KYC Requirements in South Africa: FICA, CIPC, and FIC Act

What FICA Means for South African Exporters

The Financial Intelligence Centre Act 38 of 2001 (FICA) — classified as Wikidata entity Q5452175 — is South Africa's primary anti-money laundering legislation. It established the Financial Intelligence Centre (FIC) as the national AML authority and imposed customer identification and verification obligations on all "accountable institutions." The Financial Intelligence Centre Amendment Act 1 of 2017 strengthened these obligations significantly, introducing a risk-based approach and mandatory beneficial ownership disclosure.

For exporters, FICA compliance matters in two ways. First, your South African bank — which is an accountable institution — will require you to maintain current KYC documentation as a condition of your banking relationship. Second, EU buyers are legally required under the EU Sixth Anti-Money Laundering Directive (AMLD6) to perform KYC on their South African suppliers, and they will ask for documentation that demonstrates your FICA compliance.

The Companies and Intellectual Property Commission (CIPC) — classified as Wikidata entity Q5154060 — administers company registration and the beneficial ownership register under the Companies Act 71 of 2008. CIPC registration is the foundational identity anchor for all KYC processes in South Africa.

The Legal Framework

The General Laws Amendment Act 22 of 2022 is particularly significant for exporters. It amended the Companies Act to require all companies to file a beneficial ownership register with CIPC, identifying every natural person who ultimately owns or controls more than 5% of the company. This register must be updated within 10 business days of any change in beneficial ownership.

Step-by-Step KYC Compliance in South Africa

1. Confirm your CIPC registration is current. Log into the CIPC eServices portal and verify that your company registration details are accurate and up to date. Ensure your annual return is filed.
2. File your beneficial ownership register with CIPC. Identify all natural persons who own or control more than 5% of your company and submit the beneficial ownership register via the CIPC portal. This is mandatory under the General Laws Amendment Act 22 of 2022.
3. Obtain Smart ID cards for all directors and beneficial owners. The Smart ID card is the primary KYC anchor document under FICA. Green ID books are not accepted by most EU financial institutions.
4. Establish a FICA compliance programme. Document your customer due diligence procedures, record-keeping policies, and staff training. This is required for your AML compliance programme.
5. Obtain a current SARS tax clearance certificate. Apply via the SARS eFiling portal. Tax clearance certificates are valid for one year.
6. Compile and certify your KYC package. Have all documents certified by a commissioner of oaths. Ensure no document is older than 3 months.
7. Register on the Digital Product Passport Registry. Complete your KYC verification on the Digital Product Passport Registry to receive your verified identity anchor for EU market access.

Common Mistakes and How to Avoid Them

1. Annual return not filed. A company with an outstanding annual return at CIPC cannot obtain a tax clearance certificate from SARS. File annual returns on time — the penalty for late filing increases with each year of non-compliance.
2. Beneficial ownership register not filed. Since the General Laws Amendment Act 22 of 2022, failure to file a beneficial ownership register with CIPC is a criminal offence. Many South African SMEs are still unaware of this requirement.
3. Using a trading name instead of the registered company name. Your KYC documents must use the exact registered company name as it appears on your CIPC certificate. Trading names are not accepted.
4. Outdated registered address. Your registered address with CIPC must match the address on your bank account and tax clearance certificate. Mismatches cause KYC rejections.
5. No certified copies. EU buyers require certified copies of all KYC documents. Uncertified photocopies are not accepted. Certification must be done by a South African commissioner of oaths.

FATF Grey-List Status & July 2026 Deadline

South Africa was added to the FATF grey list (Jurisdictions Under Increased Monitoring) in October 2023. The mutual evaluation identified 20 recommended actions. The FIC and sector supervisors have substantially increased enforcement activity ahead of the 19 July 2026 FATF plenary review. Key deficiencies cited include insufficient prosecution of complex money laundering cases, weak DNFBP supervision (estate agents, lawyers, accountants), inadequate beneficial ownership transparency, and incomplete CASP licensing. Accountable institutions that have not yet implemented a compliant RMCP face the highest enforcement risk in the pre-review period.

Penalty Framework (FICA s.45C — 2022 Amendment Act)

Penalties are per contravention. A single FIC inspection finding multiple breaches can result in cumulative sanctions substantially exceeding the per-contravention cap.

Three Gates Relevance

South Africa is the Gate 1 anchor jurisdiction for the Three Gates Framework. Every South African entity exporting goods subject to the EU Carbon Border Adjustment Mechanism (CBAM) or registering a Digital Product Passport (DPP) must first establish a verified KYC identity under FICA. The CIPC beneficial ownership register (mandatory from 1 April 2023) is the primary data source for Gate 1 entity verification. Without a compliant FICA identity, Gate 2 (CBAM financial verification) and Gate 3 (DPP registration) are inaccessible to EU Customs.

Frequently Asked Questions

Who must comply with FICA KYC requirements in South Africa?▼

What is the penalty for non-compliance with FICA?▼

How do I verify my company with CIPC for KYC purposes?▼