Sign up
Subscribe
Home / news / Can COFI end South Africa’s siloed compliance crisis?
news

Can COFI end South Africa’s siloed compliance crisis?

Can COFI end South Africa’s siloed compliance crisis?

South Africa is estimated to lose R100bn a year to financial crime, and the people trying to stop it still do not work from the same playbook. That matters for PSPs and other accountable institutions because the Conduct of Financial Institutions (COFI) Bill is pushing AML, fraud, conduct and prudential controls into one joined-up framework whether firms are ready or not.

  1. RelyComply says the real problem is not just scale, but coordination: organised crime networks run multiple financial crime typologies at once, while regulators, law enforcement and financial firms still lack a standardised, interconnected risk management system. As criminals use digital tools faster, that gap gets wider, not narrower.
  2. Under the 2017 Financial Sector Regulation (FSR) Act, South Africa’s “Twin Peaks” model, launched in 2018, split oversight in two. The Prudential Authority handles safety and stability, while the Financial Sector Conduct Authority (FSCA) polices market conduct and customer fairness. COFI, being rolled out in phases by the National Treasury, is meant to weld existing statutes — including the Banks Act 1990 and Financial Markets Act 2012 — into one consistent piece of legislation.
  3. The catch is that COFI assumes firms already have digital, connected AML processes. Most do not. Compliance teams still report separately, and cross-functional threats are handled repeatedly under different rules and in different systems. In practice, that means firms with fragmented intelligence may struggle to meet COFI’s requirements at all.
  4. COFI applies to all accountable institutions under the FSR Act, from major banks and insurers to payment providers and credit rating companies. The “principle of proportionality” may spare smaller firms from identical obligations, but it does not spare them from compliance itself.
  5. For directors, the shift is sharper still. COFI tightens governance and licensing expectations, and boards will need to show how AML, fraud and conduct controls are maintained. Periodic reporting will not be enough; the model points to real-time monitoring and audit trails that show the Financial Intelligence Centre (FIC) exactly where decisions on high-risk alerts were made.

At the FSCA 2026 conference, firms were urged to share financial crime intelligence — excluding sensitive personal data — with regulators, related sectors and law enforcement. The logic is straightforward: if criminal networks collaborate, defenders have to do the same. For PSPs and other high-risk operators, that puts a premium on embedded AI monitoring, board-level dashboards, integrated KYC and AML workflows, and explainable AI models that can document decisions when the FIC asks questions later.

Weekly high-risk digest

Regulation, sanctions and payment news across your verticals — once a week, free.

Please check your inbox and click the link to confirm your subscription.

Please enter a valid email address!