South Africa's National Credit Regulator outlines RMCP and 15-day suspicious transaction reporting duties for credit providers under the FIC Act

South Africa's National Credit Regulator published guidance on how credit providers should mitigate money laundering, terrorist financing and proliferation financing risks as accountable institutions under the Financial Intelligence Centre Act. The note frames credit and lending products as vulnerable to abuse, including through early loan repayments or the use of borrowed funds for illicit purposes, and sets out key compliance expectations. Credit providers are required to develop, document, maintain and implement an anti-money laundering, counter-terrorist financing and counter-proliferation financing risk management and compliance programme (RMCP) that records the elements set out in section 42 of the Financial Intelligence Centre Act, including a risk-based approach, customer due diligence, targeted financial sanctions, account monitoring, reporting to the Financial Intelligence Centre (FIC), and record keeping. An effective RMCP is expected to be underpinned by an enterprise-wide risk assessment covering factors such as products and services, delivery channels, client base, geographies, business complexity and third-party service providers, with enhanced customer due diligence applied where higher risks are identified; board or senior management approval of the RMCP cannot be delegated. The RMCP must be provided to the FIC when requested, and the guidance notes that accountable institutions were previously instructed to submit RMCPs via the goAML platform by 12 March 2025. The regulator also reiterates that suspicious and unusual transaction or activity reports under section 29 of the Financial Intelligence Centre Act should be submitted to the FIC without delay and no later than 15 days after the relevant facts giving rise to suspicion become known.