The Financial Sector Conduct Authority announced this week that it imposed a R3-million fine on Ninety One Fund Managers for breaches of the Financial Intelligence Centre Act (FICA) identified in 2023.
However, the effective penalty is R2.5m because R500 000 is suspended for three years on condition that Ninety One FM remediates the identified violations and remains fully compliant with the relevant provisions of FICA.
Ninety One FM is the management company of Ninety One’s unit trust business in South Africa.
The fund manager was initially facing a total fine of R12m, but a R10m penalty for inadequate customer due diligence (CDD) processes was reduced to R1m following engagements between the FSCA and Ninety One.
The other area of non-compliance concerned deficiencies with Ninety One FM’s Risk Management and Compliance Programme (RMCP).
The violations came to light when the FSCA conducted an inspection in September 2023.
In a statement on 8 May, the FSCA said it viewed the breaches as serious, particularly considering the size, complexity, and risk exposure of Ninety One FM’s business, as well as its position and impact in the South African market.
Ninety One, which is listed on the Johannesburg and London stock exchanges, is South Africa’s largest single asset manager. In March this year, Ninety One announced it had assets under management of £130.8 billion, or R3.16 trillion, according to the exchange rate on 9 May 2025.
Ninety One, in a statement on Friday, said the FSCA made no findings of money laundering, client misconduct, or financial harm, and no such incidents have occurred. “There was no loss, harm, or prejudice to any Ninety One clients at any time.”
The company said it acknowledges the FSCA’s findings and appreciates the regulator’s constructive approach. Ninety One has taken steps to strengthen its internal processes.
Initial findings and sanctions
Accountable institutions are required to develop, document, maintain, and implement an RMCP to identify, assess, and mitigate risks related to money laundering and terrorist financing.
The FSCA’s inspection found that Ninety One FM breached section 42(1) of FICA because although it had an RMCP, it failed to implement the RMCP effectively, particularly in risk-rating its clients. This resulted in a penalty of R1m.
Furthermore, Ninety One FM breached section 42(2) because the RMCP was technically deficient and did not adequately address the following issues:
- Performing CDD under sections 21, 21A, 21B, and 21C when suspicious or unusual activity is identified (section 42(2)(j)).
- Determining whether a transaction is reportable as related to terrorist financing (section 42(2)(o)).
The breaches of section 42(2) resulted in the following sanctions:
- A penalty of R1m.
- A directive to amend the RMCP to address the deficiencies.
- A caution against repeating the technical deficiencies.
Sections 21, 21B, and 21C of FICA require accountable institutions to identify and verify the identity of clients and beneficial owners, and to conduct ongoing CDD.
At the time of the inspection, the FSCA found that Ninety One FM failed to:
- Identify and verify the identity of six clients and conduct enhanced due diligence (EDD) for seven clients (section 21).
- Establish the ownership and control structure for 16 clients (section 21B(1)).
- Establish and verify the identity of beneficial owners for 16 clients (section 21B(2)).
- Demonstrate ongoing due diligence for 62 clients (section 21C).
A penalty of R10m was initially imposed for these CDD deficiencies.
Appeal and settlement
Ninety One lodged an appeal with the FICA Appeal Board following the imposition of the sanctions in November 2024. In particular, Ninety One disputed the findings relating to CDD.
After engagements between the parties, a settlement was reached and confirmed as a consent order by the Appeal Board on 17 April 2025. The appeal was subsequently withdrawn.
The consent order confirmed the findings and sanctions in respect of the RMCP non-compliance but varied the findings in respect of the CDD non-compliance as follows:
- Section 21: Reduced from six clients (identity verification) to two, and from seven clients (EDD) to none.
- Section 21B(1): Reduced from 16 clients (ownership/control structure) to none.
- Section 21B(2): Reduced from 16 clients (beneficial owners) to one.
- Section 21C: Reduced from 62 clients (ongoing due diligence) to three.
The following CDD findings were referred back to the FSCA for reconsideration:
- Section 21: Identity verification for four clients and EDD for seven clients.
- Section 21B(1): Ownership/control structure for 16 clients.
- Section 21B(2): Beneficial owners for 15 clients.
- Section 21C: Ongoing due diligence for 59 clients.
The financial penalty for the CDD breaches was reduced from R10m to R1m.
FSCA’s message to accountable institutions
The FSCA said the penalty imposed on Ninety One FM is a reminder that the Authority will not tolerate non-compliance with FICA.
An effective RMCP is essential not only for protecting institutions from financial crime but also for safeguarding the integrity of the broader South African financial system, it said.
The proper due diligence of all clients is crucial to help identify and mitigate against suspicious and criminal elements from infiltrating the financial system. “Financial institutions operating within large, international financial services groups are expected to demonstrate a heightened level of vigilance in this regard.”
The Authority urged all accountable institutions continually to review and enhance their anti-money laundering and terrorist-financing controls at the highest levels and regularly conduct thorough risk assessments.
