The Financial Intelligence Centre (“FIC”) has issued Directive 11 of 2026 in terms of the Financial Intelligence Centre Act 38 of 2001 (“FIC Act”), requiring certain Schedule 1 accountable institutions to submit a 2026 Risk and Compliance Return (“RCR”). The purpose of the Directive is to enable the FIC to assess institutions’ compliance with their anti-money laundering (“AML”), counter-terrorist financing (“CFT”), and counter proliferation financing (“CPF”) obligations.

WHO MUST SUBMIT A RISK AND COMPLIANCE RETURN?

Directive 11 applies to the following accountable institutions listed in Schedule 1 to the FIC Act:

• legal practitioners (Item 1);
• trust and company service providers (Item 2);
• estate agents (Items 9);
• credit providers (Item 11), excluding banks, mutual banks, and co-operative banks;
• the South African Postbank (Item 14);
• high-value goods dealers (Item 20);
• the South African Mint (Item 21); and
• crypto asset service providers (Item 22).

SUBMISSION REQUIREMENTS AND DEADLINES

The RCR must be completed and submitted electronically via the FIC reporting platform from 4 May 2026.

Depending on the applicable Schedule 1 classification, institutions must submit their returns by either 30 June 2026 or 31 July 2026.

The reporting period covered by the return runs either from 1 April 2023 to 31 March 2026 or from 1 July 2023 to 31 March 2026, depending on the sector.

WHAT INFORMATION MUST BE SUBMITTED?

The RCR requires accountable institutions to confirm their understanding of their exposure to money laundering, terrorist financing, and proliferation financing risks and to demonstrate how these risks are managed.

Institutions must report on the implementation of their Risk Management and Compliance Programme (“RMCP”), customer due diligence procedures, beneficial ownership identification, sanctions and politically exposed person screening measures, internal reporting processes, and compliance governance structures, including training and record-keeping controls.

CONSEQUENCES OF NON-COMPLIANCE

Failure to submit the RCR constitutes non-compliance with Directive 11 of 2026 and may result in administrative sanctions being imposed under the FIC Act.

Accountable institutions should ensure that their compliance frameworks are up to date and that the required information for the applicable reporting period is available before submission.

PRACTICAL CONSIDERATIONS FOR ACCOUNTABLE INSTITUTIONS

Accountable institutions should ensure that their Risk Management and Compliance Programme is up to date and properly implemented before completing the return.

Institutions are also encouraged to verify that their internal reporting procedures, client due diligence measures, and training programmes are aligned with the requirements of the FIC Act, as the Risk and Compliance Return is frequently used by the FIC to identify institutions for supervisory engagement or inspection.

Early preparation is recommended to ensure that the required information covering the full reporting period is readily available prior to submission.

 

If your organisation falls within one of the affected Schedule 1 categories and is required to submit a Risk and Compliance Return in terms of Directive 11 of 2026, it is important to ensure that your compliance framework and supporting documentation are aligned with the requirements of the Financial Intelligence Centre Act 38 of 2001. Our team regularly advises accountable institutions on FIC registration, Risk Management and Compliance Programme (RMCP) implementation, customer due diligence requirements, and Risk and Compliance Return submissions. Should you require assistance in confirming whether the Directive applies to your organisation or in preparing your submission, please contact us and we will be happy to assist.