What Are FIC Administrative Sanctions?
The Financial Intelligence Centre (FIC) has the authority to impose administrative sanctions on accountable institutions that fail to comply with the Financial Intelligence Centre Act 38 of 2001 (FICA). These sanctions are civil penalties — not criminal prosecutions — and are imposed directly by the FIC without the need for a court order. They are governed by FICA Section 45C, inserted by the Financial Intelligence Centre Amendment Act 1 of 2017.
Administrative sanctions are distinct from criminal penalties. Criminal prosecution under FICA can result in imprisonment of up to 15 years, but criminal cases require the National Prosecuting Authority to act. Administrative sanctions are faster, more certain, and increasingly used by the FIC as its primary enforcement tool. Since the FIC received its enhanced enforcement powers in 2017, it has issued dozens of public compliance notices and administrative sanctions against banks, insurers, estate agents, accountants, and other accountable institutions.
The FIC publishes all administrative sanctions on its website, making non-compliance a reputational risk as well as a financial one. A published sanction against a law firm, accounting practice, or estate agency is visible to clients, regulators, and professional bodies — and can trigger further disciplinary action by the relevant supervisory body (IRBA, SAICA, PPRA, etc.).
FICA Section 45C: The Penalty Framework
Section 45C of FICA sets out the maximum administrative sanctions the FIC may impose. The penalties are tiered by the type of institution and the nature of the violation. The FIC has discretion to impose any amount up to the maximum, taking into account the seriousness of the non-compliance, the duration of the non-compliance, whether the institution cooperated with the FIC, and whether the institution has a history of prior non-compliance.
| Institution Type | Maximum Penalty | Applicable To |
|---|---|---|
| Natural person (individual) | R10 million | Sole proprietors, individual practitioners, directors personally liable |
| Legal person (company, CC, trust, partnership) | R50 million | All registered entities that are accountable institutions |
| Reporting institution (non-accountable) | R10 million | Institutions with STR reporting obligations only |
It is important to note that these are maximum penalties per violation. The FIC may impose multiple sanctions for multiple violations arising from a single inspection. An institution with systemic non-compliance across CDD, record-keeping, and RMCP obligations could face multiple separate sanctions, each up to the maximum.
What Violations Attract Administrative Sanctions?
The FIC can impose administrative sanctions for any contravention of FICA. In practice, the most common violations that result in published sanctions fall into five categories:
| Violation Category | FICA Section | Sanction Risk |
|---|---|---|
| Failure to establish or implement an RMCP | S.42 | High |
| Failure to conduct Customer Due Diligence (CDD) | S.21 | High |
| Failure to verify beneficial ownership | S.21B | High |
| Failure to keep records for the required period | S.22–S.24 | Medium |
| Failure to report a Suspicious Transaction (STR) | S.29 | High |
| Failure to train staff on FICA obligations | S.43 | Medium |
| Failure to apply Enhanced Due Diligence (EDD) to PEPs | S.21G | High |
| Failure to conduct ongoing monitoring | S.21H | Medium |
| Failure to register with the FIC | S.43B | Medium |
| Tipping off a person who is the subject of an STR | S.29(4) | High |
The FIC Enforcement Process
Before imposing an administrative sanction, the FIC must follow a prescribed process under FICA Section 45C. This process includes:
- Inspection: The FIC conducts an on-site or desk-based inspection of the accountable institution's FICA compliance programme.
- Preliminary findings: The FIC issues a preliminary findings letter setting out the alleged contraventions.
- Right of response: The institution has the right to respond in writing to the preliminary findings within a specified period (typically 30 days).
- Sanction notice: If the FIC is satisfied that a contravention occurred, it issues a formal sanction notice specifying the penalty amount.
- Appeal: The institution may appeal the sanction to the Financial Services Tribunal within 30 days of receiving the sanction notice.
- Publication: Once a sanction is final (i.e., not appealed or upheld on appeal), the FIC publishes it on its website.
The right of response is critical. Institutions that engage constructively with the FIC during the preliminary findings stage — acknowledging non-compliance, demonstrating remediation steps, and cooperating fully — typically receive reduced penalties compared to institutions that contest findings or fail to respond.
Published FIC Enforcement Cases
The FIC publishes administrative sanctions on its website at fic.gov.za. Notable published cases illustrate the range of institutions and violations that attract sanctions:
| Institution Type | Primary Violation | Outcome |
|---|---|---|
| Major commercial bank | Systemic CDD failures, inadequate RMCP | Administrative sanction + remediation order |
| Insurance company | Failure to verify beneficial ownership of corporate clients | Administrative sanction + public notice |
| Estate agency | No RMCP, no staff training, no CDD records | Administrative sanction + compliance undertaking |
| Accounting firm | Failure to register with FIC, no STR procedures | Administrative sanction + IRBA referral |
| Crypto asset service provider | Failure to apply risk-based approach, no Travel Rule procedures | Administrative sanction + FSCA referral |
The FIC's enforcement focus has shifted significantly since 2022. Prior to the FATF grey-listing in October 2023, enforcement was relatively light. Since grey-listing, the FIC has substantially increased inspection frequency and sanction amounts as part of South Africa's remediation plan to exit the FATF grey list by July 2026.
How to Avoid FIC Administrative Sanctions
The most effective way to avoid administrative sanctions is to implement a robust, documented FICA compliance programme before the FIC conducts an inspection. The FIC's inspection framework focuses on five core areas:
| Inspection Area | What the FIC Looks For | Key Document |
|---|---|---|
| Risk Management and Compliance Programme (RMCP) | Written, board-approved RMCP tailored to the institution's specific risk profile | RMCP document (FICA S.42) |
| Customer Due Diligence (CDD) | Evidence that CDD was conducted for all clients, with records retained | Client onboarding files (FICA S.21) |
| Beneficial Ownership | Identification of all beneficial owners of legal entity clients (5% threshold) | BO register or BO declaration forms (FICA S.21B) |
| STR Procedures | Written procedures for identifying and reporting suspicious transactions to the FIC | STR policy and reporting log (FICA S.29) |
| Staff Training | Evidence of annual FICA training for all relevant staff, with attendance records | Training records (FICA S.43) |
Institutions that can produce documented evidence of compliance in each of these five areas during an FIC inspection are significantly less likely to receive administrative sanctions. The FIC's approach is risk-based — institutions with adequate controls in place but minor procedural gaps are more likely to receive a compliance undertaking than a financial sanction.
FATF Grey-List and Increased Enforcement
South Africa was added to the FATF grey list (Jurisdictions under Increased Monitoring) in October 2023. This has direct consequences for enforcement intensity. As part of its action plan to exit the grey list by July 2026, South Africa committed to demonstrating a significant increase in AML/CFT enforcement actions, including FIC administrative sanctions.
Accountable institutions should expect more frequent FIC inspections, higher sanction amounts, and faster publication of enforcement actions in the period leading up to the July 2026 FATF review. The FIC has also increased coordination with sector supervisors (FSCA, PA, PPRA, IRBA, LSSA) to ensure that FIC sanctions are followed by professional body disciplinary action where appropriate.
The practical implication is that institutions that have historically operated with informal or undocumented FICA compliance programmes face materially higher enforcement risk in 2025 and 2026 than they did in prior years. The cost of remediation before an inspection is significantly lower than the cost of a sanction after one.
Frequently Asked Questions
- Can the FIC impose a penalty without a court order?
- Yes. Administrative sanctions under FICA Section 45C are imposed directly by the FIC without a court order. They are civil penalties, not criminal convictions. The institution has the right to appeal to the Financial Services Tribunal within 30 days.
- Does a FIC administrative sanction appear on a criminal record?
- No. Administrative sanctions are civil penalties and do not appear on a criminal record. However, they are published on the FIC website and are publicly accessible, which creates reputational risk.
- Can individual directors be personally sanctioned?
- Yes. The FIC can impose sanctions on both the institution and on individual natural persons (directors, compliance officers, partners) who were responsible for the non-compliance. The maximum for a natural person is R10 million.
- What is the difference between a compliance undertaking and an administrative sanction?
- A compliance undertaking is a formal commitment by the institution to remedy specific non-compliance within a specified timeframe. It is less severe than a financial sanction and is typically used for first-time or minor violations. Failure to honour a compliance undertaking can result in a financial sanction.
- How long does the FIC enforcement process typically take?
- From the initial inspection to a final published sanction typically takes 6 to 18 months, depending on the complexity of the case and whether the institution appeals. Institutions that cooperate fully and respond promptly to preliminary findings typically resolve matters faster.