Post-greylisting progress: is South Africa ready for FATF’s on-site visit?

Greylisting in South Africa

Since being greylisted by the Financial Action Task Force (FATF) for quite some time, South Africa is close to an audit of its well-deserved delisting effort. The operative term here is ‘audit’; the first step toward greylisting removal is an inspection to deem the effectiveness of anti-money laundering (AML) and counter-terrorist financing (CTF) measures – and not only for the short-term.

As a nation, are we ready? Delisting counts on the prolonged commitments of every institution that plays a part in fighting financial criminality. This can only be achieved by understanding why the assessment exists, what inspectors will look out for, and how regulatory technology (RegTech) can strengthen end-to-end AML that’s actionable and auditable. Here, we’ll explore every aspect leading up to South Africa’s on-site and beyond.

The current landscape: steps away for the greylist

FATF’s greylist ultimately exists to “actively work” with cooperative nations to achieve AML reform. While the blacklist is reserved for high-risk countries with weak financial crime measures, in February 2023 South Africa saw itself on the greylist “to address strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing”. 

While a solid legal framework was identified, South Africa exhibited significant deficiencies in international cooperation, seizing illicit proceeds, and beneficial ownership (BO) knowledge. After devising a 22-item Action Plan alongside FATF, the country was eventually deemed successful in “substantially completing” the list at regulator’s Strasbourg Plenary in June 2025. 

This signifies progress, but not automatic removal from the greylist. With an ensuing on-site visit from FATF’s Africa Joint Group imminent, the South African Reserve Bank (SARB) is very right in deeming this positivity as “not a time for complacency”; any risks may still be flagged among the nation’s progress and set it back at square one after two years of rigorous collaboration. 

Why the on-site AML compliance assessment matters

The global watchdog is not looking for South Africa to simply mask over AML challenges with a few legislative changes only few financial institutions will commit to. Instead, on-site reviews assess the country’s perpetual approach toward well-implemented AML/CTF measures––a “sustained political commitment” from government bodies, law enforcement, regulators, and other financial or non-financial institutions as part of its Mutual Evaluations process.

Rather than checking off measures that are in place, FATF officials will require “full and accurate descriptions” for where anti-financial crime controls have been implemented and how successful they have been. This balances a clearly increased compliance culture across the nation with quantitative evidential results. 

The nation’s effectiveness and technical compliance ratings are granted in accordance with FATF’s 11 Immediate Outcomes (IOs):

  • Effective ratings are determined by how an assessed country demonstrates AML/CTF measures that deliver results, in line with particular risks it is exposed to.
  • Technical compliance ratings are determined by the regulations, laws and other legal instruments implemented by an assessed country for AML/CTF.

Breakdown of FATF’s on-Site assessment process

A typical assessment consists of three major stages to determine greylist removal. South Africa’s process will be conducted as follows:

FAFT on-site assessment process

1. Pre-visit measures

  • A draft of a Technical Compliance annexe is provided for the assessed country to provide details on its AML/CTF effectiveness.
  • Scoping notes of key high-risk investigation focus areas will be provided by FATF.
  • Any FATF or FATF-Style Regional Bodies can cooperate with feedback regarding their experience.

3. On-site procedures

  • 7-10 days of meetings take place between assessors and essential parties. In South Africa’s case, this includes the National Treasury, the Directorate for Priority Crime Investigation (DPCI; the ‘Hawks’ unit of the South African Police Service), the Financial Intelligence Centre (FIC), SARB, and delegates from banks, legal firms, not-for-profit organisations (NPOs) and estate agents.
  • The country’s national risk assessment will focus on key IOs: the use of financial intelligence (IO.6); AML investigation and prosecution (IO.7); the confiscation of illicit proceeds (IO.8); CTF investigation and prosecution (IO.9); and CTF preventative measures and sanctions, particularly at NPOs (IO.10).

3. Post-site review

  • Preliminary feedback and a Mutual Evaluation Report will provide ratings and recommendations before 4 weeks of reviews from an assessed nation.
  • A follow-up in-person assessment will address disagreements and further priorities.
  • A final report will be presented at the next FATF Plenary in October to consider delisting or increased supervision.

What is South Africa’s case still missing?

Luckily South Africa’s progress is backed by real reforms that have come a long way for a nation with a historically poor reputation in prosecuting crime and headline-worthy state capture; namely, increasing the rates of investigations and prosecutions (IO.7, IO.9), implementing FIC data to support law enforcement efforts (IO.6), and successfully seizing illegal assets (IO.8). 

Alongside demonstrating a comprehensive national CTF risk assessment strategy, the introduction of a BO registry and revisions to the Trust Property Control Act and the Companies Act ensure authorities can gain access to complex business and trust property ownership structures. Alongside traditional financial institutions, more sectors have been made accountable for more robust AML as Designated Non-Financial Businesses and Professions (DNFBPs). This category includes real estate agents, accountants, high-value goods dealers, gambling companies, lawyers and independent legal practices.

Elsewhere, although there are no concrete plans for a dedicated sanctions authority (such as the UK’s OFSI), the introduction of a ‘digital intelligence unit’ to support Hawks and the NPA showcased the roles of specialised agencies to address AML weaknesses, particularly in regards to financial data. 

These legislative processes may have been actioned, but their effectiveness is still yet to be challenged by the on-site assessment. For instance, filings of BO declarations are still lacking since the register was set up in 2023. Only early stages of inter-agency and private-public coordination have been displayed, not realising their full potential for ongoing investigation and prosecution. Particularly sectors considered as exhibiting low or no effectiveness and technical compliance ratings in 2021 will come under increased risk scrutiny, including NPOs, DNFBPs, Money or Value Transfer Services (MVTS), foreign branches or subsidiaries, and cash couriers.

The role of institutions in national compliance

In individual cases, non-compliance can not only be costly but indicative of a wider AML cultural hole exhibited by both stalwart institutions and newly accountable businesses. In 2025, South Africa’s Prudential Authority imposed administrative sanctions and R9 million fines on HBZ Bank for poor risk management programs, and last year Canada’s TD Bank saw an unprecedented $3 billion fine for allowing illicit fund transfers.

If not every risk-averse safeguard is made across the ecosystem, there are gaps for criminals to exploit. FATF’s nationwide assessment therefore looks to the actual compliance functions of a wider range of largely diligent institutions (including commercial and investment banks, insurance companies, lenders, and fintechs) to virtual assets and cryptocurrencies wallets and companies, Payment Service Providers (PSPs) and the aforementioned DNFBPs.

Newly accountable businesses can face audits and heavy penalties for failures to display confident and functional AML/CTF compliance––not policy documents stored in a Google Drive, but traceable logs of completed due diligence, investigative work and raised SARs to relevant authorities.

Immediate steps: a readiness framework for accountable institutions

Aligned to FATF’s 11 IOs, these will be the key risk areas FATF inspectors will need to see as base requirements:

  • Policy turned to action: evidence of staff training programmes; documented controls and enforcement; and audited use of platforms for AML compliance.
  • Risk-based approaches: the application of customised risk profiles; enhanced due diligence process for high-risk entities; and evidence of case prioritisation.
  • Beneficial ownership: clarity over company stakeholders; the use and maintenance of internal BO registers; real-time access to external BO data; and alerts for layered company structures.
  • SAR/STR reporting: displayed case escalation workflows; a library of submitted SARs; and evidence of tracked follow-up actions.
  • Awareness of vertical-specific weakness: obvious knowledge of risk exposure in crypto, fintech, real estate, insurance etc. and customised risk controls.
FAFT on-site readiness framework

These are also recommendations for how to best display ‘in action’ compliance at every corner of a business:

Client advisory and remediation

Collaboration with advisors can help identify vulnerable patches across a complete compliance function. This gap analysis helps map relevant FATF and local regulations against a company’s own policy and platform, and develop a step-by-step response playbook for detecting and filing suspicious activity.

Risk frameworks and other relevant AML documentation should be updated using real-world use case studies detailing safer onboarding, lowering false positive rates, or increased risk detection and prevented financial crime.

Assign responsibilities

All departments beyond compliance teams – including legal functions, operations, human resources, IT teams and key stakeholders – need to be made accountable for a strong compliance culture and structured in a simple way that ensures a seamless inspection. 

Cross-departmental ‘tabletop exercises’ or learning sessions ensures every tier of the company understands their duty for upholding AML, while a mock audit (internal or external) should be conducted to review readiness.

Go above surface-level compliance

A Risk Management Compliance Program (RMCP) is often seen as a holy grail document detailing what a business commitment intends on paper. But this still befits the traditional ‘checklist’ mantra compliance suffers from. FATF wants to see evidence of proper implementation of an RMCP – client risk ratings and prioritisation and detailed SAR processes – all of which are adaptable for the future, as well as serving the here and now.

Enabling readiness through RegTech

With swift implementation and ongoing partnership support with compliance expertise, RegTech platforms can augment existing systems to be effective from today, while remaining flexible to ever-shifting criminal typologies and compliance protocols that FATF are keen to see.

AML RegTech platforms

RegTech platforms are specifically designed for AML in addressing the 11 IOs, and can democratise stronger anti-fincrime measures for the diverse ecosystem of accountable institutions, as follows:

  • Real-time monitoring: analyse various data formats, set risk thresholds to increase accuracy and lower false positives, and scale to spikes in payment activity.
  • Watchlist scanning: discover sanctioned individuals Politically Exposed Persons (PEPs), and adverse against trusted global watchlists in real time using AI-backed name matching capabilities.
  • Enhanced due diligence: speed up onboarding with automated identity screening and validation around the clock, and elevate only high-risk alerts for lower manual effort.
  • BO transparency: get a full picture of organisational structures and funnel risky alerts into BO due diligence with an integrated business verification workflow.
  • SAR/STR submission: raise suspicious behaviour using AI-driven monitoring and pre-populate, check and submit reports to authorities with the UNODC-developed goAML feature.

Don’t just pass assessment, keep momentum!

This FATF assessment should not cause panic stations. South Africa’s steps to this stage signal moves in the right direction across many institutions, and this spotlight only emphasises that there’s potential for South Africa to display true AML/CTF maturity––maintaining compliance as a core business function.


As the regulatory landscape constantly changes, South African businesses need to address their own technological or policy-driven shortcomings and increase cooperation with national and international bodies. While increased public-private partnerships and the interplay of financial business, DNFBPs, intelligence centres, regulators and governments promote greater data sharing dedicated to prosecute real-life crime, this begins with every link in the chain strengthening their own AML frameworks. Together, it adds up to a nationwide strategy commendable not just to FATF, but to other countries stricken by the greylist or otherwise.

If any of the points raised have spurred your own institution to assess supervisory readiness, or you wish to explore advanced RegTech tools to bolster end-to-end AML, get in touch with our team who will be happy to help!

Disclaimer
This article is intended for educational purposes and reflects information correct at the time of publishing, which is subject to change and can not guarantee accurate, timely or reliable information for use in future cases.

Arrange a demo

More News and Resources

drive innovation for aml compliance

How culture can drive innovation for AML compliance

October 24, 2023

Our world has been built by culture. It’s an inescapable part of humankind, comprising behaviours, communication systems, customs and schools of thought. Evolving cultures stemming from ancient civilisations all the way to the present day teach us about the various ways we can solve societal problems and progress. In that regard, anti-money laundering (AML) compliance for &hellip; <a href="https://relycomply.com/how-culture-can-drive-innovation-for-aml-compliance/">Continued</a>

goAML feature integrated with RelyComply Platform main banner

Platform news: RelyComply adds goAML feature for advanced fincrime reporting

March 19, 2024

We are pleased to announce the&nbsp;latest addition to our platform, goAML,&nbsp;the standard software application tool to support reporting capabilities for Financial Intelligence Units’ (FIU) anti-money laundering (AML) and countering terrorist financing (CFT) measures. With more than 60 member states worldwide using goAML – and counting! – we’re excited to join the global community in strengthening &hellip; <a href="https://relycomply.com/goaml-added-to-relycomply-platform/">Continued</a>

Is AI the silver bullet for streamlining AML compliance main banner

Is artificial intelligence really the silver bullet for streamlining AML compliance?

August 24, 2023

With financial crime on the rise, global industries are finding new ways to fight back. Regulators have had little choice but to be more stringent with legislation when the real-world impact of money laundering and terrorist financing can be so worrying.&nbsp;Streamlining AML compliance is more important than ever. The financial world finds itself in the &hellip; <a href="https://relycomply.com/ai-streamlining-compliance/">Continued</a>

Cookie Settings

Manage your cookie preferences here.