Latest white paper on evolving regulations and emerging technologies

  • Industry perspective: The key forces driving AML reform in 2025 and beyond.

  • Operational insight: How automation is reshaping onboarding and accuracy.

  • Strategic value: Where collaboration is unlocking the next era of compliance.

Access White Paper
relycomply whitepaper

Get updates that matter

Stay connected with:

  • Industry insights - Reports on trends, threats, and regulatory shifts shaping the financial services world.

  • Customer highlights - See how businesses like yours are closing AML gaps and protecting their customers.

  • Feature releases - Discover the latest products and AI-powered capabilities in our platform.

relycomply whitepaper

South Africa’s FATF greylist removal: what has actually improved 6 months after market re-entry

Changes since South Africa's removal from the greylist

South Africa left the FATF greylist. And then something unexpected happened: the scrutiny got harder.

That is the story most retrospectives on South Africa’s market re-entry have missed. The removal from high-risk jurisdictional lists – first by FATF and the UK in October 2025, then by the EU in January 2026 – has been framed almost universally as an unlocking. A door swinging open. In practice, it looks more like a door being replaced with an admissions process. One that is faster, yes – but considerably more discerning.

Six months into South Africa’s FATF greylist exit and return to global financial good standing, the real question is not whether capital is moving again. It is. The question is where it is going, and why.

Access restored is not access guaranteed

During the FATF greylist period, South African banks and fintechs faced a blunt instrument: mandatory additional KYC, source-of-funds documentation requirements, and extended onboarding timelines applied broadly to South African counterparts. The friction was indiscriminate. It did not distinguish between a Cape Town payments startup with a mature compliance stack and one that had done the bare minimum to stay operational.

That indiscriminate friction is gone. What has replaced it is more surgical, and in some ways more demanding.

European and UK financial institutions are no longer applying blanket enhanced due diligence to South African entities by regulatory obligation. But they are conducting their own. The difference is that their EDD is now targeted – scored, tiered, and in many cases automated – against each institution’s individual compliance profile. Banks that built robust AML infrastructure during the greylisting years are moving through correspondent banking relationships and cross-border partnerships faster than they were in 2023. Banks that did not are discovering that the removal of a country-level risk label does not remove the exposure assessment their foreign counterparts are running regardless.

The label is gone. The scrutiny remains. For firms with weak compliance infrastructure, it is arguably sharper, because there is no longer a systemic excuse to hide behind.

What changed after SA's FATF greylist removal

AML maturity as a capital allocation signal

The most consequential shift in the six months since re-entry is not regulatory. It is happening in investment conversations.

Compliance infrastructure has moved into valuation discussions in a way that would have seemed premature three years ago. For growth-stage fintechs and payment providers approaching “growth-stage funding conversations” (Series A) or “institutional investment discussions” (Series B), the question is no longer simply whether their AML function is sufficient to avoid regulatory sanction. It is whether it is sophisticated enough to signal scalability.

Investors with capital to allocate in the South African financial services market are working with more granular data than before. Real-time market intelligence, transaction pattern analysis, and – increasingly – assessments of compliance architecture are functioning as filters. A company demonstrating automated, continuous KYC and transaction monitoring is presenting evidence of operational durability: the ability to absorb regulatory change, onboard customers at speed without accumulating compliance debt, and enter new markets without rebuilding its risk function from the ground up.

A company that cannot demonstrate those things is being discounted. Not blocked – discounted. Strong revenue growth alongside a manual, periodic compliance process now raises a specific concern: that the cost of bringing the compliance function up to standard will compress margins and slow onboarding at exactly the point when the business needs to scale.

Consider two South African fintechs at the same revenue milestone, approaching the same Series B conversation. The first has automated, real-time transaction monitoring, documented AML outcomes, clean UBO structures, and a compliance function that has been stress-tested across three years of greylisting scrutiny. The second has comparable growth numbers, a manual review process, and a compliance team that is reactive rather than systemic. These are not the same investment. The first can demonstrate regulatory resilience – evidence that it can absorb a sanctions list update, a new payment rail, or an expanded customer base without rebuilding its risk function from scratch. The second represents contingent liability: the investor is not just buying the growth, they are buying the remediation cost that comes with it. In a market where that distinction is now visible and measurable, it is becoming the difference between a fundable business and a discounted one.

In 2026, weak AML is not primarily a regulatory risk. It is a valuation risk.

The difference between a fundable business and a discounted one

What the new admissions process looks like

Consider the position of a mid-size South African fintech now seeking a European banking partnership. Before October 2025, the conversation began with a compliance obstacle: prove your jurisdiction is not high-risk. That conversation is over.

What has replaced it is not simpler. The European bank is now conducting its own EDD – against the fintech’s individual profile, not the country’s. It is looking at the quality of the firm’s sanctions screening: is it automated, is it continuous, does it update in real time against global watchlists and PEP databases, or does it run on a periodic batch process? It is looking at ultimate beneficial ownership structures – the transparency of which was one of South Africa’s hardest-won reforms during the greylisting period, and which foreign partners now expect to be documented cleanly. And it is looking at transaction monitoring capability: in an environment where instant payment systems are becoming the norm, can this fintech contextualise cross-border payments in real time, or is it running flags after the fact?

Companies that invested in those capabilities during the greylisting period, when the cost was high and the regulatory pressure made it unavoidable, are collecting that dividend now. Onboarding timelines with foreign partners are shorter. The compliance review that previously ran for months is moving faster because the documentation is already in order. That speed compounds: faster partnerships mean faster market entry, which means more data, more transaction volume, and a stronger case for the next funding conversation.

What has not changed – and why that is the real story

The most common misconception about South Africa’s re-entry is that compliance pressure has reduced. It has not. It has shifted.

Enhanced due diligence requirements have not relaxed domestically. The past two years have strengthened UBO obligations, expanded the scope of the Financial Intelligence Centre Act, and sharpened the supervisory roles of the Prudential Authority, the SARB, and the FSCA. The move from periodic, rules-based remediation to continuous, risk-based monitoring is now the expected standard, not the progressive one. Firms that treated their greylisting-era compliance upgrades as a one-time project are discovering that the regulatory baseline has moved underneath them.

Sanctions screening expectations have not eased. Real-time monitoring requirements have increased, not decreased, as instant payment infrastructure becomes more prevalent and the typologies of financial crime evolve faster than annual compliance reviews can track.

And audit readiness requirements are, if anything, more demanding than they were in 2023 – precisely because regulators have fewer systemic excuses to accept. During the greylisting, a compliance failure carried the implicit context of a country-level problem. That context is gone. The FIC and Prudential Authority’s supervisory frameworks hold individual institutions accountable, and with the systemic country-level risk narrative gone, there is less context to absorb an institutional AML failure. The reputational damage, funding implications, and regulatory consequences fall on the company, not on a broader national narrative that can absorb them.

The compounding return on compliance investment

There is a version of the compliance dividend that is already visible in the market. Firms that made the harder investments – automated KYC pipelines, AI-led transaction monitoring, continuous sanctions screening, clean UBO documentation – are not just passing due diligence checks faster. They are entering a feedback loop.

Better compliance infrastructure produces better financial intelligence. Better financial intelligence supports faster, more accurate risk decisions. Faster risk decisions enable real-time cross-border payments through new payment rails, which drives transaction volume, which generates the data to improve the risk model further. A well-built compliance function is not a cost centre running in the background – it is, at this point, a commercial asset generating compound returns.

That compounding effect is visible at the market level, too. South Africa’s improving risk profile is not just a function of regulatory reform – it is a function of the collective compliance maturity of its accountable institutions. Every firm that demonstrates sustained AML capability strengthens the country’s case to foreign investors and partners. Every firm that does not creates a drag on that case that is no longer absorbed by a systemic risk label. The individual and collective incentives are, for the first time, genuinely aligned.

Six months in

South Africa’s removal from the FATF greylist was never going to be the end of the story. What the past six months have revealed is that it was not even a chapter break – it was a change of scene. The compliance environment that the greylisting produced, with its automated systems, its continuous monitoring, its FIC intelligence-sharing frameworks, and its EDD rigour, is not being wound down. It is becoming the minimum viable standard.

The firms that treated compliance as something to get through are facing a market that has moved. The firms that treated it as something to build are, quietly, collecting the dividend.

The risk label is gone. But the admissions process is just getting started.

Arrange a demo

More News and Resources

Cookie Settings

Manage your cookie preferences here.