FIC overreach checked – Court blocks backdated AML penalties
A recent High Court ruling has placed an important boundary on the Financial Intelligence Centre’s enforcement powers, particularly in how administrative penalties are calculated, reports Moneyweb.
In the case involving Len Dekker Attorneys, the court found that the FIC had overreached by including years of alleged non- compliance dating back to 2017, despite only becoming the supervisory authority for legal practitioners in December 2022. The court ruled that penalties can only be calculated from the point at which the FIC assumed direct oversight.
This is a significant clarification. It reinforces a basic principle of regulatory fairness: a regulator cannot penalise entities for periods where it did not have enforcement authority, particularly where another body was responsible for supervision and had effectively accepted the firm’s compliance position.
The judgment also addressed how penalties should be determined. The court found that the FIC must consider remedial actions taken by a firm after non-compliance has been identified. In this case, steps taken to improve compliance were initially disregarded, but the court held that such actions are relevant and must be factored into any sanction.
Importantly, the ruling does not weaken the FIC’s mandate. The court was clear that compliance with anti-money laundering obligations remains critical. However, enforcement must be proportionate and based on a proper assessment of risk, rather than a purely mechanical application of penalties.
For accountable institutions, the message is balanced. Historical exposure may be limited where supervisory responsibility has shifted, but from the point of direct oversight, expectations are firm. Regulators are actively inspecting and will continue to impose sanctions where deficiencies persist.
The takeaway is straightforward. Compliance gaps will still be penalised, but enforcement must be fair, proportionate, and grounded in the regulator’s actual authority.
Insights Why the court drew the line
The judgment turned largely on the structure of FICA’s supervisory framework. Before 19 December 2022, the Legal Practice Council (and before that its predecessors) was the relevant supervisory authority for attorneys. The court noted that the LPC required compliance reporting from practitioners, referred them to its audit report guide, and issued Fidelity Fund Certificates on the basis of those reports. In other words, there was already a functioning statutory enforcement structure in place. The FIC was not absent from the legislative framework, but it was not yet the body directly supervising and enforcing compliance against attorneys in the way it later became.
That distinction was decisive. The Appeal Board had effectively treated the matter as though the FIC could simply ‘look back’ and use the full historical period of non-compliance for sanctioning purposes, regardless of who held supervisory authority at the time. The High Court rejected that reasoning. It held that the Appeal Board had misunderstood the interaction between sections 44, 45 and 45C of FICA, and had incorrectly treated the sanctioning provision as though it allowed retrospective enforcement simply because the FIC had later inherited the supervisory role.
The court’s reading of the statute was more disciplined. It emphasised that section 45(1) places the responsibility for supervising and enforcing compliance on the supervisory body that regulates the accountable institution at the relevant time. Section 44 allows the FIC to refer suspected contraventions to an appropriate supervisory body. Section 45(3) allows the FIC to step in only where that supervisory body fails to take adequate steps after referral. On the facts before it, the court found that this mechanism had not been triggered in a way that entitled the FIC to penalise historical conduct stretching back to 2017.
That is an important finding. It means the FIC cannot simply rely on its present authority to re-open past supervisory periods and treat them as if they had always fallen within its own enforcement reach.
Not a jurisdiction case, but still a legal limit
Interestingly, the court did not accept the matter as a classic jurisdiction challenge. It confirmed that the FIC plainly has the power to investigate and sanction non-compliance. The problem lay not in whether the FIC had authority in general, but in how it interpreted and applied its sanctioning power under section 45C(2). That is a narrower but still significant point. The court interfered because the Appeal Board had applied the wrong legal principle and thereby distorted the sanctioning exercise.
This is why the judgment is more than a technicality. It says that even where the FIC has enforcement authority, that authority must be exercised within the statutory structure and with regard to fairness. Duration cannot be inflated by importing years that fall outside the FIC’s proper supervisory window. The court was explicit that a long duration has a major effect on the method by which administrative penalties are computed and can increase them substantially.
A second blow to the Appeal Board: remedial steps must count
The second major issue was equally important. Len Dekker Attorneys sought to place before the Appeal Board evidence that it had concluded a service level agreement with DocFox (now nCino KYC) after the inspection, as part of its efforts to strengthen future compliance. The Appeal Board refused to admit the evidence, reasoning that the FIC had already accepted that remedial steps had been taken and that further material would serve no purpose. The court found that this refusal was also wrong.
This part of the judgment matters because it reinforces the language of section 45C(2) itself. When determining an administrative sanction, the regulator must consider not just the nature, duration and seriousness of the contravention, but also any remedial steps taken to prevent recurrence and any other mitigating factors. The court held that relevant remedial information cannot simply be brushed aside. If it bears on sanction, it must be considered properly.
That has broader implications. It means post-inspection remediation is not merely cosmetic. It can materially affect sanction, provided it is credible, documented, and directed at preventing recurrence. Firms facing FIC enforcement should take note: remediation done properly, and evidenced properly, is not wasted effort.
The judgment is not a softening of FICA
It would be a mistake to read this case as a retreat from strict AML enforcement. The court said the opposite. It expressly acknowledged the need for firm adherence to FICA in order to combat money laundering and terrorist financing. But it also stressed that sanctions must be proportionate and must reflect a genuine risk assessment rather than an exaggerated or mechanical approach.
That balance is the real significance of the decision. The court is not siding with non-compliance. It is insisting that enforcement be lawful, proportionate and tied to the regulator’s actual statutory role. In practical terms, the judgment says three things:
What the order actually did
The court did not set the sanctions aside completely and walk away. It upheld the appeal in part, set aside the Appeal Board’s finding that allowed the FIC to calculate non-compliance from 2017, and replaced it with a ruling that any recalculation is limited to the period from 19 December 2022 onward. It also ordered that the DocFox service agreement be admitted and considered in the recalculation. The matter was then referred back to the FIC for reconsideration on that basis.
So, the firm may still face penalties. The difference is that those penalties must now be recalculated on a legally narrower and fairer footing.
Why this matters beyond the legal profession
Although the case arose in the context of attorneys, the underlying principle is broader. Wherever supervisory responsibility shifts between regulators, professional bodies or designated supervisory authorities, the same issue can arise. The case serves as a warning against regulatory overreach in transition periods. It also highlights the importance of understanding exactly who the supervisory body was, when, and under what statutory mechanism enforcement could occur.
For the legal profession specifically, the judgment is especially significant because of the LPC’s historical role and the profession’s distinct risk profile. The court was alive to the fact that attorneys are not identical to every other accountable
institution and that their compliance environment involved prior reporting, oversight and certification through the profession’s own supervisory structures.
The compliance lesson
The practical lesson is not ‘don’t worry about old gaps’. That would be reckless. The better lesson is this: where there has been a shift in regulatory supervision, enforcement still has to respect the statutory architecture. But from the moment the FIC became the direct supervisor, the margin for error narrowed sharply.
For accountable institutions, two things now matter more than ever:
The court has checked the FIC’s reach. It has not dulled its teeth.
Website designed by WEBSITEDESIGN.co.za and hosted by WEBSITEHOSTING.co.za