AML Amendment Bill signals major expansion of FICA compliance obligations

Written by Ant Brandt
Posted on June 9, 2026

Table Of Contents

From CompliNEWS | Financial Services Intelligence Watch

The General Laws (Anti-Money Laundering and Combating Terrorism Financing) Amendment Bill (B15-2026) was formally introduced into the National Assembly on 27 May 2026 as part of South Africa’s continued effort to strengthen its AML/CFT framework ahead of the next FATF mutual evaluation cycle. The Bill proposes extensive amendments across multiple statutes, including the Financial Intelligence Centre Act (FICA), Companies Act, Financial Sector Regulation Act and NPO framework, with a clear focus on enforcement capability, beneficial ownership transparency, sanctions compliance and regulatory intelligence-sharing.

From a FICA compliance perspective, the proposed amendments represent a meaningful escalation in both regulatory expectations and operational accountability for accountable institutions, notes Compli-Serve. One of the most significant practical changes is the proposed extension of the record-keeping period from five years to seven years. While this may appear administrative on the surface, it materially increases institutions’ obligations around document retention, transaction histories, onboarding evidence and audit trail preservation. Firms that already struggle with fragmented document management, inconsistent onboarding evidence or legacy storage systems may face increased inspection exposure once implemented.

The Bill also substantially expands the powers of the Financial Intelligence Centre itself. The FIC would be empowered to conduct lifestyle audits, obtain information directly from public entities and municipalities, expand forensic financial analysis capabilities and broaden information-sharing with regulators and state bodies, including the Border Management Authority and Public Procurement Office. This signals a continued move toward integrated financial crime supervision and cross-government intelligence coordination, particularly in procurement, public sector corruption and state-linked financial flows.

Importantly, the amendments place increased emphasis on beneficial ownership transparency and discrepancy reporting. Under the proposed changes, obliged entities would be expected to report material discrepancies between beneficial ownership information they hold and information reflected on the CIPC beneficial ownership register. This introduces an additional verification and escalation layer for accountable institutions and could materially increase onboarding obligations for company structures, trusts and complex ownership arrangements.

Another major development is the stronger focus on technology-driven risk. The amendments to section 42 of FICA expressly require accountable institutions to assess risks associated with new delivery mechanisms and emerging technologies before introducing new products or services. This includes technologies that may facilitate money laundering, terrorist financing or proliferation financing. In practice, this moves technology risk assessment from being an implied governance expectation to a direct statutory compliance obligation. Crypto assets, digital onboarding models, AI-enabled financial services and cross-border fintech solutions are all likely to fall squarely within this heightened regulatory focus.

The proposed amendments also materially strengthen targeted financial sanctions (TFS) obligations. Expanded reporting duties, attempted transaction reporting, enhanced scrutiny obligations and broader enforcement wording indicate that sanctions compliance is becoming an increasingly central pillar of South Africa’s AML framework. Institutions will likely need more mature sanctions screening governance, escalation procedures, audit evidence and documented review processes to remain inspection-ready.

From a broader compliance governance perspective, the Bill reflects South Africa’s continuing shift away from purely technical compliance toward evidence-based supervision. Regulators are increasingly focused not only on whether an RMCP exists, but whether institutions can practically demonstrate implementation, monitoring, escalation, technology governance and defensible decision-making in operational environments.

For accountable institutions, this Bill is unlikely to be viewed as a routine legislative update. It is a clear signal that the next phase of FICA supervision will place greater emphasis on operational effectiveness, transparency, beneficial ownership verification, financial crime intelligence-sharing and technology-enabled risk management.

The Bill will almost certainly require accountable institutions to revisit and enhance their RMCPs once enacted, particularly around operationalisation, technology risk and beneficial ownership controls.

The biggest likely RMCP changes include the following:

  • Stronger beneficial ownership verification and discrepancy escalation processes
    RMCPs will likely need explicit procedures dealing with situations where client-provided BO information differs from CIPC records or other trusted sources. Many current RMCPs speak broadly about BO identification, but do not yet deal properly with discrepancy handling, escalation, remediation or reporting.Expanded sanctions and TFS procedures
    Most existing RMCPs still focus mainly on screening at onboarding. The proposed amendments point toward far more mature sanctions governance, including:

    • ongoing screening
    • attempted transaction reporting
    • enhanced escalation
    • freezing procedures
    • audit trail retention
    • and documented review methodology following TFS updates.Technology and new product risk assessmentThis is probably one of the biggest shifts. RMCPs will likely need dedicated sections dealing with:
    • AI usage
    • digital onboarding
    • crypto exposure
    • automated monitoring systems
    • cross-border fintech arrangements
    • outsourced RegTech providers
    • and assessment of ML/TF/PF risks before introducing new technologies or delivery channels.A lot of current RMCPs simply do not deal with this in sufficient depth.
  • Longer record-keeping obligations
    The move from five to seven years means RMCPs, retention schedules and operational controls will need updating. Firms will need to evidence how records are securely retained, retrievable and monitored over extended periods.Greater emphasis on operational evidenceThe regulator is clearly moving further toward ‘show me’ supervision. RMCPs will likely need much stronger linkage between:

    • policy
    • registers
    • logs
    • screening evidence
    • case management
    • escalation records
    • transaction monitoring
    • and governance oversight.In practice, annexures and operational templates become even more important.
  • More detailed proliferation financing (PF) risk treatment
    Many RMCPs still treat PF superficially. The Bill strengthens the expectation that PF risks form part of actual operational risk assessment and sanctions governance, rather than being a short theoretical section.Increased focus on group-wide information sharing and governanc
    Larger groups and multinational structures may need clearer RMCP wording dealing with:

    • group reliance
    • shared screening
    • cross-border information flows
    • outsourcing
    • and accountability allocation between local and foreign entities.

Overall, the direction of travel is very clear: the RMCP is increasingly becoming an operational governance framework rather than simply a policy document. Regulators are steadily pushing firms toward demonstrable, evidence-based AML compliance that can withstand inspection and forensic review in practice.

Categories:

Recent Comments

Comments are closed