Enforcement notices for PoPIA and PAIA breaches

Written by Ant Brandt
Posted on June 9, 2026

Table Of Contents

From CompliNEWS | Financial Services Intelligence Watch

Fairsure, Gray Swan, GQM and Louw Risk fined R4.98 million for FICA compliance failures

The Financial Sector Conduct Authority (FSCA) has imposed administrative penalties totalling R4.98 million against four accountable institutions following significant anti-money laundering (AML), counter-terrorist financing (CTF) and counter-proliferation financing (CPF) compliance failures identified during regulatory inspections. The affected firms include Fairsure Administration (Pty) Ltd, Gray Swan Financial Service (Pty) Ltd, GQM Fund Administrators (Pty) Ltd and Louw Risk Financial Services CC.

According to the FSCA, the institutions failed to comply with various provisions of the Financial Intelligence Centre Act (FICA), including requirements relating to Risk Management and Compliance Programmes (RMCPs), governance structures, customer due diligence (CDD), record keeping and targeted financial sanctions screening. While all four institutions had RMCPs in place, the regulator found that these programmes did not adequately address one or more of the processes and procedures required under section 42(1) and (2) of FICA.

The findings extended beyond documentation deficiencies. In some cases, firms failed to perform proper customer due diligence, obtain beneficial ownership information or maintain adequate client records. One institution was unable to produce customer due diligence records when requested by the FSCA, while another failed to screen clients against United Nations Targeted Financial Sanctions lists as required by law. The regulator also identified governance shortcomings, including instances where compliance functions were not assigned to sufficiently senior or suitably competent individuals.

Particularly noteworthy was the unsuccessful appeal by Fairsure Administration against the sanctions imposed. The FIC Act Appeal Board upheld the FSCA’s decision and emphasised several important principles. These included the fundamental importance of RMCP compliance, the critical role of customer due diligence as one of the cornerstones of the AML framework and the fact that staffing constraints cannot be used as a justification for non-compliance. The Appeal Board further confirmed that a low-risk client profile does not excuse failures to comply with FICA obligations and that deterrence remains an important factor when sanctions are considered.

Compliance Insights by Compli-Serve

This enforcement action provides a valuable reminder that regulators are increasingly focusing on the practical implementation of AML controls rather than the mere existence of policies and procedures. Many institutions believe they are compliant because they have an RMCP on file. However, the FSCA’s findings demonstrate that the regulator expects accountable institutions to show that their RMCP is properly tailored, actively implemented and supported by operational controls that work in practice.

The penalties also reinforce a message that Compli-Serve has consistently communicated to clients: customer due diligence remains the foundation of an effective AML framework. Without proper identification, verification, beneficial ownership information and record keeping, institutions cannot effectively monitor risk, identify suspicious activity or comply with their reporting obligations. Regulators continue to regard CDD failures as serious breaches because they undermine the entire anti-money laundering control environment.

Perhaps the most important lesson from this matter is that governance matters. FICA compliance cannot simply be delegated to junior administrative staff or treated as a box-ticking exercise. Boards, senior management, compliance officers and Money Laundering Compliance Officers must ensure that sufficient resources, expertise and oversight are dedicated to AML, CTF and CPF compliance. As the FSCA has once again demonstrated, firms that fail to do so face not only financial penalties but also reputational consequences and increased regulatory scrutiny.

For accountable institutions, now is an appropriate time to revisit RMCPs, review customer due diligence procedures, assess sanctions screening controls and ensure that governance arrangements remain fit for purpose in an increasingly demanding regulatory environment.

Categories:

Recent Comments

Comments are closed