South Africa’s KYC requirements: What you need to know to stay compliant

What are the KYC requirements in South Africa?

Financial institutions in South Africa are required to follow the guidelines given by the Financial Intelligence Centre (FIC) under the FICA of 2001 for customer identity verification. This act plays an important role in identifying unlawful financial activities and combatting money laundering and terrorist financing. The FIC is also in charge of guiding financial institutions on their responsibilities under the FICA.

The documents required for KYC in South Africa vary according to a company’s requirement but generally include

• Government-issued photo ID card (passports, Smart ID card)
• Address proof (utility bills)

With the new Smart ID cards, identity verification for some businesses in the country also requires biometric information to verify user identity.

How is customer screening done in South Africa?

In accordance with the FICA, financial institutions in South Africa must maintain strong AML policies, including customer due diligence, risk assessment and continuous monitoring. They must also record all their AML compliance activities and report suspicious behaviour to the FIC. The FIC works alongside other regulatory agencies like SARB (South African Reserve Bank) and the FSCA to ensure that financial institutions comply with AML regulations.

For this, customers are screened against the sanction, PEP and adverse media lists. 

1. Sanction list screening

Sanction lists are official lists of names of people involved in illegal activities, published by government and international authorities. A few examples are;

• Financial Action Task Force (FATF) grey and black lists
• United Nations Sanction List
• Office of Foreign Assets Control (OFAC) Sanctions List
• Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG) List
• Money laundering lists
• Terrorist financing lists
• Drug trafficking lists
• Human rights violations lists

2. PEPs screening

PEPs (Politically Exposed Persons) are those individuals who are currently holding a high-profile government position or are senior leaders in international organisations. Due to their influence over governmental and/or international bodies, PEPs tend to pose a larger risk to companies.

PEP screening refers to identifying these individuals ad evaluating their risk profiles during their onboarding process.

3. Adverse Media Screening

Adverse media screening refers to identifying potentially damaging information about individuals in the news and other data sources. This helps companies identify potential risks such as money laundering, terrorist financing, tax evasion and corruption, thereby protecting their reputation.  

Authentication of users in South Africa

After a customer is onboarded, they can access products and services on a digital platform. To do this, the user has to be authenticated, so that they can get access to secure systems.

How are users authenticated? Here are a few methods,

1. Passwordless login

Using passwordless alternatives, this method of authentication verifies customer identities using different authentication methods, including facial recognition, fingerprint verification, OTPs (One-Time Passwords), push notifications etc. Since passwordless authentication eliminates the need to remember passwords, it is a very convenient and secure method of authenticating users. It also reduces password-related breaches including identity theft.

2. Biometric authentication

This method of authenticating customers uses their unique biometric characteristics, such as facial features, fingerprints, voice and iris scans. Being physical traits, biometrics are hard to replicate, providing a secure method of authentication. Also, since it removes the hassle of remembering passwords, biometric authentication is more convenient and user-friendly. 

3. Two-factor authentication

Adding a second layer of security, 2FA authenticates customers using two different credentials. This can be a combination of something the user knows (a password or a PIN code), something the user is (biometric information such as fingerprint scans, facial recognition, voice recognition, retina and iris scans) or something the user has (One Time Password or a security token sent to the user’s device). This added layer of security helps protect users from bad actors and phishing attacks.

4. FIDO and FIDO2 Authentication

Fast Identity Online (FIDO) and FIDO2 are passwordless authentication alternatives that use biometrics such as fingerprint scans, facial recognition, voice recognition and iris scans along with pass-keys on a user’s device to authenticate individuals. This lets users securely authenticate themselves without having to remember complex passwords.

How can uqudo help you onboard users efficiently in South Africa?

Our comprehensive onboarding platform lets you onboard customers securely with the following steps.

1. Step 1 – AI Document Scanning + OCR

a. Use our powerful AI document scanner to quickly read and scan identity documents, including

1. 1. Passports
   2. ID cards
   3. Driving Licenses

b. Evaluate the quality of the document, and also check for tamper.

c. Identify necessary fields on the document, and extract data using Optical Character Recognition.

2. Step 2 – Face Verification and Liveness Detection

a. Verify if the user on the camera is real, and matches the document.

b. Detect if the person on the camera is live and not a spoof.

3. Step 3 – Identity verification

Once a user is identified, access government repositories to verify their identities.

4. Step 4 – Screening

Check if the individual is worth doing business with, using AML, sanction, PEP and adverse media screening.

5. Step 5 – Passwordless login

Once a user has been onboarded, let them log in to your platform in a hassle-free manner using biometrics or FIDO2 authentication. 

Stay compliant with South Africa’s KYC and AML regulations by letting uqudo perform all necessary verifications and screenings. Get in touch with us to learn more!