Non-compliance with the Financial Intelligence Centre (FIC) Act has led to a rise in administrative sanctions across several sectors, with penalties reaching up to R7.8 million in 2024.
Over the past year, the FIC and other supervisory bodies – such as the Financial Sector Conduct Authority (FSCA) – have significantly ramped up enforcement action against non-compliance with the FIC Act.
When an accountable institution is found to be in breach of the FIC Act, these bodies may impose penalties, known as administrative sanctions, which can include an order, determination or directive. What are the sanctions that can be imposed? These sanctions may also contain a caution to not repeat the non-compliance conduct, a reprimand, a directive to take remedial action, a restriction or suspension of certain specified business activities.
In addition, a non-compliant institution can face a financial penalty – up to R10 million for natural persons and R50 million for legal persons. Between April 2024 and April 2025, the FIC imposed financial penalties ranging from R20 000 to R7.8 million, primarily for failures identified during inspections.
Risk and Compliance Return (RCR) non-submission
The RCR was introduced through Directives 6 and 7 in March 2023, requiring Designated Non-Financial Businesses and Professional (DNFBPs) to complete and submit a return indicating their financial and proliferation financing (ML/TF/PF) risks. More than half of all administrative sanctions published by the FIC this past year were due to the non-submission of the RCR. Legal practitioners and estate agents accounted for most of these cases.
For more information regarding the deadline for 2025, talk to our experts on the latest RCR developments.
Risk Management and Compliance Programme (RCMP)
Several sanctions stemmed from failures to develop, document, maintain, and implement a proper RCMP. During inspections, the regulators found that some institutions had no RCMP in place, while others had RCPMs that were generic, outdated or not tailored to the business.
In addition, many accountable institutions fell short of conducting an enterprise-wide business risk assessment to adequately identify and assess the ML/TF/PF risks they face.
RCMPS should also be regularly reviewed and updated to reflect any changes to the risks in the business and to keep up with changes in regulation.
Registration
In terms of Section 43B of the FIC Act, businesses or sectors listed in Schedule 1 of the Act must register with the FIC within the prescribed period. Moreover, Directive 1 of 2013 and Directive 4 of 2026 require that accountable institutions must ensure that their registration details are updated within 90 days of any changes to the registration information.
In December 2022, Schedule 1 of the Act was amended, expanding the scope of sectors that fall under the ambit of the Act. Yet, more than two years after these amendments took effect, many of these new accountable institutions have still not registered or updated their details. Over 40% of sanctions in the past year were due to registration failures. Credit providers and CASPs accounted for most of these cases.
Need assistance with your FICA compliance?
Morningside Consulting and Training Group supports all accountable institutions with a full range of FICA compliance services – from RMCP development and staff training to hands-on assistance with implementation and guidance before and during FIC inspections.
Don’t miss our upcoming webinars, Developing RMCP, Staff Training, Guidance and Implementation of Customized Solutions.
Get in Touch
