process, where the FIC’s Adjudication Panel will consider each matter on its merits.
Compliance reviews
The FIC conducted 157 compliance reviews and issued reports to assist reviewed institutions with improving their understanding and execution of their compliance obligations under the FICA.
The purpose of a compliance review is not primarily to test compliance, but to increase awareness and improve compliance through open, constructive engagement. Compliance reviews are not conducted under section 45B of FICA, which governs inspectors, and the FIC officials that conduct compliance reviews are not formally appointed as inspectors.
Whereas accountable institutions with higher risk ratings are often earmarked for inspections, those at medium and lower risk are more likely to be subject to a compliance review.
“When selecting an institution or a group of institutions to be reviewed, the FIC takes into consideration the potential impact such a review will have on improving compliance and reporting. The selection criteria for compliance reviews include factors such as the money laundering and terrorist financing risks in the sector, reporting inefficiencies or queries received through the public query process by the specific institution or in general by institutions within the sector,” the FIC says.
Risk-based inspections
The primary focus of inspections during the financial year was on high- and medium-high risk-rated DNFBPs, including legal practitioners, company and/or trust service providers, estate agents, HVGDs (specifically, dealers in precious metals and dealers in precious stones), and casinos.
The FIC applied the risk and compliance analysis assessment tool that was implemented in the previous financial year to identify high-risk DNFBPs using the data from the RCRs they submitted.
The details acquired from analysing RCR information was also used to report on the progress South Africa made in addressing the shortcomings identified by the FATF. The FIC says this approach towards risk-based supervision will continue after the removal of South Africa from the grey list.
Results from the risk and compliance analysis assessment tool guided the selection of the institutions for inspection. More than 50% (288) of the 556 risk-based inspections emanated from these results, where higher-risk-rated institutions were prioritised.
A further 215 inspections (38.6%) were conducted on institutions that failed to submit their RCRs and were therefore deemed high-risk. The others were inspections of entities at low risk, follow-up inspections, and based on internal referrals.
Of the 556 completed inspections, 66 were full-scope inspections (inspection of all FICA compliance obligations), and 150 were limited-scope inspections. Limited scope refers to the inspection of specific or identified areas, such as registration with the FIC, customer due diligence, and targeted financial sanctions.
As part of the 556 inspections, 340 thematic inspections were conducted, mainly to determine whether compliance requirements for submission of RCRs and Risk Management and Compliance Programmes (RMCPs) were met.
The FIC says the results of these inspections primarily highlighted failures with respect to the following:
- Undertaking and conducting a business risk assessment.
- Developing or implementing an RMCP.
- Timeous registration with the FIC or updating registration information.
- Adopting a risk-based approach to customer due diligence.
- Providing confirmation that clients were screened against the targeted financial sanctions list.
- Filing a suspicious and unusual transaction report.
In addition, feedback from the inspections indicated that institutions still grappled with the determination of beneficial ownership and politically exposed persons. To improve understanding on beneficial ownership among accountable institutions, the FIC issued PCC 59.
Remediation in respect of inspections
Following the 556 risk-based inspections, 330 institutions were issued with reports requiring them to implement remedial actions because they were non-compliant.
The aim of remedial action is to ensure that non-compliant accountable institutions change their behaviour to become fully or largely compliant.
Of the 330 inspection reports issued to institutions, requiring them to implement remedial actions, 214 institutions corrected or undertook to implement the remedial actions or instructions. Those that did not remediate the non-compliance were consequently subjected to enforcement or monitoring. Some of the latter institutions were still remediating the identified shortcomings at the close of the financial year.
Administrative sanctions
The FIC issued 25 administrative sanctions on DNFBPs during the 2024/25 financial year, two of which lodged appeals, which are yet to be heard by the FICA Appeal Board.
In addition, one institution, of which five of its registered branches were sanctioned separately, appealed their sanction, which was upheld by the FIC Act Appeal Board.
Sanctions imposed by the FIC were valued at R782 000 during the financial year. A further R266 000 in penalties were paid following an appeal that was lodged in the previous financial year and dismissed in 2024/25. A further R1 180 000 was paid in respect of 118 sanctions of R10 000 each that was imposed as part of the FIC’s admission-of-non-compliance process. This brought the total amount paid in 2024/25 in respect of the sanctions imposed by the FIC to R2 228 000.
The South African Reserve Bank’s Prudential Authority and its Financial Surveillance Department imposed sanctions of R143 650 000 and R1 221 452, respectively.
The Financial Sector Conduct Authority imposed sanctions of R4.5 million and a further R2.9m stemming from an appeal lodged in the previous financial year, which was dismissed in this financial year.
