South African businesses are under growing pressure to improve financial crime detection as regulators tighten enforcement ahead of the country’s October 2025 deadline to exit the Financial Action Task Force (FATF) greylist.
“Red flags are almost always there – but too often missed,” says Hawken McEwan, director of risk and compliance at nCino KYC Africa. “In today’s environment, due diligence is no longer just compliance – it’s a frontline defence.”
nCino KYC Africa, formerly DocFox Africa, develops fintech tools to help companies meet regulatory obligations. McEwan warns that despite post-greylisting investments, many institutions still fail to identify illicit activity early enough, risking serious legal, reputational and operational fallout.
Financial crime is rising, with emerging technologies like AI accelerating the trend. A LexisNexis Risk Solutions study found 60% of South African organisations have seen an increase in AI-facilitated financial crime – above the 56% global average. At the SAFPS International Fraud Summit, in May, TransUnion’s Amritha Reddy warned that AI-generated deepfakes are already bypassing KYC systems.
Since being greylisted in February 2023, SA has addressed 20 of the 22 reforms required by the FATF. Remaining gaps include complex investigations and prosecutions. Failure to meet these by October 2025 could extend the greylisting, with economic consequences.
McEwan says the fundamentals of client due diligence haven’t changed, but the stakes have. “The urgency and consistency now required are non-negotiable. The process is the same, but the consequences of failure are far greater.”
Common red flags, according to the Financial Intelligence Centre (FIC), include:
- Structured cash deposits just below the R49 999.99 reporting threshold.
- High-value cash refunds.
- Clients refusing standard ID documents.
- Transactions linked to high-risk jurisdictions.
- Unusual or economically senseless activity.
- Purchases unrelated to a client’s known business or location.
“These behaviours rarely occur in isolation,” McEwan notes. “A client insisting on cash payments, refusing to explain funds and buying property in another province – together, that’s a pattern of risk.”
While the FIC has issued helpful guidance, McEwan argues it's often inaccessible. “Lengthy PDFs full of jargon don’t help frontline staff. We need practical, tech-enabled tools to simplify compliance.”
Tools like automated ID checks, real-time sanctions screening and digital onboarding are crucial – not just to catch obvious fraudsters, but to detect hidden threats: shell companies, synthetic identities and illicit actors who initially appear legitimate.
McEwan says complacency remains a major risk. “South Africa’s regulations are solid, but inconsistent enforcement allows financial crime to thrive. Education must be backed by consequences. Sometimes, it takes a fine to drive change.”
Penalties for non-compliance range from R10 million for individuals to R50 million for corporates and up to 15 years’ imprisonment. Smaller firms are especially vulnerable, often lacking the defences of larger institutions.
“This isn’t just a white-collar problem,” McEwan warns. “Unchecked financial crime enables human trafficking, drug networks and wildlife smuggling. It’s not theoretical – it’s happening now.”
With regulators stepping up inspections, businesses must prove they’re not only aware of their obligations under the FIC Act, but are actively meeting them. Failure to do so could cost far more than the price of compliance, he concludes.
Share