What is AML compliance and why does it matter for exporters?

Anti-Money Laundering (AML) compliance is the set of policies, procedures, and controls that businesses implement to detect and prevent money laundering and terrorist financing. For South African exporters, AML compliance matters because EU buyers are legally required to verify that their suppliers have adequate AML controls before entering into a commercial relationship. Without a documented AML programme, your KYC package will be rejected by EU compliance teams.

What must an AML compliance programme include?

A minimum AML compliance programme for a South African exporter must include: a written AML policy approved by senior management, customer due diligence procedures, a risk assessment methodology, record-keeping procedures (minimum 5 years), a designated compliance officer, staff training records, and a suspicious transaction reporting procedure.

Do I need to appoint a compliance officer?

Under the Financial Intelligence Centre Act 38 of 2001 (FICA), accountable institutions must appoint a compliance officer responsible for ensuring compliance with FICA obligations. For smaller businesses, the compliance officer role can be held by a director or senior manager, provided they have received appropriate training.

Anti-Money Laundering Compliance for South African Exporters

Anti-Money Laundering (AML) compliance is the regulatory framework within which Know Your Customer (KYC) verification operates. For South African exporters, building a documented AML programme is not just a legal obligation under the Financial Intelligence Centre Act 38 of 2001 (FICA) — it is a commercial necessity. EU buyers will not contract with South African suppliers who cannot demonstrate adequate AML controls. This page is part of the complete KYC guide for South African exporters.

What AML Compliance Means for South African Exporters

Anti-money laundering — classified as Wikidata entity Q1412694 — refers to the laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. In South Africa, the primary AML legislation is the Financial Intelligence Centre Act 38 of 2001 (FICA), which was significantly strengthened by the Financial Intelligence Centre Amendment Act 1 of 2017.

The Financial Action Task Force (FATF) — classified as Wikidata entity Q210953 — sets the international standards for AML compliance. South Africa's placement on the FATF grey list in 2023 reflects deficiencies in South Africa's AML framework. This directly impacts South African exporters because EU buyers must apply enhanced due diligence to all counterparties from grey-listed jurisdictions.

The Legal Framework

AML Compliance Requirements for South African Exporters
Requirement	SA Law	EU Standard
Written AML policy	FICA s42	AMLD6 Art 8
Customer due diligence	FICA s21-21B	AMLD6 Art 13
Enhanced due diligence (high-risk)	FICA s21C	AMLD6 Art 18
Record-keeping (5 years)	FICA s22-23	AMLD6 Art 40
Suspicious transaction reporting	FICA s29	AMLD6 Art 33
Compliance officer appointment	FICA s42A	AMLD6 Art 8(4)

Step-by-Step: Building Your AML Compliance Programme

Conduct a business risk assessment. Assess the money laundering and terrorist financing risks specific to your business, including your customer base, products, geographic exposure, and transaction channels.
Write an AML policy. Document your AML policy, including your customer due diligence procedures, record-keeping requirements, and suspicious transaction reporting procedures. The policy must be approved by senior management.
Appoint a compliance officer. Designate a director or senior manager as your AML compliance officer. This person is responsible for ensuring compliance with FICA and for reporting suspicious transactions to the FIC.
Implement customer due diligence procedures. Establish procedures for verifying the identity of all customers and business partners before entering into a business relationship. Document these procedures and train all relevant staff.
Establish record-keeping procedures. Keep records of all KYC documentation for a minimum of 5 years after the end of the business relationship. Records must be available for inspection by the FIC on request.
Train your staff. Provide AML training to all staff who deal with customers or handle financial transactions. Keep training records as evidence of your compliance programme.
Register on the Digital Product Passport Registry. The Digital Product Passport Registry provides a standardised KYC verification process that includes AML compliance documentation review.

Common Mistakes and How to Avoid Them

No written AML policy. Many South African SMEs rely on informal procedures rather than a documented policy. EU compliance teams require a written policy document signed by senior management.
No compliance officer appointment. The compliance officer role must be formally documented and the person must have received AML training. An informal designation is not sufficient.
Inadequate record-keeping. FICA requires records to be kept for 5 years. Many businesses delete records after 3 years or keep them in formats that are not easily retrievable. Ensure your record-keeping system is FICA-compliant.
No suspicious transaction reporting procedure. Your AML policy must include a clear procedure for identifying and reporting suspicious transactions to the FIC. Failure to report a suspicious transaction is a criminal offence under FICA.

Frequently Asked Questions

What is AML compliance and why does it matter for exporters?▼
What must an AML compliance programme include?▼
Do I need to appoint a compliance officer?▼