South African payment service providers (PSPs) and money remitters are accountable institutions under FICA. The payments sector is considered high risk for money laundering because payment platforms can be used to move funds quickly across borders and between accounts, making it difficult to trace the origin and destination of funds. This guide explains the specific KYC requirements that apply to payment providers.
Who Is a Payment Service Provider?
Schedule 1 of FICA includes persons who carry on the business of transmitting money or a monetary value, or issuing travellers' cheques, money orders, or similar instruments. This covers a wide range of businesses, including: mobile money operators, digital wallet providers, cross-border remittance services, payment aggregators, and point-of-sale payment processors.
PSPs must also be registered with the SARB under the National Payment System Act. The SARB's oversight of the payments sector is separate from FICA compliance but complementary to it.
CDD for Payment Customers
PSPs must verify the identity of every customer before allowing them to use the payment service. For individual customers, this means verifying name, date of birth, identity number, and address. For business customers, this means verifying the entity and all beneficial owners.
PSPs must also screen customers against PEP databases and sanctions lists at onboarding and on an ongoing basis. Customers who are PEPs or who appear on sanctions lists require Enhanced Due Diligence (EDD).
Transaction Monitoring
PSPs must monitor transactions on an ongoing basis to detect patterns that may indicate money laundering or terrorist financing. Transaction monitoring systems must be calibrated to the PSP's specific risk profile and must generate alerts for unusual transactions. PSPs must investigate alerts promptly and file Suspicious Transaction Reports (STRs) when appropriate.
Cross-Border Payments
Cross-border payment flows present heightened money laundering risk. PSPs that facilitate cross-border payments must apply enhanced scrutiny to transactions involving high-risk jurisdictions and must comply with the SARB's exchange control regulations. The FATF's requirements for wire transfers — including the transmission of originator and beneficiary information — apply to cross-border payment transactions.
Frequently Asked Questions
- Does a small payment aggregator need to comply with FICA?
- Yes. If a business transmits money or monetary value as a regular feature of its business, it is an accountable institution under FICA regardless of its size.
- What KYC is required for low-value payment transactions?
- FICA does not set a minimum transaction threshold below which KYC is not required. However, the risk-based approach allows for simplified due diligence for lower-risk customers and transactions. PSPs should document their simplified due diligence criteria in their RMCP.
- Must a PSP verify the identity of the recipient of a payment?
- For domestic payments, PSPs must verify the identity of the sender. For cross-border payments, the FATF wire transfer requirements may also require the collection and transmission of beneficiary information.
- What is the penalty for a PSP that does not conduct KYC?
- The FIC can impose administrative sanctions of up to R10 million per contravention. The SARB can also take action under the National Payment System Act.
- Does a mobile money operator need to conduct KYC?
- Yes. Mobile money operators are accountable institutions under FICA and must verify the identity of all customers. The level of verification required depends on the customer's risk rating and transaction volumes.
Ready to Prepare Your KYC Package?
Use the sector-specific FICA compliance checklist for Payment Providers to ensure every required document and control is in place before your next FIC inspection or client onboarding.
Download the Payment Providers FICA Checklist →