Directive 11 of 2026: 2026 Risk and Compliance Return Submission Requirements

9/5/1/3

FINANCIAL INTELLIGENCE CENTRE ANNOUNCES SUBMISSION DATES FOR 2026 RISK AND COMPLIANCE RETURNS 31 March 2026: The Financial Intelligence Centre (FIC) on Tuesday, 31 March 2026,

issued Directive 11 of 2026 (Directive 11) (access Directive 11 here) mandating specified businesses and professions to submit their 2026 risk and compliance return (2026 RCR) to the FIC electronically within set deadlines. Directive 11 has been issued on Tuesday, 31 March 2026, and will come into effect on Wednesday, 1 April 2026. Importantly, Directive 11 directs that the window for submission of the 2026 RCR will open on Monday, 4 May 2026 and will close on different dates, Tuesday, 30 June and Friday, 31 July 2026, depending on the specified category of business. Directive 11 places the obligation on specified accountable institutions in terms of the Financial Intelligence Centre Act (FIC Act) to complete a self-assessment questionnaire - covering three reporting years - on their understanding of the money laundering, terrorist and proliferation financing (ML, TF and PF) risks they face and the implementation of risk-based control measures. The requirement to submit the 2026 RCR applies to all accountable institutions referred to in items 1, 2, 3, 9, 11 (excluding banks, mutual banks and co-operative bank credit providers),14, 20, 21, and 22 of Schedule 1 of the FIC Act. Specified accountable institutions are required to submit questionnaires using information relating to their operations for a designated period between 2023 and 2026.

MEDIA RELEASE

Page 1 of 3

Accountable institutions need to source information required to complete the 2026 RCR questionnaire from their risk management and compliance programmes, Companies and Intellectual Property Commission documents, financials, records of regulatory reports filed to the FIC, et cetera. The FIC first introduced the RCR mechanism in May 2023 in support of its risk-based supervision framework and to assist South Africa's work toward exiting the Financial Action Task Force's (FATF's) grey list. FATF required the country, and by extension the FIC as the supervisor, to implement assessment tools to identify higher risk businesses and professions as a basis for risk-based supervision. The information provided in RCRs assists the FIC's understanding of the institutions and their levels of risk exposure, so that appropriate risk-based approach supervision may be applied. Using the data from the RCRs submitted by accountable institutions, the FIC can supervise, monitor and enforce compliance with the anti-money laundering and combating financing of terrorism obligations. Christopher Malan, Executive Manager for Compliance and Prevention, said: "The inputs from the first round of RCRs which began in 2023 provided valuable insights into the ML, TF and PF risks businesses faced at an individual and sector-wide level. The information received in 2023 RCRs enabled the FIC to identify higher risk accountable institutions and take supervisory decisions on whom to inspect, in applying a risk-based approach. The information received through 2023 RCRs played a critical role in South Africa demonstrating it was remediating the grey listing action items, which contributed to us exiting the grey listing process." Malan said further: "The latest iteration of the risk and compliance return, the 2026 RCR, entrenches the mechanism in the FIC's risk-based supervisory approach and helps us better assist accountable institutions in implementing measures to mitigate identified risks." "The success or failure of this measure depends on a compliant business community, and we call upon the specified accountable institutions to meet their obligations to complete and submit their RCRs on time."

Page 2 of 3

Filing periods

Trust and company service providers (item 2), casinos (item 9), credit providers (item 11, excluding banks, mutual banks, and co-operative banks), the Post Bank, the South African Mint, crypto asset service providers (item 22) must file their RCRs between 4 May and 30 June 2026. Legal practitioners (item 1), estate agents (item 3) high-value goods dealers (item 20) - including dealers in precious metals, precious stones and Kruger rands - and non-casino gambling institutions (item 9) are required to submit their RCRs between 4 May and 31 July 2026. The FIC has published Draft Public Compliance Communication 125 of 2026 to provide practical guidance to the specified accountable institutions on how to submit their 2026 RCR. Accountable institutions can find more information including a sample questionnaire in the web notice.

Issued by The Financial Intelligence Centre For more information please contact: media@fic.gov.za

Note to editors: As South Africa's national centre for the gathering and analysis of financial data, the

role of the Financial Intelligence Centre (FIC) is to safeguard the integrity of the country's financial system and its institutions. In pursuit of this, the Financial Intelligence Centre Act, 2001 (Act 38 of 2001), mandates the FIC to assist in the identification of the proceeds of crime and assist in combating money laundering, terrorist financing and proliferation financing, to facilitate effective supervision and enforcement of the Act. Under this legislation, financial and non-financial institutions are required to fulfil certain compliance obligations, including registering with, and filing various regulatory reports to the FIC. The information provided in these reports forms the basis for the FIC's analysis to develop financial intelligence reports for use by a wide range of law enforcement, other competent authorities, and other institutions to facilitate the administration and enforcement of the laws of the Republic. The FIC Act also sets out the enforcement and penalty regime for non-compliance with the FIC Act.

For more about the FIC visit www.fic.gov.za

R143.9 million

Value of proceeds of crime recovered, in which the FIC's financial 3 104 reactive | 1 092 proactive | Financial intelligence reports disseminatedCompliance inspections conducted Regulatory reports received Cash threshold reports received Suspicious and unusual transaction reports received > 13.4 million >3.1 million >570 000 2024/25 ITEM Value of suspected criminal proceeds frozen Page 3 of 3 >R157.5 million Total number of institutions registered as at year end 55 262 intelligence was used 51 on illicit financial flows