Task 6 — Compliance, Risk Management & FICA

Every FSP is an Accountable Institution under the Financial Intelligence Centre Act 38 of 2001 (FICA) and must operate a written Risk Management and Compliance Programme (RMCP) that addresses customer due diligence, ongoing transaction monitoring, sanctions screening, and the filing of suspicious or unusual activity reports with the Financial Intelligence Centre.

• 01Customer Due Diligence (CDD) on every new client; Enhanced Due Diligence on higher-risk relationships such as Politically Exposed Persons (PEPs).
• 02Maintain and annually review the written RMCP, signed off by the governing body of the FSP.
• 03File Suspicious Transaction Reports (STRs) and Suspicious Activity Reports (SARs) with the FIC within the prescribed 15-business-day window.
• 04Sanctions screening against the United Nations Targeted Financial Sanctions list — both at onboarding and on an ongoing basis.

• 01Trigger events for Enhanced Due Diligence (PEP, high-risk jurisdiction, complex ownership).
• 02Mandatory content of the RMCP — Part 2 of FICA, sections 42 and 42A.
• 03Reporting timelines: cash threshold, suspicious transaction, terrorist property, international funds transfer.
• 04Distinction between record-keeping under FICA and record-keeping under FAIS section 18.