South Africa Greylisted—How Businesses can Protect against Money Laundering in 2024

South Africa remains an attractive destination for investors. According to the International Monetary Fund, the country is the second-largest economy in Africa after Nigeria. It’s also one of the biggest fintech hubs in Africa, and home to some of the continent’s leading banks and financial institutions, including the Johannesburg Stock Exchange (JSE)—the largest stock market in the continent.

South Africa is considered a great starting point for businesses seeking to enter the African market. At the same time, the country is considered vulnerable to money laundering and terrorist financing (ML/TF), and has shortcomings in its legal framework for combating these issues. This was reflected in the FATF’s February 2023 decision to put the country on the “Grey List”, which is a “list of jurisdictions under increased monitoring” due to  strategic deficiencies.

Let’s dive into what the FATF Grey List really means, how financial businesses can stay compliant when entering the South African market while safeguarding themselves from money laundering. 

Who’s affected

The following organizations must comply with AML regulations in South Africa:

1. Financial institutions (including banks, insurance companies, and investment firms)
2. Crypto firms
3. Accountants and other professionals who provide financial services to clients
4. Attorneys and trustees
5. Brokers
6. Casinos and betting organizations
7. Dealers in precious metals and stones
8. Real estate agents
9. Car dealerships and other high-value item sellers
10. Money service businesses, including currency exchange bureaus
11. Non-profit organizations and charities

The full list of regulated organizations can be found in Schedule 1 to the Financial Intelligence Centre Act (FICA).

FICA requires the above institutions to implement measures to prevent money laundering and report suspicious transactions to the Financial Intelligence Centre.

Who’s the regulator?

• The Financial Sector Conduct Authority (FSCA) is the authority responsible for regulating financial markets and supervising non-banking financial institutions—including crypto firms and insurance companies— to ensure that they comply with AML regulations in South Africa.
• The South African Reserve Bank (SARB): The SARB is South Africa’s central bank and is responsible for regulating the country’s financial institutions. It works closely with the FIC and other regulatory authorities to ensure that financial institutions comply with AML regulations.
• The National Gambling Board (NGB) is responsible for regulating the gambling industry. It is the umbrella institution for nine Provincial Licensing Authorities (PLAs), which are responsible for issuing gambling licenses and regulating casinos for compliance with licensing conditions as well as ensuring compliance with the Financial Intelligence Centre Act in their own provinces.
• The Financial Intelligence Centre (FIC) is the country’s main AML supervisory authority. The institution was established in 2001, and is responsible for supervising and enforcing compliance with AML legislation. “The FIC was established to identify proceeds of crime, combat money laundering, and the financing of terrorism and, in so doing, has a primary role to protect the integrity of South Africa’s financial system. The Entity was established by the FIC Act 38 of 2001 and reports to the Minister of Finance and to Parliament.” (source)

What are the main regulations?

• The Financial Intelligence Centre Act, No 38 of 2001 (the FIC Act) as amended

The FIC Act is South Africa’s key AML regulation. It introduces requirements  regarding customer due diligence, record-keeping, and reporting to the Financial Intelligence Centre.

Other AML regulations in South Africa include:

• General Laws (Anti-Money Laundering and Combating Terrorism Financing) Amendment Act, No. 22 of 2022
• The Prevention of Organized Crime Act, 1998 (POCA)
• The Prevention and Combating of Corrupt Activities Act, 2004 (PRECCA)
• The Protection of Constitutional Democracy Against Terrorist and Related Activities Act, 2004 (POCDATARA) (amended in 2022)

How to stay compliant

South Africa is a member of the Financial Action Task Force (FATF), and its AML legislation has widely adopted the FATF’s risk-based approach. The country’s main AML act therefore requires businesses to adopt the following measures:

1. Customer Due Diligence (CDD). Financial companies should conduct comprehensive CDD before entering into a business relationship. This includes identifying and verifying the identity of customers, beneficial and owners, determining the control structure of the business, and understanding the source of funds and nature of business activities. Enhanced Due Diligence should be applied to high-risk customers. Restrictions apply for business relationships with persons or entities under financial sanctions imposed by the UN Security Council.
2. Transaction monitoring. Companies are required to monitor transactions on an ongoing basis to detect suspicious activity. The frequency of monitoring should be risk-based, meaning that higher-risk transactions and customers require more frequent and comprehensive monitoring. This includes monitoring for unusual patterns of activity, large transactions, and transactions that involve high-risk countries or politically exposed persons (PEPs).
3. Record-keeping and access of the FIC to records. According to the FICA, accountable institutions are required to keep records related to their AML/CFT obligations for at least five years from the date of the transaction or termination of the relationship. This includes records related to customer identification, transaction activity, etc. Records may be kept in electronic form, including by third parties on behalf of an accountable institution.

The South African Reserve Bank (SARB) requires banks to keep certain records, including those related to foreign exchange transactions and foreign currency accounts, for a minimum of 10 years.

Inspections of accountable institutions may be conducted by the FIC or other supervisory authorities. Representatives of the FIC may have access to records kept by accountable institutions by virtue of a warrant issued by an authorized body.

4. Suspicious activity reports (SARs). Suspicious and unusual transactions, such as large cash deposits, unusual transfers that do not make economic sense, etc. should be promptly reported to the Financial Intelligence Centre (FIC).
5. Regular audits. Internal audits should be conducted on a regular basis to identify any weaknesses or gaps in a company’s AML program.
6. AML policies. Companies should develop AML procedures and controls that are tailored to their specific risks and business activities. This risk-management and compliance program should be reviewed and updated on a regular basis to ensure business operations and compliance remain effective. An AML compliance officer should also be appointed at the accountable institution.
7. Employee training. Employees at the accountable institution should be aware of South Africa’s AML regulations and the company’s internal policies and procedures.

Suggested read: Anti-Money Laundering (AML) Policy: Step-by-Step Guide (with Template)

Penalties

In South Africa, non-compliance with the FICA can result in severe penalties for individuals and companies:

1. Fines.  Up to R10 million ($551K) for a natural person and up to R50 million ($2.7 m) for a legal person. Fine amounts may also vary depending on the severity of the violation.
2. Imprisonment. In some cases, individuals who violate the FICA can be sentenced to prison for up to 15 years, or a fine of up to R100 million ($5.5 m)
3. Revocation of licenses. Financial institutions may have their licenses revoked for failing to comply with local AML regulations.

The FATF’s Grey List

South Africa has a large informal economy with a high prevalence of cash—meaning an economy that is neither taxed nor monitored by the government. This makes it easier for criminals to conduct illicit activities. South Africa is also a major producer and exporter of precious metals and stones, which can be used to launder money, as well as a target for illicit financial flows, including trade-based money laundering and fraudulent invoicing.

In February 2023, the Financial Action Task Force (FATF) Plenary officially “greylisted” South Africa—placing the country onto a list of “jurisdictions under increased monitoring” due to the weaknesses in their AML/CFT regimes.

Being on the FATF’s Grey List can have negative consequences for a country’s financial system. It can scare off investors and companies seeking to enter the market and lead to increased scrutiny from international regulators, which makes it difficult for the country to access international financial markets.

Although AML legislation in South Africa was updated in 2022 with the General Laws (Anti-Money Laundering and Combating Terrorism Financing) Amendment Act and the Protection of Constitutional Democracy Against Terrorist and Related Activities Amendment Act, these legislative amendments weren’t enough to improve the country’s AML/CTF framework as was prescribed by the FATF Mutual Evaluation Report in October 2021.

South Africa has applied for a re-assessment of their AML/CTF laws by the FATF Plenary in June 2023, and a positive change can be expected in the country’sAML measures in the near future. In the meantime, how should businesses protect against money laundering and other financial crimes in South Africa?

How existing businesses can safeguard themselves against ML/TF in South Africa

Businesses in South Africa should conduct the following procedures to decrease the risk of money laundering:

1. Customer Due Diligence or Know Your Customer (KYC). Businesses should have reliable KYC procedures in place to identify and verify the identity of their customers, including beneficial owners and politically exposed persons (PEPs), to deny services to persons on sanctions lists.
2. Liveness Detection. Liveness is one of the most advanced verification methods, and can be used for KYC checks, payment fraud prevention, 2-factor authentication, securing physical entrances, etc. Liveness technology identifies the client and their physical presence, and can detect even the most sophisticated presentation attacks. 
3. Conducting risk assessments. Businesses should conduct regular risk assessments of internal practices to identify and evaluate the risks of money laundering and terrorist financing associated with their business.
4. Compiling a reliable AML program. An Anti-Money Laundering (AML) compliance program combines everything a company does to meet AML compliance norms: built-in internal operations, employee training, user-processing policies, account monitoring, detection of suspicious operations, and AML reporting.

Suggested read: 6 Key Steps to a Successful Anti-Money Laundering (AML) Program in 2023

5. Know Your Business (KYB). Companies operating in South Africa should carefully identify their partners and suppliers and conduct due diligence on business clients.
6. Transaction Monitoring. A reliable and flexible transaction monitoring tool will allow businesses to detect suspicious transactions, such as multiple purchases made by a client simultaneously from different countries, unusually large transactions (above the AML threshold) and high-risk countries.

FAQ

• What are the KYC requirements in South Africa?

  In South Africa, KYC requirements are set out in the Financial Intelligence Centre Act (FICA) and include:

  • Identification and verification of customers

  • Identification and verification of beneficial owners

  • Identification and verification of Politically Exposed Persons (PEPs)

  • Screening persons for financial sanctions of the Security Council of the United Nations.

• What is money laundering in South Africa?

  In South Africa, money laundering is a criminal offense under the Prevention of Organized Crime Act (POCA). It can be defined as the process through which criminals, either directly or indirectly, conceal or disguise the nature, source, location, disposition or movement of property that is derived from criminal activity.

• Is South Africa high-risk for ML/TF?

  South Africa has been identified as a ‘high-risk country’ for ML/TF by various international organizations, including the Financial Action Task Force (FATF). The FATF placed South Africa on its ‘Grey List’ in February 2023 due to deficiencies in its AML/CFT legislation.