Regulations dive

South Africa’s KYC requirements: What you need to know to stay compliant

Mar 23, 2023
5 min read

Chandrika Mahapatra

KYC Content Specialist uqudo

Did you know that South Africa is the African continent’s most technologically advanced country? Home to 154 fintech startups, South Africa is one of the four leading countries in the African start-up scene. This growth in innovation and technology has made the country one of the pioneers in the fintech and financial services industries.

With rapid technological growth, identity verification has also grown largely digital in the country. This has also resulted in an increase in identity theft, corruption and other financial crimes in recent years. Studies report that financial crimes, including tax evasion, bribery and corruption have consumed almost 19% of the country’s GDP, which is a huge detriment to South Africa’s economy. 

Large-scale financial frauds have resulted in South African regulatory bodies bringing out new AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism) regulations, that make it important for companies to evaluate customer risk profiles and implement mitigating measures. 

KYC (Know Your Customer) is another important procedure that helps banks and financial institutions verify their customer/client identities to prevent financial fraud and fight money laundering activities. 

Who is the financial regulator in South Africa?

The Financial Sector Conduct Authority (FSCA) is the financial regulator in South Africa, complying with the FATF (Financial Action Task Force), OFAC (Office of Foreign Assets Control) and ESAAMLG (Eastern and Southern Africa Anti-Money Laundering Group) guidelines. 

The regulator of all institutions that provide financial products and services, the FSCA regulates banks, insurance companies, retirement fund administrators and other financial firms, that provide services including,

  • Banking and credit services
  • Investment management
  • Insurance
  • Trading

The SARB (South African Reserve Bank) and Prudential Authority are other financial bodies that play an important role in monitoring the financial stability of the country. Financial institutions in South Africa have to legally comply with the Financial Intelligence Centre Act (FICA) 38 of 2001 to combat money laundering, terrorist financing, tax evasion and other financial crimes. 

What is the identity verification process in South Africa?

The identity verification process in South Africa includes 

1. Customer identification

The first step in the identity verification process includes establishing the identity of the customer. This is done using identity documents that include the name, date of birth and address of the user from government-issued identification documents. 

2. Customer screening

Once the identity of the user is established, the next step is to evaluate their financial risk profiles. This is done by assessing their past financial behaviour and screening them against sanctions, PEP and adverse media lists. According to their risk profiles, customers are classified into high-risk, medium-risk and low-risk individuals. 

3. Continuous monitoring

Once a user has been identified and onboarded, the identity verification process doesn’t stop. In fact, it is important to constantly monitor the customer’s risk profile, by periodically updating user information and evaluating their risk profiles.

South Africa’s National ID database

South Africa’s national ID, also known as the Smart ID card, is issued by the National Department of Home Affairs. The Smart ID card is used for verifying the identity of individuals for transactions in the country, including opening a bank account, voting and passport applications.

Issued to South African citizens or permanent residence permit holders above the age of 16, the Smart ID card contains the following information,

  • Name
  • Sex
  • Nationality
  • Identity Number
  • Date of Birth
  • Country of birth
  • Citizenship status
  • Signature

The Smart ID card also contains a microchip that contains the individual’s biometrics, photo and personal information. 

The national ID card contains the South African Identity Number which is a 13-digit number in the YYMMDDSSSSCAZ format, which is defined as,

  • The first 6 digits (YYMMDD) depict the date of birth.
  • The next 4 digits (SSSS) define the gender.
  • The next digit (C) denotes the South African citizenship status (Citizen or Permanent Resident).
  • The last digit (Z) is a checksum that validates the ID number.
South Africa's National ID

What are the KYC requirements in South Africa?

Financial institutions in South Africa are required to follow the guidelines given by the Financial Intelligence Centre (FIC) under the FICA of 2001 for customer identity verification. This act plays an important role in identifying unlawful financial activities and combatting money laundering and terrorist financing. The FIC is also in charge of guiding financial institutions on their responsibilities under the FICA.

The documents required for KYC in South Africa vary according to a company’s requirement but generally include

  • Government-issued photo ID card (passports, Smart ID card)
  • Address proof (utility bills)

With the new Smart ID cards, identity verification for some businesses in the country also requires biometric information to verify user identity.

How is customer screening done in South Africa?

In accordance with the FICA, financial institutions in South Africa must maintain strong AML policies, including customer due diligence, risk assessment and continuous monitoring. They must also record all their AML compliance activities and report suspicious behaviour to the FIC. The FIC works alongside other regulatory agencies like SARB (South African Reserve Bank) and the FSCA to ensure that financial institutions comply with AML regulations.

For this, customers are screened against the sanction, PEP and adverse media lists. 

1. Sanction list screening

Sanction lists are official lists of names of people involved in illegal activities, published by government and international authorities. A few examples are;

  • Financial Action Task Force (FATF) grey and black lists
  • United Nations Sanction List
  • Office of Foreign Assets Control (OFAC) Sanctions List
  • Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG) List
  • Money laundering lists
  • Terrorist financing lists
  • Drug trafficking lists
  • Human rights violations lists
2. PEPs screening

PEPs (Politically Exposed Persons) are those individuals who are currently holding a high-profile government position or are senior leaders in international organisations. Due to their influence over governmental and/or international bodies, PEPs tend to pose a larger risk to companies.

PEP screening refers to identifying these individuals ad evaluating their risk profiles during their onboarding process.

3. Adverse Media Screening

Adverse media screening refers to identifying potentially damaging information about individuals in the news and other data sources. This helps companies identify potential risks such as money laundering, terrorist financing, tax evasion and corruption, thereby protecting their reputation.  

Authentication of users in South Africa

After a customer is onboarded, they can access products and services on a digital platform. To do this, the user has to be authenticated, so that they can get access to secure systems.

How are users authenticated? Here are a few methods,

1. Passwordless login

Using passwordless alternatives, this method of authentication verifies customer identities using different authentication methods, including facial recognition, fingerprint verification, OTPs (One-Time Passwords), push notifications etc. Since passwordless authentication eliminates the need to remember passwords, it is a very convenient and secure method of authenticating users. It also reduces password-related breaches including identity theft.

2. Biometric authentication

This method of authenticating customers uses their unique biometric characteristics, such as facial features, fingerprints, voice and iris scans. Being physical traits, biometrics are hard to replicate, providing a secure method of authentication. Also, since it removes the hassle of remembering passwords, biometric authentication is more convenient and user-friendly. 

3. Two-factor authentication

Adding a second layer of security, 2FA authenticates customers using two different credentials. This can be a combination of something the user knows (a password or a PIN code), something the user is (biometric information such as fingerprint scans, facial recognition, voice recognition, retina and iris scans) or something the user has (One Time Password or a security token sent to the user’s device). This added layer of security helps protect users from bad actors and phishing attacks.

4. FIDO and FIDO2 Authentication

Fast Identity Online (FIDO) and FIDO2 are passwordless authentication alternatives that use biometrics such as fingerprint scans, facial recognition, voice recognition and iris scans along with pass-keys on a user’s device to authenticate individuals. This lets users securely authenticate themselves without having to remember complex passwords.

How can uqudo help you onboard users efficiently in South Africa?

Our comprehensive onboarding platform lets you onboard customers securely with the following steps.

1. Step 1 – AI Document Scanning + OCR

a. Use our powerful AI document scanner to quickly read and scan identity documents, including

    1. Passports
    2. ID cards
    3. Driving Licenses

b. Evaluate the quality of the document, and also check for tamper.

c. Identify necessary fields on the document, and extract data using Optical Character Recognition.

2. Step 2 – Face Verification and Liveness Detection

a. Verify if the user on the camera is real, and matches the document.

b. Detect if the person on the camera is live and not a spoof.

3. Step 3 – Identity verification

Once a user is identified, access government repositories to verify their identities.

4. Step 4 – Screening

Check if the individual is worth doing business with, using AML, sanction, PEP and adverse media screening.

5. Step 5 – Passwordless login

Once a user has been onboarded, let them log in to your platform in a hassle-free manner using biometrics or FIDO2 authentication. 

Stay compliant with South Africa’s KYC and AML regulations by letting uqudo perform all necessary verifications and screenings. Get in touch with us to learn more!

Chandrika Mahapatra

KYC Content Specialist uqudo

Similar Posts

Regulations dive
May 18, 2023
5 min read

KYC in Rwanda: What you need to know while verifying users

Chandrika Mahapatra

KYC Content Specialist uqudo

Regulations dive
Dec 14, 2022
5 min read

The ultimate guide to KYC in Nigeria

Chandrika Mahapatra

KYC Content Specialist uqudo

Stay up-to-date with the world of identity.

Subscribe to get the latest identity articles, guides and videos, straight to your email.

We’re committed to your privacy uqudo uses the information you provide to contact you about our content, products, and services. You may unsubscribe from these at any time. For more information, check out our privacy policy.