‘Any accountable institution, whether in property, legal, crypto or lending, is at risk if compliance lapses occur.’
In the past 18 months, institutions in banking, legal, and financial services have faced steep penalties for non-compliance with the Financial Intelligence Centre Act (Fica).
Some South African commercial banks have been sanctioned with fines ranging from R7.7 million to more than R50 million. These are not outliers, they reflect a clear regulatory shift toward stricter enforcement.
Sameer Kumandan, MD of SearchWorks360, said that while much has been said about Fica obligations, less attention is paid to what happens when businesses fall short.
“The penalties are not limited to financial institutions. Any accountable institution, whether in property, legal, crypto or lending, is at risk if compliance lapses occur.”
ALSO READ: FSCA fines 3 financial services providers R1.2 million for Fica non-compliance
How Fica penalties are determined
He said the type of punishment depends on the severity of the violation. Regulators apply a structured framework that considers both mandatory and discretionary factors.
“These include the nature, duration, seriousness and extent of the contravention, as well as whether the conduct was intentional, reckless or negligent.
“The regulator will also assess whether the entity gained any financial or commercial benefit from the non-compliance and if there was any remedial action taken once the issue was identified.”
A business’s compliance history matters too.
Institutions with prior contraventions or those seen as repeat offenders can expect harsher sanctions, as can those found to have obstructed investigations or withheld key information.
Fica sanctions
Kumandan said sanctions range from a written caution or public reprimand to a remediation directive, restriction or suspension of business activities, and administrative fines of up to R10 million for individuals and R50 million for companies.
For more serious breaches, particularly those involving an element of intent, criminal charges may be brought, with potential fines of up to R100 million or imprisonment up to 15 years.
Senior managers, directors and employees involved in the breach may be held personally liable.
ALSO READ: Prudential authority fines Absa R10 million for FICA non-compliance
Common non-compliance issues
“Most Fica penalties stem from recurring failures such as inadequate or generic risk management and compliance programmes (RMCPs), poor customer due diligence, incomplete recordkeeping, failure to submit reports like cash threshold reports and insufficient training,” said Kumandan.
“These are not technicalities – they are central to the act and form the basis of most enforcement actions. In one case, a legal firm was fined R7.7 million for failing to implement an RMCP or train its staff.
“A financial services provider was penalised for failing to report suspicious transactions in a timely manner. These are the kinds of ‘basic’ oversights that now carry serious consequences.”
The pressure is industry-wide
He added that the uptick in enforcement isn’t limited to large financial institutions. In recent months, law firms, insurers, financial advisers and crypto platforms have all faced enforcement actions.
“Fica applies across sectors and smaller firms are not immune. If you deal with money, you are accountable.”
Avoiding penalties requires more than good intentions
Fortunately, regulated entities have access to automated compliance platforms that facilitate the prevention of fraud, money laundering and regulatory breaches.
He said these tools reduce manual oversight, simplify regulatory reporting and ensure Popia-compliant data handling.
They also automate Know Your Customer (KYC)/Know Your Business (KYB) verification processes and can generate suspicious transaction and compliance reports as requested by regulators.
“One of the big selling points of automating Fica compliance is ongoing monitoring. Often, a business will conduct its due diligence at the start of a relationship with a client, only for that client to engage in illicit and illegal activities down the line.
“Ongoing monitoring helps accountable institutions to assess and manage risks continuously, during the onboarding process and throughout the business relationship.
“By tracking client profiles daily, accountable organisations keep tabs on all transactions as they happen and they are alerted to any changes that might indicate a compliance risk.”
NOW READ: The risks of doing business with politically exposed persons
