FOR EXPERT RMCP DEVELOPMENT SERVICES CONTACT +27728815095

How to Screen Clients for Sanctions Compliance

For accountable institutions the obligation to screen clients against targeted financial sanctions (TFS) is non-negotiable. The FIC requires that you scrutinise client information, freeze suspected assets and report matches — and that these procedures sit in your RMCP. The steps below turn those legal duties into a repeatable workflow your firm can apply today.

Quick overview (the rule in one line)

Scrutinise every prospective and existing client against the FIC’s TFS list at onboarding, when transacting and whenever the TFS list is updated; treat confirmed matches as freezing + reporting events.

Step 1 — Capture the right identifiers (onboarding and updates)

Collect more than a name. Minimum useful fields are:

  • Full legal name and known aliases;

  • National ID / passport number;

  • Date / place of birth;

  • Nationality;

  • Residential / address history;

  • Company registration and beneficial-owner data; and

  • Who is acting on whose behalf.

These fields are explicitly recommended by the FIC for reliable screening and de-duplication.

Why this matters: names alone produce false positives. ID numbers, DOB and registration numbers let you move from “possible match” to “likely / unlikely” quickly.

Step 2 — When to screen (timing rules you must follow)

You must screen:

  • At onboarding (every new business relationship),

  • Prior to executing a single transaction where the FIC recommends it,

  • During transaction monitoring if risk indicators appear, and

  • Immediately after the FIC updates its published TFS list.

  • Make these trigger points explicit in your RMCP.

Practical tip: automate a daily TFS-list pull (or subscribe to vendor alerts) so you’re alerted the moment the Centre updates its list. The FIC publishes an up-to-date downloadable list for exactly this purpose.

Step 3 — Choose a screening method and document it

You can screen manually or with software; the FIC does not demand complex systems, but it does require you can demonstrate timely, reliable scrutiny. If you outsource screening, the RMCP must document the vendor, update cadence, and how you verify the vendor uses the Centre’s latest list.

Practical checklist for vendors: update frequency (ideally real-time or daily), support for fuzzy matches, audit logs, and an API/export you can save for recordkeeping.

Step 4 — Match logic: managing false positives vs true positives

Define and document your matching rules:

  • Exact match on ID or registration number → treat as probable match.

  • Strong match (name + DOB + nationality/address) → escalate to case review.

  • Name-only match → further data collection before escalation.

Your RMCP must set the thresholds and the data points needed to move from “possible” to “confirmed.” The FIC expressly requires a documented process for matches vs false matches.

Practical tip: keep a short decision log for each match (who checked, what extra data was used, outcome) — that log is your evidence if regulators ask.

Step 5 — If you have a confirmed match: freeze + report (don’t tip off)

If a person or entity is confirmed as designated (or reasonably believed to be), you must:

  • Immediately freeze the relevant funds/property and suspend the transaction or relationship as required;

  • File the required regulatory report (TPR / terrorist property report) to the FIC without delay and follow any subsequent FIC directions; and

  • Do not inform the client or third parties in a way that would prejudice an investigation — the “no tipping-off” principle applies and is enforced in the FIC framework.

Make sure your internal escalation names the responsible persons (CO / COO / CEO) and a legal adviser so action is fast and recorded.

Step 6 — Recordkeeping and audit trail

Retain search records, decision logs, freeze notices, correspondences and reports for at least five years (and longer where an investigation remains open). Your RMCP must reference retention periods and where logs are stored. The revised GN7A emphasises that these elements must be documented and auditable.

Step 7 — Test, train and document in your RMCP

Run quarterly sampling of screening records, test vendor updates, and train front-line staff on how to collect identifiers without tipping off. The FIC expects screening processes to be part of your documented RMCP; testing and training prove the programme works in practice.

Quick checklist (appendix)

  • Capture full identifiers at onboarding.

  • Screen: onboarding / transaction / list update.

  • Use vendor or manual screening — document the process.

  • Apply decision rules (exact vs fuzzy) and log outcomes.

  • Freeze + file TPR on confirmed matches.

  • Preserve records for ≥5 years.

  • Train staff and test controls quarterly.

Closing note (practical next step)

A single missed match can trigger sanctions, reputational harm, or enforcement. If you want a fast reality check: our 2-minute FICA self-audit identifies whether your screening triggers are in place and flags obvious gaps in onboarding and RMCP coverage. Or, book a free consultation and we’ll review your screening workflow against FIC expectations. Subtle upgrades, properly documented, often remove the biggest regulatory risks.

Authored by FICA Friendly, a trusted compliance consultancy supporting South African law firms, financial service providers, property practitioners, and high-value goods dealers. We have worked with 30+ law firms, successfully guided clients through Risk Compliance Return submissions, and helped reduce sanctions — for example, lowering a R50,000 notice of non-compliance to R10,000.

Let us know what you think in the comments!

SHARE

Copyright © 2025 FICA FRIENDLY. All Rights Reserved.