FAFT greylisting: How regulators can learn from South Africa’s playbook

Besides the negative connotations of a FATF greylisting, it’s a jolt for a nation to react and correct its AML functions from that initial failure. That is, if the efforts by the interrogated country are deemed effective in creating positive change, and a “sustained political commitment”. 

South Africa is currently within the zone of judgement; recognised for its tremendous steps towards required AML/CTF, but with a formal review to decide if de-listing is achieved. The country’s prioritising of public-private partnerships, increased investigation data sharing and prosecutions identify lessons learned, and these can inspire the work of surrounding nations that may feel the burden of strict global regulatory compliance.

Here’s where key lessons within South Africa’s FATF greylisting journey have exposed challenges and solutions that current high-risk listed jurisdictions can use to rebuild their internal and cross-border compliance frameworks and stay on the right line of FATF’s expectations.

1. Re-focus your compliance frameworks

A FATF review should not be a last chance saloon to fix AML that is broken. Instead, any deficiencies in an institution’s AML maturity (culturally, technologically and practically) need to be addressed and documented well ahead of a potential clampdown. This puts into place a series of measures to map where focuses should be made in high-risk areas (such as corruption, or the threat of digital assets) or to highlight certain sectors commonly lacking anti-fincrime controls.

During a Mutual Evaluation, FATF officials will need “full and accurate descriptions” for successful implementations of AML, and that means identifying real outcomes. The watchdog’s 11 Immediate Outcomes (IOs) are a great starting point for where nations should prioritise effective compliance (over technical ability), covering the seizure of illicit assets, increased prosecutions, and private sector enforcement. 

In attempting to strengthen AML, Kenya introduced a digital ID system that worked as a democratised digital public framework to increase accessibility in financial services, as well as creating a Draft National Policy on Virtual Assets and Virtual Asset Service Providers.

However, enforcement is mixed. In the case of the former, the government has faced critical issues surrounding data security and the perceived commodification of biometric data – similar accessibility and privacy concerns have seen backlash to plans in Nigeria for its National Identity Number system. The National Treasury of Kenya’s move to provide a framework for cryptocurrencies and virtual assets may be more effective though, with the draft currently seeking feedback from industry players, the general public and stakeholders to address concerns around protection and cybersecurity for actionable crypto-based AML.

2. Unite all accountable institutions

Public-private partnerships are still a sticking point for nationwide compliance culture. South Africa’s greylisting galvanised accountable groups to promote information sharing to determine suspicious activity not just at banks, but payment service providers companies and other smaller fintechs. Partnership models led by the Financial Intelligence Centre (FIC) were praised, and the country is on course to raise cooperation between the Treasury, the South African Reserve Bank (SARB), the Financial Sector Conduct Authority (FSCA) and private companies to maintain cross-sector accountability over AML compliance measures.

Regulators elsewhere should expand their data sharing to cover high-risk areas. Ghana’s Financial Intelligence Centre, for instance, must turn their attention to smaller mobile money transfer businesses that are proliferating to connect rural areas and reduce barriers to entry, but can be an AML blindspot. Considering Ghana’s previous delisting from the FATF greylist in June 2021, the nation’s brighter AML outlook needs to be reinforced perpetually through collaboration, as should South Africa’s recent improvements.

3. Enable the compliant sharing of financial data

Financial data screening, matching and sharing is becoming increasingly integral to anti-fincrime controls and regulatory technology (RegTech) is empowering the ecosystem to monitor transactions and raise alerts to authorities in a timely fashion. RegTech is not a luxury, but a necessary element to unite fragmented systems and accurately pinpoint potentially fraudulent behaviours. South Africa’s National Prosecution Authority and Hawks introduced a ‘digital intelligence unit’ in 2024 to enhance investigations into complex crime, staffed by industry experts.

This increasingly digital environment creates opportunities, which are only worthwhile following support from the public and if relevant institutions can securely handle their data. In Nigeria, efforts to roll-out the eNaira digital currency have practically died out (with only 0.5% adoption), citing significant concerns around transactional data being controlled and accessible only to the Central Bank of Nigeria (CBN). Data governance and transparency will be a key concern going forward for financial institutions and regulators, remedied by the compliant work of specialised units and RegTech partnerships.

4. Take AML through to prosecution

South Africa has had a poor record with prosecuting complex crime and notorious state capture cases; this was a key concern pointed out by FATF’s Mutual Evaluation. Increasing rates of investigations and prosecutions are two key IOs and the NPA’s progress in doing so by mid-2025 marked a major step toward greylisting.

The lesson here is that despite AML’s necessity to detect and report crime, that’s not enough. The whole justice chain – investigators, prosecutors, magistrates etc – must be informed with auditable evidence of wrongdoing in order to see real financial crime punished. 

Followed-through convictions still remain tricky on the continent. Kenya’s Ethics and Anti-Corruption Commission (EACC) regularly reports on arrests but more needs to be done to overturn existing controls and attitudes and prioritise adherence to laws. This is especially necessary given a cross-sector 2024 Global Economic Crime Survey by PwC found a whopping 79% of respondents in Kenya recounted economic crime at their organisations in the past two rates (compared to the global incidence rate of 41%).

5. Instill risk-based approaches nationwide

With FATF supervisions being so stringent, the need to detail incident reporting and AML success must go well beyond on-paper documentation. There need to be demonstrations of National Risk Assessments (NRA) being put into action: utilising RegTech to monitor in real-time, and to display sectoral risk scores if entities or industries pose distinct threats.

Developed risk scoring is even more prevalent given FATF’s widened lens of accountable institutions. Beyond traditional FIs, Designated Non-Financial Businesses and Professions (DNFBPs) come under the umbrella, including real estate agents, high value good dealers, legal practices, and casinos and gaming companies. In South Africa, various industries remain under close watch for low effectiveness and technical compliance scores, including not-for-profit organisations (NPOs), foreign branches or subsidiaries, and cash couriers.

Consistent updates to documented NRAs are now critical, making it clear to inspectors that progress has been made in closing AML and CTF gaps. Using Ghana again as an example, the nation has not released an NRA since their last Mutual Evaluation since 2019. This may pose questions for the global watchdog as to whether “sustained commitment” has been reached and should spur all countries under compliance to revisit their collaborative NRA efforts. 

Building a continental anti-fincrime front

South Africa still faces the next FATF Plenary Meeting to determine whether its AML measures are not just sufficient, but progressive, to become de-listed. 

A by-product of improving efforts all across the African continent is AML readiness across borders. With all on an equal footing and championing AML success, further rollout on the world stage poses a more formidable anti-financial crime defence.