What the FIC Examines During a Compliance Inspection · Updated for FICA Amendment Act 22 of 2022 · FIC PCC 59
Use this checklist to prepare for a FIC compliance inspection. Each section maps to a specific area the FIC examines, with the relevant FICA provision. Use your browser's Print function (Ctrl+P / Cmd+P) and select Save as PDF to download.
KYC REGISTRY — kycregistry.co.za
FICA Inspection Checklist
Updated for FICA Amendment Act 22 of 2022 · FIC PCC 59 · Printed 9 April 2026
This checklist covers the six primary areas examined by the Financial Intelligence Centre (FIC) during a FICA compliance inspection under section 45 of the Financial Intelligence Centre Act 38 of 2001. The FIC conducts both scheduled and unannounced inspections. Institutions that cannot produce the required documentation on demand face administrative sanctions of up to R50 million (legal entities) or R10 million (natural persons, including the compliance officer) per contravention under the amended FICA s.45C.
Note: This checklist is a compliance preparation tool, not legal advice. Consult a qualified compliance officer or attorney for institution-specific guidance.
01
Risk Management and Compliance Programme (RMCP)
FICA: FICA s.42
Written RMCP exists and is retrievable on demand
RMCP has been approved by the board or senior management (signed resolution or equivalent)
RMCP reflects the current date — reviewed within the past 12 months or after any material change
Risk assessment covers all four dimensions: customer, product, geographic, and delivery channel risk
Risk ratings are institution-specific, not generic copy-paste content
CDD and EDD policies are documented and consistent with actual practice
STR and CTR filing procedures are documented and staff-accessible
Record-keeping policy specifies retention periods (minimum 5 years)
Staff training policy is documented with frequency and content requirements
Compliance officer is named in the RMCP with direct escalation path to senior management
Previous RMCP versions are retained for minimum 5 years
02
Customer Due Diligence (CDD) Records
FICA: FICA s.21–s.22
CDD records exist for every current customer and every customer onboarded in the past 5 years
Individual customer records include: full name, ID number (SA ID or passport), and residential address
Legal entity records include: registration number, registered address, directors, and beneficial owners (≥5%)
Beneficial ownership records reflect the 5% threshold per FIC PCC 59 (August 2024)
CDD records are retrievable within a reasonable timeframe (FIC expects same-day or next-day retrieval)
High-risk customers have EDD documentation on file (PEP status, source of funds, enhanced monitoring)
CDD records are updated when material changes occur (e.g., change of beneficial owner, address change)
Ongoing monitoring records demonstrate that customer risk profiles are reviewed periodically
Records are stored securely with access controls and audit trails
03
Suspicious Transaction Reports (STRs) and Cash Threshold Reports (CTRs)
FICA: FICA s.28–s.29
STR log exists documenting all suspicious transactions identified (whether reported or not)
All STRs filed with the FIC within 15 days of suspicion arising (FICA s.29)
CTR log exists documenting all cash transactions ≥R49,999
All CTRs filed with the FIC within 2 business days of the transaction (FICA s.28)
Internal escalation records show the decision-making process for each STR (who identified, who approved, when filed)
STR and CTR records retained for minimum 5 years
Staff can demonstrate awareness of STR filing obligations and internal escalation procedures
No evidence of "tipping off" — customers were not informed of STR filings
04
Staff Training Records
FICA: FICA s.43
Training attendance records exist for all customer-facing and transaction-processing staff
Training records cover at least the past 5 years
Training content is documented (materials, slides, or e-learning completion certificates)
Training covers: RMCP content, STR identification and filing, CDD obligations, and legal consequences of non-compliance
New employee training records show training was completed before customer-facing duties commenced
Training frequency meets minimum annual requirement for all relevant staff
Compliance officer has completed or arranged sector-specific AML/CFT training
Training records are retrievable and producible on demand during inspection
05
Beneficial Ownership Documentation
FICA: FICA s.21B / FIC PCC 59
Beneficial ownership records exist for all legal entity customers
Records identify all natural persons holding ≥5% direct or indirect ownership (FIC PCC 59, August 2024)
Beneficial ownership records include: full name, ID number, nationality, and ownership percentage
Records show the ownership chain for complex structures (subsidiaries, trusts, nominees)
Beneficial ownership records are updated when ownership changes occur
EDD has been applied to legal entity customers with complex or opaque ownership structures
Records demonstrate that beneficial ownership was verified, not merely declared
06
Sanctions Screening
FICA: FICA s.26A
Sanctions screening policy is documented in the RMCP
All customers are screened against FIC-designated lists at onboarding
Ongoing screening is conducted for existing customers (at minimum when lists are updated)
Screening covers: FIC-designated persons and entities, UN Security Council consolidated list, and OFAC SDN list (for USD transactions)
Screening records are retained and producible on demand
Escalation procedure for positive matches is documented and followed
Staff responsible for screening can demonstrate knowledge of the procedure
07
Governance and Compliance Officer
FICA: FICA s.42A
Compliance officer is a named natural person employed by or contracted to the institution
Compliance officer appointment has been notified to the FIC
Compliance officer has direct access to senior management without obstruction from line management
Compliance officer has sufficient seniority and authority to implement the RMCP
Board or senior management receives regular compliance reports (quarterly recommended)
Compliance officer has completed relevant AML/CFT training or holds an accredited qualification
Succession plan or deputy compliance officer is identified for continuity