FOR EXPERT RMCP DEVELOPMENT SERVICES CONTACT +27728815095

Training: FIC Act Obligations for Legal Practitioners

The Financial Intelligence Centre (FIC) held a webinar for legal practitioners covering key obligations under the FIC Act. Practitioners must register with the FIC, implement risk management programs, report suspicious transactions and cash payments over R49,999, and submit risk and compliance returns. Non-compliance can result in administrative sanctions.

Watch the video or read below to learn more.

FIC Webinar for Legal Practitioners – Summary & TL;DR

The webinar provided detailed guidance for legal practitioners on their obligations under the FIC Act. Topics included who must register, core compliance requirements, reporting obligations, and practical demonstrations of FIC systems.

Key Topics Covered:

1. Who Must Register as Legal Practitioners

Per Item 1 of Schedule 1 to the FIC Act:

  • Sole-proprietor attorneys with fidelity fund certificates

  • Advocates receiving direct briefs with fidelity fund certificates

  • Law firms (commercial juristic entities) must register per branch, covering all partners and members

2. Core Compliance Obligations

A risk-based approach is required, higher-risk situations demand enhanced controls.

Key areas include:

  • Customer Due Diligence (CDD): Identify and verify clients, including beneficial owners

  • Targeted Financial Sanctions: Screen clients against sanctions lists

  • Politically Exposed Persons (PEPs): Check if clients are politically exposed

  • Account & Transaction Monitoring: Track suspicious activity

  • Staff Training: Educate employees on compliance duties

  • Governance: Establish compliance officers and governance structures

3. Registration Process

All accountable institutions must register with the FIC through the GoAL platform, ensuring proper documentation and authorization for each branch or service offered.

  • Register via the GoAL platform before filing reports

  • Provide ID copies and authorization letters

4. Risk Management and Compliance Program (RMCP)

An effective RMCP requires risk assessment, documented controls, and ongoing monitoring to identify and mitigate potential compliance risks within a firm.

Three-part structure:

  • Risk Identification & Assessment (entity-wide)

  • Controls Documentation (mitigation measures)

  • Monitoring (effectiveness review)

Key requirements:

  • Approval from senior management/board

  • Upload to GoAL platform (mandatory from March 2023)

  • Customized for your entity — templates alone are insufficient

  • Separate assessments for different business units

5. Reporting Obligations

Legal practitioners must submit specific reports to the FIC to stay compliant, covering cash transactions, suspicious activities, terrorist property, and, in some cases, international funds transfers.

Four main report types:

1. Cash Transaction Reports (CTR) – Section 28:

  • Threshold: R49,999+ (cash, coins, traveler’s checks)

  • Submit within 3 business days

2. Suspicious Transaction Reports (STR) – Section 29:

  • No threshold; submit within 15 business days

  • Covers unusual behavior, unlawful proceeds, tax evasion, terrorism financing

3. Terrorist Property Reports – Section 28A:

  • For property linked to terrorism

  • Report even if transaction is incomplete

4. International Funds Transfer Reports (IFTR):

  • Mainly for financial institutions; legal practitioners usually exempt

6. Red Flags & Risk Indicators

Certain client behaviors or transaction patterns can indicate heightened risk, and practitioners should be alert to these red flags to prevent non-compliance.

  • Clients far from your office without reason

  • Excessive fee payments or multiple practitioner changes

  • Cash payments without clear source

  • Reluctance to provide information

  • Third-party funding without explanation

  • Transactions involving foreign PEPs

7. Risk and Compliance Return

The Risk and Compliance Return provides the FIC with an overview of a firm’s controls and risk exposure, ensuring ongoing compliance under the latest directives.

  • Issued under Directives 6 & 7 (2023)

  • Helps FIC assess institutional risks

  • Requires organization ID number

  • One-time submission until new directives are issued

8. Legal Protections

Section 38 of the FIC Act offers legal protections for reporters, safeguarding their identity and limiting liability while fulfilling compliance obligations.

Section 38 safeguards:

  • Protects reporters from prosecution

  • Identity disclosure protection

  • No compulsion to testify

  • Overrides attorney-client privilege for reporting

Timing:

  • Protects reporters from prosecution

  • Identity disclosure protection

  • No compulsion to testify

  • Overrides attorney-client privilege for reporting

Common Compliance Errors

Legal practitioners often encounter pitfalls in registration, reporting, and RMCP implementation, which can lead to penalties if not addressed promptly.

  • Registration: Missing documents, incorrect branch registration, duplicate emails

  • Reporting: Missing fields, unclear descriptions, confusion between CTR & STR, late submissions

  • RMCP: Uncustomized templates, incomplete assessments, inadequate approval, missing GoAL upload

Practical Steps for Compliance

Firms can take immediate and ongoing actions to strengthen compliance, from registration and RMCP uploads to daily monitoring and staff training.

Immediate Actions:

1. Register all branches

2.Upload RMCP to GoAL

3. Submit outstanding Risk and Compliance Returns

4. Implement monitoring systems for cash & suspicious transactions

Ongoing Obligations:

  • Daily transaction monitoring

  • Continuous due diligence

  • File reports on time

  • Keep records ≥5 years

  • Train staff regularly

Best Practices:

  • Customize RMCP to your practice

  • Thoroughly document risk assessments

  • Establish escalation procedures

  • Maintain detailed client files

  • Conduct regular compliance training

Enforcement and Sanctions

Failure to comply with FIC obligations can result in administrative sanctions, highlighting the importance of proactive risk management and reporting.

  • Non-registration, missing RMCP, late/inadequate reporting, or insufficient risk programs can trigger administrative sanctions

  • Retrospective sanctions are possible for historical non-compliance

Contact & Support

  • Public Query Portal (PQP): Primary channel for queries

  • GoAL User Guide: Available on FIC website

  • Guidance Documents: PCC 47A (legal practitioners), Guidance Note 7A (RMCP)

  • FICA Friendly (Pty) Ltd: Expert guidance for all FICA related matters

Authored by FICA Friendly, a trusted compliance consultancy supporting South African law firms, financial service providers, property practitioners, and high-value goods dealers. We have worked with 30+ law firms, successfully guided clients through Risk Compliance Return submissions, and helped reduce sanctions — for example, lowering a R50,000 notice of non-compliance to R10,000.

Let us know what you think in the comments!

SHARE

Copyright © 2025 FICA FRIENDLY. All Rights Reserved.