South Africa may soon exit the Financial Action Task Force (FATF) grey list, but regulators warn that the country’s progress remains fragile.
Read: SA nears grey list exit after complying with all 22 action items
The next FATF mutual evaluation, scheduled for April 2027, will test whether the country’s anti-money laundering and counter-terrorist financing (AML/CFT) reforms are sustainable and effective. A poor performance could see the country placed back on the grey list.
Michelle Fourie, senior specialist in the FSCA’s Financial Intelligence Centre Act supervision unit, told the recent Moonstone Compliance conference that the FATF has revised its assessment methodology to focus more on results. The fifth round of evaluations, which began in 2024, places greater weight on the effectiveness of AML/CFT frameworks rather than technical compliance alone.
Fourie said financial institutions should prepare for a more demanding review. Under the updated methodology, assessments will focus on whether laws and regulations are being applied in practice and are achieving the intended outcomes.
The new approach also separates financial institutions from non-bank entities in evaluations. In the past, sectors were grouped together, and weak performance in one area could lower the overall score. The revised sector-based model allows financial institutions to be assessed independently, providing a clearer view of their compliance efforts.
The FSCA and National Treasury have already begun preparing for the 2027 evaluation, which will be key in determining whether South Africa can maintain its standing and avoid being grey-listed again.
Legislation under evaluation
National Treasury is conducting a detailed review of South Africa’s AML/CFT laws to identify any gaps arising from recent changes to the FATF methodology.
Fourie said the aim is to detect possible legislative shortcomings early.
“This entails looking at the AML/CFT universe, looking at the legislation, to see the changes… so we can identify them now and make the changes to the legislation now, because legislation takes a very long time to take effect,” she said.
No final decisions have been made yet about potential amendments.
“I can’t tell you which rules will change. I can’t tell you what will change. It’s a process. But whatever changes will come, we will follow the normal consultation requirements,” she said.
Fourie confirmed that all relevant regulatory bodies are participating in the ongoing discussions.
Working groups
Each mutual evaluation measures technical compliance with the FATF’s 40 Recommendations and assesses how well a country implements them in practice.
In short, the evaluation considers whether:
- laws and regulations are in place;
- policies align with AML/CFT goals; and
- authorities such as financial intelligence units and supervisors are well resourced and effective.
The focus is not only on rules but also on outcomes. The FATF uses 11 Immediate Outcomes to gauge how well a country’s system works in practice:
These include:
- IO1 Risk, Policy and Co-ordination – Risks are understood and addressed through co-ordinated action.
- IO2 International Co-operation – Countries exchange information and assist each other effectively.
- IO3 Supervision – Financial and non-financial entities are properly supervised.
- IO4 Preventive Measures – Institutions apply AML/CFT controls and report suspicious transactions.
- IO5 Legal Persons and Arrangements – Misuse is prevented, and beneficial ownership information is accessible.
- IO6 Financial Intelligence – Intelligence is used effectively in investigations.
- IO7 ML Investigation and Prosecution – Money laundering is investigated and prosecuted.
- IO8 Confiscation – Proceeds of crime are identified and confiscated.
- IO9 TF Investigation and Prosecution – Terrorist financing is prosecuted.
- IO10 TF Preventive Measures – Terrorists and their funding are disrupted, including in the non-profit sector.
- IO11 Proliferation Financing Sanctions – Sanctions prevent the funding of weapons proliferation.
IO 3 and 4 specifically are central to the role of financial institutions and regulators because they reflect whether AML/CFT obligations are understood, applied, and enforced across the sector.
Fourie shared that the financial sector supervisors have established a working group (as an extension of the working group dedicated to the remediation of grey list action items) to prepare for the next mutual evaluation.
The focus, she said, is on understanding updates to the FATF methodology and identifying what data and statistics must be collected to demonstrate compliance and effectiveness.
“The idea with these meetings is to hold each other accountable, check what we have achieved, where we are going, what kind of harmonisation needs to be done. What can we learn from each other to push each other,” she said.
She emphasised that the Immediate Outcomes are interconnected.
“But you have to understand, if you do badly in Immediate Outcome 1 in terms of national risk, it’s going to impact Immediate Outcome 3. If you do badly in Outcome 5 in terms of ministerial owners, you’re going to do badly in Outcome 3. They’re all interlinked, and they’re also linked to the Recommendations.”
FSCA preparation – focus on AML/CFT enforcement
By the time South Africa was placed on the grey list in February 2023, the FSCA’s AML/CFT unit had only seven staff members. Two years later, that number has nearly quadrupled to 27.
The unit is responsible for addressing grey-list action items in the non-bank financial sector. Fourie said the unit has also formed an internal team to prepare for the next mutual evaluation. This team meets monthly to track progress and ensure the necessary reforms are embedded.
As part of this preparation, the FSCA is increasing onsite and offsite inspections and working to finalise the AML/CFT compliance return.
Read: Expect the FSCA to call – heightened AML/CFT oversight ahead
This will be submitted together with the Risk Model Return to assess the effectiveness of institutional compliance.
One of the tools being used is the Directive to Provide Information (DPI) 2024, which requires accountable institutions to submit information about their compliance with FICA. The data will help the FSCA to gauge whether institutions are meeting their legal obligations.
The FSCA is also collaborating through the Integrated Regulatory System (IRS) and its OMNI Risk Return. This tool gathers standardised, conduct-related data from financial institutions across various sectors and will be integrated into the FSCA’s supervisory technology platform (SupTech).
“There’s an AML section in there as well.”
Read: OMNI-CBR will be embedded in new supervisory technology platform
She noted that aside from the DPI for accountable institutions, the FSCA could issue other targeted directives if necessary, saying it was possible to request specific information from certain sectors at particular times.
Alongside regulatory reporting, the FSCA is also ramping up its education and awareness efforts. These campaigns are being broadened across platforms and are aimed at reaching more institutions more frequently.
At the same time, the regulator is reviewing its AML/CFT risk-based supervisory approach and ensuring that enforcement and remediation statistics remain current.
Another task under way is updating the FSCA’s case study library. Fourie said the department has created a guide to support this, and case studies are now submitted as part of joint progress reporting. These are intended to demonstrate how interventions – such as inspections, enforcement actions, or awareness drives – have resulted in improved compliance.
But Fourie warned they are not seeing enough positive examples. “When I write a joint group progress report, I need to see plenty of cases where the compliance behind it changed as a result of an intervention… And these case studies, it keeps me up at night. I don’t see enough of them.”
