The actual cost of non-compliance with FICA

In the past 18 months, institutions across banking, legal, and financial services have faced steep penalties for non-compliance with the Financial Intelligence Centre Act (FICA). Capitec, Old Mutual, HSBC, and Standard Bank have all been sanctioned with fines ranging from R7.7 million to over R50 million. These are not outliers, they reflect a clear regulatory shift toward stricter enforcement.

While much has been said about FICA’s obligations, less attention is paid to what happens when businesses fall short. The penalties are not limited to financial institutions. Any accountable institution – whether in property, legal, crypto, or lending – is at risk if compliance lapses occur.

The type of punishment depends on the severity of the violation. Regulators apply a structured framework that considers both mandatory and discretionary factors. These include the nature, duration, seriousness, and extent of the contravention, as well as whether the conduct was intentional, reckless, or negligent. The regulator will also assess whether the entity gained any financial or commercial benefit from the non-compliance and if there was any remedial action taken once the issue was identified.

A business’s compliance history matters too. Institutions with prior contraventions or those seen as repeat offenders can expect harsher sanctions, as can those found to have obstructed investigations or withheld key information.

Sanctions range from a written caution or public reprimand to a remediation directive, restriction or suspension of business activities, and administrative fines of up to R10 million for individuals and R50 million for companies. For more serious breaches—particularly where there is an element of intent – criminal charges may be brought, with potential fines of up to R100 million or imprisonment for up to 15 years. Senior managers, directors, and employees involved in the breach may be held personally liable.

Most FICA penalties stem from recurring failures such as inadequate or generic Risk Management and Compliance Programmes (RMCPs), poor customer due diligence, incomplete recordkeeping, failure to submit reports like Cash Threshold Reports, and insufficient training. These are not technicalities – they are central to the act and form the basis of most enforcement actions.

In one case, a legal firm was fined R7.7 million for not implementing an RMCP or training its staff. A financial services provider was penalised for failing to report suspicious transactions on time. These are the kinds of ‘basic’ oversights that now carry serious consequences.

The 2025 Budget Speech made it clear – financial crime enforcement is being prioritised. National Treasury has allocated more funding for forensic investigations and compliance monitoring. The FIC and SARS are both sharpening their tools, and accountability is tightening across all sectors.

This comes at a time when South Africa is still navigating FATF greylisting. That context matters – regulatory pressure is mounting, and institutions cannot afford to treat FICA compliance as a box-ticking exercise.

The uptick in enforcement isn’t limited to large financial institutions. In recent months, law firms, insurers, financial advisers, and crypto platforms have all faced enforcement actions. FICA applies across sectors, and smaller firms are not immune. If you deal with money – you are accountable.

Luckily for regulated entities, there are automated compliance platforms available that make it easier to prevent fraud, money laundering, and regulatory breaches. These tools reduce manual oversight, simplify regulatory reporting, and ensures POPIA-compliant data handling. They also automate Know Your Customer (KYC)/Know Your Business (KYB) verification processes and can generate suspicious transaction and compliance reports as and when they are requested by regulators.

One of the big selling points of automating FICA compliance is ongoing monitoring. Often, a business will do their due diligence at the start of the relationship with a client only for that client to do something illicit and illegal down the line. Ongoing monitoring helps accountable institutions to assess and manage risks continuously, during the onboarding process and throughout the business relationship. By tracking client profiles daily, accountable organisations keep tabs on all transactions as they happen, and they are alerted of any changes that might indicate a compliance risk. Unlike periodic reviews, ongoing monitoring ensures businesses detect risks before they become compliance failures.

VOCA, powered by SearchWorks, is an application designed to streamline compliance processes for accountable institutions in regulated industries. Backed by the largest data aggregation platform in SA, VOCA offers unmatched access to official databases and provides a range of automated compliance tools that enable businesses to meet FICA and risk management requirements. All accountable institutions must strengthen their compliance posture so that they aren’t slapped with harsh penalties and to ensure that they avoid inadvertently getting involved in any illegal or illicit activities.