FOR EXPERT RMCP DEVELOPMENT SERVICES CONTACT +27728815095

Revised FIC Guidance Note 7A | Key Updates for Accountable Institutions

The Financial Intelligence Centre (FIC) has published Revised Guidance Note 7A on 1 September 2025, marking a significant update to compliance guidance for all accountable institutions under the Financial Intelligence Centre Act. This comprehensive 76-page document entirely replaces both the previous Guidance Note 7A (published 13 February 2025) and Guidance Note 7 (published 2 October 2017).

What's New in the Revised Guidance Note 7A?

The revised guidance incorporates several critical updates:

1. Technical Updates

  • Alignment with General Law Amendment Act 2022: The guidance now fully incorporates changes brought by the General Law (Anti-Money Laundering and Combating Terrorism Financing) Amendment Act, 2022 (Act 22 of 2022)

  • Updated Beneficial Ownership Guidance: Integration with PCC 59, which provides the latest guidance on beneficial ownership requirements

  • Enhanced Risk-Based Approach: More detailed guidance on implementing risk-based approaches across different sectors

2. Key Changes from Previous Versions

  • Consolidated guidance replacing two separate documents

  • Enhanced focus on board accountability and governance

  • More detailed customer due diligence requirements

  • Updated record-keeping obligations

  • Comprehensive risk management and compliance programme (RMCP) guidance

What's New in the Revised Guidance Note 7A?

The guidance emphasizes that a risk-based approach is central to effective AML/CFT compliance:

1. Core Principles:

  • Money Laundering Defined: The manipulation of money or property to disguise its true source

  • Terrorist Financing: Solicitation, collection, and providing of funds to support terrorist acts or organizations

  • Risk Components: Threat + Vulnerability + Consequence = Risk

2. Risk Assessment Framework:

  • Inherent Risk: Risk before controls are applied

  • Residual Risk: Risk remaining after controls are implemented

  • Risk Indicators: Products/services, delivery channels, geographic locations, client characteristics

Critical Requirement: Higher risks demand enhanced measures, while lower risks may allow simplified measures - but institutions cannot simply avoid risk through "de-risking."

3. Chapter 2: Customer Due Diligence (CDD) - Know Your Client

The CDD requirements have been significantly expanded from simple identification and verification:

  • Establish and verify client identity

  • Understand the business relationship

  • Ongoing due diligence throughout the relationship

  • Enhanced measures for higher-risk clients

Identity Verification Methods:

  • Natural Persons: Full names, date of birth, unique identifying number, plus additional attributes based on risk

  • Legal Persons: Company details, registration information, directors, beneficial owners

  • Trusts: Trust deed, Master's Office registration, trustees, beneficiaries, founders

  • Partnerships: All partners, including anonymous partnerships

Timing Flexibility: Institutions may begin relationships while completing verification, but must finish CDD before concluding transactions or making funds available.

Single Transaction Threshold: R5,000 - below this, full CDD not required, but anonymous clients still prohibited.

4. Chapter 3: Record Keeping - Building the Paper Trail

Record keeping ensures adequate information capture for potential investigations:

Requirements:

  • CDD Records: All client identification information and verification sources

  • Transaction Records: Sufficient detail to reconstruct transactions including amounts, dates, parties, nature

  • Retention Periods:

    • Business relationships: 5 years from termination

    • Transactions: 5 years from conclusion

    • Suspicious reports: 5 years from submission

Storage Options:

  • Physical documents, photocopies, scanned versions, electronic formats

  • Cloud storage, internal networks, electronic repositories

  • Must remain readily accessible and tamper-proof

  • Cross-border storage allowed with conditions

5. Chapter 4: Risk Management and Compliance Programme (RMCP) - The Heart of Compliance

The RMCP represents the most detailed guidance in the document, with significant new requirements:

Board Accountability - New Emphasis:

  • Cannot be delegated: Board approval of RMCP cannot be delegated to committees or staff

  • Must apply mind: Boards must demonstrate understanding and adequate consideration

  • Documentation required: RMCP must comprehensively describe all elements for board review

  • Personal liability: Board members may face sanctions for inadequate RMCPs

Three-Part RMCP Structure:

  • Part 1: Risk identification and assessment (entity-wide AML/CFT/CFP risk assessment)

  • Part 2: Risk mitigation and management (CDD, reporting, controls)

  • Part 3: Monitoring effectiveness of controls

Documentation Standards:

  • Must be comprehensive and substantial

  • Cannot merely reference other documents

  • Must enable board to understand full risk profile

  • Regular review and approval required

6. Chapter 5: UN Security Council Resolutions - Sanctions Implementation

Screening Obligations:

  • Screen against sanctions lists before establishing relationships

  • Ongoing monitoring of existing clients

  • Immediate action required if matches found

  • Basic living expenses provisions for sanctioned individuals

7. Politically Exposed Persons (PEPs) - Enhanced Requirements

Three Categories:

  • Foreign PEPs: Always high-risk, require senior management approval

  • Domestic PEPs: Risk-based assessment required

  • Prominent Influential Persons: Risk-based assessment (implementation delayed pending information availability)

Enhanced Measures for High-Risk PEPs:

  • Senior management approval for relationships

  • Enhanced ongoing monitoring

  • Source of wealth and funds verification

  • Applies to immediate family and known close associates

8. Industry-Specific Considerations

Legal Practitioners

  • Must register per branch operating

  • Dual registration required if providing trust and company services

  • Risk assessments must consider different practice areas (conveyancing vs. litigation vs. criminal)

  • Client-attorney privilege limitations for reporting obligations

Financial Institutions

  • More complex RMCP requirements

  • Enhanced transaction monitoring systems

  • Correspondent banking relationship considerations

  • Cross-border operations compliance

DNFBPs (Designated Non-Financial Businesses and Professions)

  • Reference to PCC 53 for RMCP template guidance

  • Sector-specific risk considerations

  • Simplified approaches allowed for smaller operations

9. Practical Implementation Guidelines

Immediate Actions Required

  • Review Current RMCP: Ensure alignment with new three-part structure

  • Board Engagement: Schedule board sessions for proper RMCP review and approval

  • Documentation Update: Ensure RMCP documentation meets new comprehensiveness standards

  • Risk Assessment Review: Conduct entity-wide risk assessments covering all business areas

  • Training Update: Update staff training on new requirements

Common Pitfalls to Avoid

  • Delegating board responsibilities to committees or management

  • Generic RMCP documentation that doesn't reflect specific business risks

  • Inadequate risk assessments that don't cover all business units

  • Poor documentation that prevents proper board oversight

  • De-risking strategies instead of proper risk management

Best Practices

  • Comprehensive documentation: Include substantial detail enabling board understanding

  • Regular review cycles: Establish formal RMCP review and approval schedules

  • Staff training programs: Ensure all staff understand their roles in AML/CFT compliance

  • Technology utilization: Use electronic systems for efficient CDD and monitoring

  • Professional assistance: Engage AML/CFT specialists for complex requirements

10. Enforcement and Compliance

Supervisory Approach

The FIC will examine:

  • Board approval processes and documentation

  • Adequacy of risk assessments

  • Implementation of risk-based measures

  • Quality of CDD processes

  • Record keeping systems

Potential Sanctions

Non-compliance may result in:

  • Administrative sanctions against institutions

  • Personal liability for board members and senior management

  • Increased supervisory attention

  • Reputational damage

Best Practices

  • Comprehensive documentation: Include substantial detail enabling board understanding

  • Regular review cycles: Establish formal RMCP review and approval schedules

  • Staff training programs: Ensure all staff understand their roles in AML/CFT compliance

  • Technology utilization: Use electronic systems for efficient CDD and monitoring

  • Professional assistance: Engage AML/CFT specialists for complex requirements

11. Key Dates and Deadlines

  • Effective Date: 1 September 2025 (Revised GN 7A replaces previous guidance)

  • Implementation: Immediate - institutions should begin aligning with new guidance

  • RMCP Updates: Should be completed and board-approved without delay

  • Training Programs: Update staff training to reflect new requirements

12. Conclusion

Revised Guidance Note 7A represents the most comprehensive update to FIC guidance in recent years. The emphasis on board accountability, enhanced risk assessment requirements, and detailed RMCP standards reflects the FIC's commitment to strengthening South Africa's AML/CFT framework.

Key takeaway: This is not merely a technical update but a fundamental shift toward more rigorous, risk-based compliance with clear accountability at the highest levels of institutions.

All accountable institutions should prioritize reviewing this guidance and ensuring their compliance frameworks align with the new requirements. The detailed nature of the guidance provides clarity on expectations but also raises the bar for compliance standards.

Action Required: Download the full guidance document, conduct a gap analysis against current practices, and develop an implementation plan with clear timelines and board oversight.

For the complete 76-page guidance document with detailed technical requirements, examples, and implementation guidance, download the PDF version linked above. This blog post provides an overview of key changes and requirements but should not replace careful study of the full guidance document.

Resources and Support

FIC Contact Information

Additional Guidance Documents

  • PCC 59: Beneficial ownership guidance

  • PCC 53: RMCP template for DNFBPs

  • Schedule 3A, 3B, 3C: PEP definitions and lists

  • FATF Guidance: International best practices on PEPs

This blog post is for informational purposes and does not constitute legal advice. Institutions should consult the full guidance document and seek professional advice for specific compliance requirements.

Authored by FICA Friendly, a trusted compliance consultancy supporting South African law firms, financial service providers, property practitioners, and high-value goods dealers. We have worked with 30+ law firms, successfully guided clients through Risk Compliance Return submissions, and helped reduce sanctions — for example, lowering a R50,000 notice of non-compliance to R10,000.

Let us know what you think in the comments!

SHARE

Copyright © 2025 FICA FRIENDLY. All Rights Reserved.