South Africa’s removal from the Financial Action Task Force (FATF) grey list in October 2025 is likely to shift attention from regulatory reform to how effectively controls are implemented in practice, according to the Chartered Institute of Procurement & Supply (CIPS).
The organisation says businesses – particularly in procurement and compliance – are entering a more demanding phase. If 2025 was about reform, 2026 will be about proof, it says.
CIPS is a global professional body dedicated to advancing procurement and supply management.
South Africa’s exit followed the completion of 22 FATF action items, alongside a broader set of recommended measures aimed at strengthening anti-money laundering and counter-terrorist financing controls. The International Monetary Fund has previously estimated that greylisting can reduce capital inflows by as much as 7.6% of GDP.
According to CIPS, the country’s removal from the list has not reduced scrutiny but changed its focus.
“Greylist exit has not reduced scrutiny; it has refocused it,” says Paul Vos, the regional managing director of CIPS Southern Africa. “We are seeing a move from tick-box compliance to evidence-based governance, where procurement is increasingly recognised as a control point within organisations.”
CIPS says this shift is most visible in supplier due diligence, where procurement functions are increasingly being integrated into governance and risk frameworks.
Boards and executives are paying closer attention to supplier vetting, given the potential exposure to financial crime, reputational harm, and regulatory penalties. Global bodies such as the World Bank have highlighted opaque ownership structures as a key enabler of corruption and illicit financial flows.
For businesses, this means going beyond documentation to verify supplier legitimacy, aligning procurement processes with enterprise risk frameworks, and ensuring decisions are auditable.
“Procurement owns the process, compliance sets the standards, finance validates the financial risk, but accountability ultimately sits with executive leadership,” Vos says.
Expectations rising post grey-listing
CIPS argues that South Africa’s exit from the grey list may, in practice, raise expectations from regulators, investors, and financial institutions. This is likely to result in more rigorous monitoring by banks, more demanding reporting requirements from regulators, and higher thresholds for supplier onboarding.
The South African Revenue Service has also emphasised that efforts to combat financial crime are ongoing, while a new FATF review cycle begins in 2026.
Financial institutions, under pressure to demonstrate effective controls, are strengthening due diligence requirements. Enhanced know-your-customer and know-your-business processes, sanctions screening, and closer scrutiny of ownership structures are becoming standard practice, according to CIPS.
A central concern, CIPS says, is beneficial ownership – identifying the natural persons who ultimately own or control legal entities.
The Organisation for Economic Co-operation and Development has identified opaque ownership structures as a persistent risk factor in corruption, tax evasion, and financial crime.
“Organisations can no longer rely on surface-level data,” Vos says. “There is an expectation of transparency down to the natural person behind the entity.”
CIPS notes that increasingly complex supply chains – particularly involving Tier 2 and Tier 3 suppliers and subcontractors – can limit visibility and increase exposure to risk.
As a result, due diligence is shifting from a once-off onboarding exercise to an ongoing process, incorporating periodic reviews, sanctions monitoring, and re-verification of supplier information.
“Onboarding is only the baseline,” Vos says. “Continuous assurance is becoming the benchmark.”
This shift is also changing expectations of procurement teams. CIPS says organisations are placing greater emphasis on analytical capability, investigative skills, and data-driven decision-making.
Frameworks such as the CIPS Global Standard are intended to support this transition by formalising procurement’s role in governance and risk management.
While South Africa’s grey-list exit marks progress at a national level, CIPS argues that the next phase will depend on how effectively controls are embedded within organisations.
“The organisations that succeed will be those that treat supplier due diligence as a strategic priority, not a compliance exercise,” Vos says.
