FICA COMPLIANCE CHECKLIST
FICA KYC Checklist
Payment Providers
Payment service providers are accountable institutions under FICA Schedule 1, supervised by the SARB. This checklist covers CDD for individual users and business merchants, transaction monitoring requirements, and reporting obligations. The high transaction volumes typical of payment providers make automated monitoring and real-time screening essential.
STEP 1
Individual User — Standard CDD
- Certified copy of SA ID or Smart ID card (FICA S.21(a))
- Selfie / liveness check for digital onboarding
- Proof of residential address — not older than 3 months
- Mobile number and email address verification
- Source of funds declaration for high-value transactions
STEP 2
Business Merchant — Standard CDD
- CIPC registration certificate
- Proof of registered business address
- List of directors and beneficial owners (5% threshold — FIC PCC 59)
- Certified ID documents for all beneficial owners
- Bank account verification (to confirm legitimate business)
- SARB payment system licence or exemption confirmation
STEP 3
Transaction Monitoring
- Real-time transaction monitoring system in place
- Velocity checks for unusual transaction patterns
- Geo-location risk scoring for cross-border transactions
- Automated alerts for transactions above R49 999 cash equivalent
- Sanctions screening on all transaction parties
STEP 4
Reporting Obligations
- STR filed via goAML for suspicious transactions (FICA S.29)
- Cash Threshold Reports for transactions above R49 999 (FICA S.28)
- SARB reporting for cross-border transactions above thresholds
- Chargeback and fraud incident reports maintained
STEP 5
Record-Keeping
- KYC records retained for minimum 5 years after account closure (FICA S.22)
- Transaction records retained for minimum 5 years
- AML/CFT policy reviewed and updated annually
- Compliance officer appointment documented
REGULATORY BASIS
Based on FICA 38 of 2001 (as amended), SARB Payment System Directives, and FIC PCC 59 (August 2024). Verify at fic.gov.za.