In depth

The FATF has formally delisted South Africa from its “jurisdictions under increased monitoring,” closing a two-year chapter that began in February 2023. Delisting follows completion of the 22-point Action Plan, an on-site assessment in July 2025 and demonstrable progress across investigations, prosecutions, asset recovery and supervisory effectiveness. Practically, the decision reduces the elevated risk flag that foreign counterparties have applied to South African transactions and counterparties.

Legally, it signals that South Africa’s framework is no longer viewed as deficient in either technical compliance or effectiveness while making clear that ongoing results, not one-off reforms, will be the measure going forward.

What changes and what does not

Removal from the greylist does not relax domestic obligations. Amendments to the Financial Intelligence Centre Act (FICA) and related statutes, beneficial-ownership registers at the Companies and Intellectual Property Commission and Masters’ Offices and heightened supervisory expectations by the Financial Intelligence Centre (FIC), Prudential Authority, South African Reserve Bank, Financial Sector Conduct Authority (FSCA) and other supervisors all remain in full force. Accountable institutions must continue to apply a risk-based approach to customer due diligence (CDD), politically exposed person (PEP) management, ongoing monitoring, targeted financial sanctions screening, suspicious and unusual transaction reporting and record-keeping.

Internationally, counterparties in the UK, EU and other markets often tie enhanced due diligence (EDD) measures to their own high-risk third-country lists. Those lists will update on their own timetables. Until that occurs, some transactions may still encounter legacy EDD frictions. Over time, however, delisting should translate into fewer escalations, faster payment processing and lower compliance drag on cross-border trade, remittances and investment flows.

Supervision and enforcement are entering an “effectiveness” phase

The greylisting period triggered visible increases in inspections and administrative sanctions for FICA breaches. That trajectory is unlikely to reverse. Supervisors will expect institutions not only to have policies but to evidence outcomes: meaningful risk assessments, quality beneficial-ownership verification, high-quality suspicious activity reports and demonstrable use of monitoring tools. Boards and senior management remain accountable for the design and testing of AML/CFT controls, with audit trails to show that findings are remediated and lessons embedded.

Crypto-asset service providers are a particular focus. With crypto assets designated as “financial products” and Virtual Asset Service Providers (VASPs) brought within the FIC/Financial Advisory and Intermediary Services Act (FAIS) perimeter, licensing, registration, CDD, sanctions screening and reporting expectations now mirror mainstream financial services. Cross-sector designated non-financial businesses and professions—such as estate agents and other accountable institutions can expect closer attention to the quality and timeliness of their reporting and customer-risk methodologies.

Practical priorities for businesses

To convert delisting into durable advantage and prepare for the next mutual evaluation cycle (expected to commence in 2026), companies should prioritize:

• Data and beneficial ownership (BO) transparency: Map BO capture points across onboarding with periodic refreshing; align with Companies and Intellectual Property Commission (CIPC)/Masters’ registers; adopt escalation standards where BO information is incomplete, inconsistent or high-risk.
• Risk assessment refresh: Update enterprise-wide AML/CFT risk assessments to reflect new typologies, cross-border exposure and product/channel risks; link ratings to CDD depth and monitoring thresholds.
• People and accountability: Train line management on red-flag escalation and BO verification; ensure accountable executives can explain control design, risk appetite and remediation timelines to supervisors.
• Third-party management: Extend AML/Sanctions diligence and contract standards to agents, fintech partners and white-label arrangements; verify that outsourced know-your-client vendors meet local law requirements and data-privacy rules.
• Whistleblowing and investigations: Maintain confidential reporting channels and investigation protocols; coordinate with legal, HR and IT for evidence preservation and privilege, including in cyber-incident responses.

FATF delisting recognizes measurable outcomes, more complex money laundering and terrorist financing (ML/TF) prosecutions, stronger confiscation performance, functional BO registries and risk-based supervision. Sustaining that performance will require continued cooperation between law enforcement, supervisors and the private sector. Institutions should anticipate ongoing information-sharing initiatives, typology updates and occasional joint operations. Documented engagement with supervisory feedback and industry guidance will be an asset in future inspections.

Looking ahead

The next FATF mutual evaluation will test whether reforms produce consistent, repeatable outcomes. Firms that embed risk-based controls, invest in data quality and analytics and demonstrate timely remediation will benefit from smoother cross-border interactions and better access to global financial services.

Delisting is therefore not deregulation; it is a pivot from catch-up to continuous improvement. The legal framework now in place is sufficiently robust. The task for boards and executives is to convert that framework into everyday practice so that South Africa’s financial system remains transparent, resilient and open for business.