No RMCP, no excuse: FSCA fines three FSPs a combined R735 000

Despite repeated warnings, some financial services providers still aren’t getting the message: compliance with the Financial Intelligence Centre Act (FICA) isn’t optional. Last week, the FSCA announced it had imposed fines totalling R735 000 on FSPs that failed to implement a proper Risk Management and Compliance Programme (RMCP).

Adams Chrambanis & Associates CC, ID Capital (Pty) Ltd, and Henk Kolver Investment Management Services were all hit with penalties – a costly reminder that the Authority is making good on its commitment to enforce the rules.

The objective of FICA is, among other things, to help combat money laundering, the financing of terrorism and other related criminal activities. As a designated supervisory body under FICA, the FSCA is tasked with monitoring and enforcing compliance among several categories of accountable institutions.

In its latest Regulatory Actions Report (for the period 1 April 2023 to 31 March 2024), the FSCA stated that it intends to ramp up awareness of anti-money laundering and counter-financing of terrorism (AML/CFT) compliance, while intensifying its supervisory activities. The report also noted a significant increase in the total value of administrative penalties issued – from R420 000 in the 2022/23 financial year to nearly R20 million in 2023/24.

Just last month, Charl Geel, the head of FICA supervision at the FSCA, said enforcement must not lose momentum, particularly in the context of South Africa’s efforts to exit the Financial Action Task Force’s grey list – and beyond.

Read: AML/CFT | Strict enforcement will be the new normal

He underscored that enforcement is not a temporary fix but the new norm, adding that firms should expect the FSCA to take strong action when they fail to meet their compliance obligations.

Failure to properly develop and implement an RMCP

In a statement, the FSCA said that in the case of all three sanctioned FSPs, the primary violation was the failure to develop and implement a proper RMCP.

Adams Chrambanis & Associates (ACA) faced the most severe penalties, with the FSCA finding that the firm had no RMCP in place at all. Additionally, ACA failed to conduct basic customer due diligence, such as identifying politically exposed persons or checking whether clients appeared on international sanctions lists. Senior management was also found to have neglected its oversight duties under FICA.

The FSCA’s Notice of Administration Sanction, issued on 21 November 2024, highlighted that ACA had not co-operated with the Authority during and after the inspection. The FSCA noted that ACA failed to acknowledge its non-compliance, despite being given opportunities to provide feedback and take corrective action.

The FSCA first shared the draft inspection report with ACA on 16 May 2023, followed by a resend on 21 June 2023. The final report was issued on 23 November 2023, but the FSCA noted that it did not receive any representations or remediation from ACA in response to these reports.

On 19 August 2024, ACA received a notice of suspension for non-compliance with sections 19(1) and (2) of the Financial Advisory and Intermediary Services Act. Prior to this, on 3 July 2024, the FSCA had issued a Notice of Intention to Sanction (NIS) to ACA, which resulted in initial representations from ACA on 17 July 2024. ACA requested an extension until 3 August 2024 to comply with the directive. On 3 August 2024, ACA submitted an unsigned RMCP and sought another extension until 19 August 2024. The firm later requested a third extension, asking for an additional two weeks.

Between 2 and 5 September 2024, ACA provided the FSCA with documentation and information to address the NIS and further representations explaining why the intended administrative sanction should not be imposed. This included a signed RMCP and client files for 9 out of 16 sampled clients, containing information such as customer due diligence, client risk ratings, and client screening against the Targeted Financial Sanctions (TFS) lists.

ACA also expressed an understanding of the need to comply with FICA.

In response, the FSCA imposed the following sanctions in November 2024 – ACA was required to remediate the following non-compliance issues and submit evidence of remediation to the FSCA by 31 December 2024:

• Risk rate the remaining 7 out of 16 clients in accordance with the business risk assessment.
• Conduct customer due diligence on these 7 clients in compliance with FICA and business risk assessment.
• Screen the remaining clients against the TFS lists as required by FICA.
• Appoint a person with sufficient competence and seniority to ensure the effectiveness of the compliance function, or alternatively, have the sole member upskill herself to ensure ongoing compliance.

ACA was cautioned against repeating the violations that led to the non-compliance.

The FSCA also imposed financial penalties:

• a R300 000 fine for non-compliance with sections 42(1) and (2) read with section 21(1) of FICA;
• a R325 000 fine for non-compliance with sections 21(1), 21A, 21C(1), 21D, and 21F-H; and
• a R160 000 fine for non-compliance with section 28A read with section 26B.

ACA was directed to pay R485 000 of the penalty by 20 December 2024.

The remaining R300 000 of the total financial penalty is suspended for three years, on the condition that ACA complies with the remediation directive and maintains full compliance with FICA during this period.

Need for virtual FSCA meetings after feedback

Although ID Capital and Henk Kolver had RMCPs in place, they were judged inadequate and failed to address how the firms would meet several statutory obligations.

Henk Kolver also fell short in screening clients against the TFS lists, a critical step in identifying individuals or entities linked to terrorism or the proliferation of weapons.

In light of these findings, the FSCA imposed the following fines:

• Henk Kolver: R300 000, with R150 000 suspended for three years.
• ID Capital: R200 000, with R100 000 suspended for three years.

Both firms were also issued directives to correct the identified deficiencies.

The initial inspection on ID Capital took place in August 2022.

Jan van Staden, director at ID Capital, told Moonstone that since then, there have been significant amendments to FICA, and an increased array of responsibilities imposed on accountable institutions in their day-to-day operations.

“The deficiencies identified by the FSCA, upon which the fine was imposed, relate to the RMCP’s failure to delineate the procedures by which ID Capital would identify and report Terrorist Financing Activities Reports (TFAR).”

Van Staden shared that the indicators for Terrorist Financing Transactions Reports (TFTR) were not adequately customised to align with the specific nature of ID Capital’s business operations.

“Had there been more extensive virtual engagement (for example via Teams) with the FSCA during the inspection process, we would have gained a clearer understanding of the expectations regarding the format and structure of our RMCP,” he said. “This would have ensured that all relevant sections, including annexures, addressing the identified deficiencies were properly incorporated and considered during the inspection.”

ID Capital confirmed it had accepted the decision of the FSCA and paid the penalty.

“As an accountable institution, we understand the importance of adhering to the FIC Act and have always endeavoured to be compliant.”

Van Staden said that to address the deficiencies identified by the FSCA in relation to FICA compliance, ID Capital has subsequently updated its RMCP to address the findings arising from the inspection.

“We are pleased to report that, following the final determination of the inspection on 19 March 2025, the FSCA identified no deficiencies or required remedial actions and expressed satisfaction with our submissions, while also acknowledging and thanking us for our co-operation throughout the process.”

However, Van Staden noted that as an accountable institution that has undergone the inspection process, it is essential to request virtual meetings with the FSCA after each round of feedback to ensure all expectations are met, particularly when remediation actions are required.

“The written feedback provided was somewhat vague, primarily referencing sections of the FIC Act where deficiencies were identified yet lacking sufficient context to enable a full understanding of the issues.”

Van Staden shared that during the final phase of the inspection, ID Capital sought a meeting with the FSCA to clarify the deficiencies highlighted in the feedback.

“It was subsequently discovered that certain sections had been overlooked, including the TFAR and TFTR indicators and the manner in which to report them. These sections had been placed in the annexures rather than the body of the RMCP, leading to their exclusion from consideration, as they did not form part of the core document.”

Additionally, Van Staden said the FSCA had assumed that a template had been used without customisation to reflect the specific profile of ID Capital. However, he said that after providing a comprehensive explanation of our business model, this misunderstanding was resolved.

“Maintaining open and transparent communication with the FSCA throughout the inspection process is vital to ensuring that mutual expectations are fully aligned and that all compliance requirements are effectively met.”

To further its commitment to compliance, ID Capital established an in-house compliance function alongside its external compliance advisor, strengthening its capacity to meet legislative requirements efficiently and on time.

Going forward, Van Staden noted that ID Capital is fully dedicated to ensuring that the RMCP remains a dynamic and integral document within the organisation.

“The inspection has highlighted the importance of ensuring that the RMCP is a living document in ID Capital. The RMCP plays a critical role in supporting our and the industry’s efforts to combat anti-money laundering, counter-terrorism financing, and counter-proliferation financing.”

Clarification on the role of RMCP

The FSCA has labelled the compliance failures by the three sanctioned financial services providers as serious breaches of the Act.

“The requirement to understand and mitigate money laundering and terrorist financing risks through effective implementation of an RMCP is vital not only because it assists accountable institutions to protect and maintain the integrity of their own businesses but also because it helps contribute to the integrity of the South African financial system as a whole,” the Regulator stated.

It also underscored that conducting proper due diligence on all clients is essential to prevent suspicious and criminal actors from infiltrating the financial system.

The FSCA’s report highlights that failure to implement an RMCP, identify money laundering and terrorist financing risks, and conduct adequate customer due diligence remain persistent concerns in the sector.

Among the trends identified during the reporting period were:

• Deficient RMCPs and weak AML/CFT controls: Many institutions still have inadequate risk management frameworks, resulting in AML/CFT controls.
• Failure to conduct customer due diligence and risk-rate clients: A lack of proper client vetting and risk assessment continues to undermine compliance efforts.
• Failure to screen clients against the Targeted Financial Sanctions Lists: Too many institutions are neglecting this critical step in identifying individuals or entities linked to terrorism or other criminal activity.

In its report, the FSCA referred entities to a key decision by the Appeal Board of the Financial Intelligence Centre Act, offering guidance on the proper application of the Act.

As part of its supervisory responsibilities, the FSCA conducted an inspection of Jannie Parsons Future Financials (Pty) Ltd (JPFF), an authorised FSP, on 18 and 19 October 2021. Following the inspection, the FSCA imposed a financial penalty of R870 000 on JPFF on 14 December 2022 for non-compliance with several provisions of the FIC Act.

JPFF appealed the penalty, but on 17 July 2023, the Appeal Board dismissed the appeal, upholding the FSCA’s decision.

The Appeal Board’s ruling provided important clarification on the role and significance of RMCP, highlighting that:

• Section 42(1) of FICA requires all accountable institutions to develop, document, maintain and implement a RMCP. This requirement is not merely bureaucratic in nature and must be strictly adhered to.
• Section 42(2)(a) of FICA mandates that the obligations placed on accountable institutions exist regardless of the risk rating of their clients and/or products. This risk rating is not considered a relevant factor under section 45C(2) of FICA.
• Section 58(5)(c) of the Financial Sector Regulation Act requires the FSCA to consider international regulatory and supervisory standards set by standard setting bodies in which it participates. In the context of FICA contraventions, this includes the standards developed by the Financial Action Task Force. Accordingly, under section 45C(2)(e) of FICA, the FSCA must consider any other relevant factor when determining an appropriate sanction, ensuring that the sanction is effective, proportionate and dissuasive.

The Authority noted that the most recent sanctions serve as reminders that the FSCA will not tolerate non-compliance with FICA.

“All accountable institutions are urged to continually review and enhance their anti-money laundering and terrorist financing controls at the highest levels and to conduct thorough risk assessments on a regular basis. Failure to do so will result in firm regulatory action.”