The FIC is exempt from complying with the Protection of Personal Information Act, 2013 (Act 4 of 2013) (POPI Act) in terms of section 6(1)(c) of the POPI Act, this is to be read in conjunction with section 41A of the FIC Act.

Section 6(1) (c) of POPI Act, which deals with exemptions, is of relevance to the FIC and its stakeholder partners. POPI Act does not apply to the processing of personal information by or on behalf of a public body which involves national security, including activities aimed at assisting in the identification of the financing of terrorist activities. The exclusion also covers the use of personal information to prevent, detect, and assist in the identification of the proceeds of unlawful activities and the combating of money laundering activities. These exemptions apply provided that adequate safeguards for the protection of such personal information have been established in legislation.

Section 41A of the FIC Act addresses the protection of personal information by the FIC and particularly the safeguards it must have in place to protect the personal information that it holds. The FIC affirms that it does have the safeguards in place as is required by legislation to retain its POPI Act exemption status.