The Financial Intelligence Centre (FIC) has recently brought Directive 11 of 2026 into force following a public consultation process, marking an important development in South Africa’s anti-money laundering (AML) and counter-terrorism financing (CTF) framework.

The Directive, effective from 1 April 2026, governs the submission of the 2026 Risk and Compliance Returns (RCRs) and must be read alongside Draft Public Compliance Communication 125, which provides guidance on how compliance is expected in practice.

What is the purpose of Directive 11?

Directive 11 serves as a key supervisory tool, requiring specified accountable institutions to submit an electronic risk and compliance return (RCR) via the FIC’s goAML platform. The purpose of the RCR is to assess both an institution’s exposure to money laundering, terrorist financing and proliferation financing risks, and the effectiveness of its risk-based compliance controls under the Financial Intelligence Centre Act (FICA).

Who does Directive 11 apply to?

The Directive applies to a broad range of accountable institutions listed in Schedule 1 of FICA, including estate agents, legal practitioners, casinos, crypto asset service providers, and high-value goods dealers, although certain institutions such as mutual banks and co-operative bank credit providers are excluded.

2026 deadlines apply

The submission window opens on 4 May 2026, with reporting periods generally covering 1 April 2023 to 31 March 2026 (or from 1 July 2023 in some cases). Strict deadlines apply where certain institutions must submit by 30 June 2026 while others including estate agents and legal practitioners must submit by 31 July 2026. All submissions must be complete, accurate, and based on the institution’s actual risk assessment and control environment. Failure to comply constitutes non-compliance with FICA and may result in administrative sanctions.

While Directive 11 establishes the legal obligation, Draft PCC 125 provides important practical guidance on the format, completion, and submission of RCRs. Although still open for comment until 24 April 2026, it is likely to shape how compliance is assessed.

Early preparation essential

The draft guidance emphasises early preparation, requiring institutions to complete RCR templates and gather supporting data before accessing the live system. It also introduces structured multi-period reporting, where each reporting period must be completed in full before submission is possible.

Importantly, only institutions registered on the goAML platform with a valid organisational identity (Org ID) will be able to submit returns. In addition, while a single consolidated return is generally required, separate legal entities, franchise networks, and institutions conducting multiple Schedule 1 activities may be required to submit multiple RCRs.

Senior management or the board is responsible for submissions

From a governance perspective, responsibility for submissions ultimately rests with senior management or the board. Once submitted, RCRs cannot be edited or withdrawn, and any errors must be addressed through a formal query process, highlighting the need for accuracy and proper internal verification.

In conclusion, Directive 11 and Draft PCC 125 signal a clear shift towards a more structured, data-driven compliance environment. Accountable institutions must now not only comply with their obligations but demonstrate a clear understanding of their financial crime risks and the effectiveness of their controls.