South Africa: regulatory compliance readiness for AML/CFT, biometrics and cyber mandates

Operate with demonstrable AML/CFT effectiveness after FATF grey list exit, aligned to Twin Peaks supervision, FICA reporting duties, POPIA privacy controls, and Joint Standard 2 cyber requirements. 

Why compliance expectations are rising in South Africa

Post-FATF grey list excellence

Historic milestone: FATF grey list removal (October 2025) following completion of an Action Plan addressing key deficiencies, including beneficial ownership transparency, MLTF prosecutions, and supervisory effectiveness.

Twin Peaks regulatory model

  • Prudential Authority (SARB): Bank supervision, capital adequacy, liquidity
  • Financial Sector Conduct Authority (FSCA): Market conduct, consumer protection
  • Financial Intelligence Centre (FIC): AML/CFT supervision and STR analysis

Comprehensive Regulatory Framework

  • FICA (Financial Intelligence Centre Act): Enhanced CDD/EDD, STR filing, cash reporting (ZAR 49,999.99)
  • POPIA (Protection of Personal Information Act): 24-hour breach notification, data minimization, Information Officer appointment
  • Joint Standard 2 of 2024: Cybersecurity compliance effective June 2025 – 24-hour incident reporting, penetration testing, board oversight

Digital Banking Landscape

  • Big Four dominance (Standard Bank, FirstRand/FNB, Absa, Nedbank – 85% market share)
  • Digital challengers: TymeBank (7M customers), Discovery Bank, Bank Zero
  • 80% banking penetration, 20M mobile banking users
  • DHA National Population Register biometric verification achieving <1% error rates

Key Compliance Requirements

  • DHA biometric verification (fingerprint and facial recognition)

  • PEPs screening (DPIPs – Domestic Prominent Influential Persons, FPPOs – Foreign Prominent Public Officials)

  • Beneficial ownership (25% threshold, CIPC registry access)

  • Real-time sanctions screening (UN, domestic TFS)

  • PASA 2016 interoperable biometric standards

  • Cybersecurity incident reporting (24 hours)

Facephi capabilities for South Africa

  • Digital Onboarding

    DHA API integration, <1% biometric error rates, ISO 29794-5 liveness detection

  • Biometric Authentication

    PASA 2016 compliant multi-modal biometrics (facial, fingerprint, voice)

  • AML Screening

    UN sanctions, domestic TFS, PEPs (DPIPs/FPPOs), adverse media monitoring

  • Behavioral Biometrics

    Joint Standard 2 cybersecurity compliance, continuous authentication

  • Mule Account Detection

    Network analysis supporting sustained MLTF prosecution requirements

  • Transaction Monitoring

    FICA-compliant with 15-day STR automation, cash reporting (ZAR 24,999.99), structuring detection
Facephi Facephi Identity Platform Onboarding Authentication UX Consultancy Facephi Builder Facephi Central Services Fraud Intelligence Platform Identity Fabric KYB Platform Teseo Identity Wallet IDV Suite Cuentas Mula Behavioural Biometrics Linkedin YouTube X Facebook
Secret Link