Accountable institutions must register and file risk and compliance returns with the FIC

Directives 6 and 7 require certain accountable institutions to submit information regarding their understanding of money laundering, terrorist financing and proliferation financing (ML, TF and PF) risks through a risk and compliance return (RCR). Failure to submit an RCR can lead to administrative action.

Directive 6Directive 7
Accountable institutions designated as items listed in Schedule 1 to the FIC Act were required to complete and submit their RCRs by 31 May 2023.
Directive 6 applies to the following items:
·       Legal practitioners (item 1)
·       Trust and company service providers (item 2)
·       Estate agents (item 3)
·       Gambling institutions (item 9)

Read Directive 6
Accountable institutions designated as items listed in Schedule 1 to the FIC Act were required complete and submit their RCRs by 31 July 2023.
Directive 7 applies to the following items:
·       Credit providers (item 11)
·       South African Post Bank (item 14)
·       High-value goods dealers (item 20)
·       South African Mint Company (item 21)
·       Crypto asset service providers (item 22)

Read Directive 7

Please note: The RCR questionnaire must only be submitted via the online form, the FIC does not accept manual submissions.

The purpose of the risk and compliance return

The FIC’s risk-based supervision capability is enhanced by the regulatory requirement of Directive 6 and Directive 7. These Directives serve to inform all the specified accountable institutions, called designated non-financial businesses and professions (DNFBPs) by the Financial Action Task Force (FATF), that they must submit information regarding their understanding of risks they face of ML, TF and PF, and their assessment of compliance with obligations in terms of the FIC Act.

Accordingly, these affected accountable institutions are obliged to file a self-assessment on anti-money laundering, combating of terrorist financing and combating of proliferation financing, referred to as the RCR.

The FIC uses a risk-rating tool to analyse the data from RCRs to identify higher risk DNFBPs as a basis for risk-based supervision consideration, and inclusion in the supervisory plan.

Important notes

  • Only accountable institutions that have successfully registered with the FIC on its registration and reporting platform (goAML), and who have received a FIC organisation identity number (Org ID), may submit an RCR
  • Accountable institutions shall not submit RCRs if they have not registered with the FIC and received an FIC Org ID
  • If the accountable institution is not yet registered with the FIC, the accountable institution is requested to immediately register
  • All accountable institutions must submit a separate RCR for each Schedule item registered with the FIC. This means that a separate RCR must be submitted for each FIC Org ID held by an accountable institution. This requirement applies to entities with branch networks, and entities that offer multiple offerings across the FIC Schedule items.
  • Only one RCR submission is permitted per accountable institution for each FIC Org ID held.
  • The FIC urges compliance officers to clearly communicate the requirement for submission of RCRs internally in their institutions to avoid duplicate submissions.
  • Accountable Institutions must accurately capture and state their FIC Org ID number in the RCR return. In the Org ID field, only the FIC goAML generated Org ID is to be captured, not a personal ID number nor the company registration number.


Sign up to receive the latest updates and information from the FIC.