Risk management and compliance enforcement

Issue 3 2025 Security Services & Risk Management

Having a risk management and compliance programme (RMCP) is not just a procedural formality; it is a legal requirement under Section 42 of the Financial Intelligence Centre Act (FICA). More importantly, it has become the focal point of regulatory enforcement, with recent penalties confirming that the Financial Sector Conduct Authority (FSCA) will not hesitate to act when institutions fall short.

In April, the FSCA announced fines totalling R735 000 against three financial services providers (FSPs) that failed to implement proper RMCPs. One firm had no RMCP at all. Others submitted incomplete, generic documents or failed to link procedures to their actual business risks. These were not isolated oversights, each case demonstrates a growing intolerance for compliance frameworks that exist in theory, but not in practice.


Sameer-Kumandan.

The consequences of

non-compliance

One firm was fined R300 000 for not having an RMCP in place. Additional penalties were issued for failures in risk-rating clients, conducting customer due diligence, and screening against the Targeted Financial Sanctions (TFS) lists.

Beyond the financial penalties, the FSCA has made it clear that enforcement is not temporary; it is the new normal. Institutions must expect greater scrutiny going forward, especially as South Africa remains under international pressure to improve its anti-money laundering (AML) and counter-terrorism financing (CFT) frameworks in line with FATF standards.

What an RMCP is, and what it is not

An RMCP is more than a document. It is a strategic, risk-based approach that must be tailored to the institution’s size, business model, client profile, and sector risks. The board of directors or the most senior governing body is responsible for approving and maintaining it. This responsibility cannot be delegated.

At a minimum, an RMCP must demonstrate how the institution identifies and assesses risks associated with its clients, transactions, and services. It must explain the procedures used to mitigate those risks, how these are monitored, and how the institution will ensure that due diligence is conducted consistently. It must also outline how the institution will meet its reporting obligations under FICA and ensure that employees are trained to understand and carry out their compliance duties. Institutions are at risk if these measures are not implemented, regularly reviewed, and embedded in daily operations – even if an RMCP has been drafted.

A living document in a shifting environment

Guidance Note 7A, issued by the Financial Intelligence Centre, has raised the bar for RMCP expectations. It clarifies that institutions must maintain version control, ensure internal documents referenced in the RMCP are available during inspections, and link controls directly to their risk assessments. The FSCA has already acted against firms that failed to do this.

An RMCP that is copied from a template or not approved by the board is insufficient. Regulators want evidence that the document is understood, applied, and updated as risks evolve.

Supporting compliance with technology

With expectations rising and enforcement tightening, technology is becoming essential in ensuring that RMCPs are not just in place, but actually embedded into daily operations.

VOCA, powered by SearchWorks, enables institutions to implement their compliance framework. It automates customer due diligence, client risk profiling, ongoing monitoring, and regulatory reporting, ensuring that the day-to-day execution of your RMCP is aligned with FICA requirements. By embedding these processes into your operations, VOCA turns policy into practice.

For institutions needing to draft a new RMCP or update an existing one, Moonstone specialises in compliance and risk management. Their team provides expert guidance tailored to your business model and sector-specific risks, helping ensure that your RMCP meets both regulatory expectations and practical needs.

Together, VOCA and Moonstone provide an end-to-end compliance solution, from expert support in shaping your RMCP, to seamless implementation and operational enforcement. It is a practical, scalable approach to managing risk and staying audit-ready.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The dangers of poor-quality solar cables
Security Services & Risk Management Smart Home Automation
Reports indicate that one in six fires attended by South African firefighters is linked to substandard solar installations, often due to faulty wiring or incompatible components.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it is a gamble.

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
New law enforcement request portal
News & Events Security Services & Risk Management
inDrive launches law enforcement request portal in South Africa to support safety investigations. New portal allows authorised South African law enforcement officials to securely request user data related to safety incidents.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it’s a gamble.

Read more...
Managing mining physical security risks
Zulu Consulting Security Services & Risk Management Mining (Industry) Facilities & Building Management
[Sponsored] Risk-IO, a web app from Zulu Consulting, is designed to assist risk managers in automating and streamlining enterprise risk management processes, ensuring no steps are skipped and everything is securely documented.

Read more...
SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...
Rewriting the rules of reputation
Technews Publishing Editor's Choice Security Services & Risk Management
Public Relations is more crucial than ever in the generative AI and LLMs age. AI-driven search engines no longer just scan social media or reviews, they prioritise authoritative, editorial content.

Read more...
How can South African organisations fast-track their AI initiatives?
AI & Data Analytics Security Services & Risk Management
While the AI market in South Africa is anticipated to grow by nearly 30% annually over the next five years, tapping into the promise and potential of AI is not easy.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.