South Africa still carries the stigma of being grey listed by the world’s financial crime watchdog. In October, the Financial Action Task Force (FATF) will decide whether the country has done enough to shed that label – and whether the systems built in boardrooms and server rooms now carry weight in courtrooms.
“Everything that can be done, has been done,” says James Saunders, CTO and co-founder of compliance technology firm RelyComply, which builds platforms for banks and fintechs to manage customer screening, onboarding and risk monitoring. “The Prudential Authority and Financial Intelligence Centre and the various regulators have shown real teeth. They have scared a lot of people.”
Grey listing has had far-reaching consequences. It placed South Africa on the same footing as countries where illicit flows of money are seen as high risk. Every international transaction became more expensive, and foreign investors grew wary of dealing with South African entities. In practice, it became a reputational penalty that translated directly into cost.
The shock forced compliance into the centre of financial services strategy.
“A whole bunch of back-office processes that have been traditionally very manual” are now embedded inside digital services, says Saunders. He points to a deployment where onboarding went from ten days to three minutes. That shift shows that compliance has become integral to how products are designed and delivered.
Bradley Elliott, CEO of RelyComply, says the grey list changed the mindset of executives.
“The sector has moved from a tick-box exercise to a risk-based approach,” he says. “Grey listing forced executives to think about risk in terms of liability, and that is personal liability for directors.”
Boards now demand evidence. And that includes a track record for the compliance technology providers themselves.
Elliott says: “The first question is, who have you done it for? If you can show a Standard Bank reference, it carries across the continent. If you go to London, they still want to know who you’ve done it for in London.
“What we are selling is risk mitigation. That is what a board is buying. That is what a regulator is looking for. That is what directors want to see.”
That demand for proof also drives a rethink of technology. “Customers tend to have a whole bunch of different point solutions,” says Saunders. “Our view is one system, one point of integration, end to end… a single view of the risk of your customer base.” Cloud delivery allows “a full audited log of all interactions around compliance” and time-to-market “down to weeks”.
Fraud and identity verification are the next frontier, says Saunders: “Synthetic identities are going to be an absolute nightmare.” He cites a bank in Asia where 12% of new account applications were synthetic.
RelyComply itself was born when a bank launched a new digital product without consulting its compliance team. The scramble to patch that oversight produced the prototype for a platform that now runs in more than ten countries.
“Markets differ in nuance, but complexity rhymes across borders,” says Saunders.
Global growth brings its own obstacles. Elliott says: “Access to beneficial ownership data in some markets is straightforward. In others, it is fragmented, locked away in different registries, and often in formats that don’t line up. You cannot build a system on top of broken data. You need consistency, you need lawful access, and you need a clear audit trail.”
The FATF process amplifies those demands, since peer review culture values evidence over promises. “Supervisors want to see controls that work in practice,” says Elliott. “Banks want platforms that can absorb new rules without major rewrites. Fintechs want credibility that travels across borders. The common ground is trust.”
South Africa’s regulators have helped create momentum by showing real enforcement power. The FATF plenary will ask whether the public sector has matched private innovation with the ability to prosecute financial crime.
This goes to the heart of FATF’s role. The watchdog expects countries to prove they can investigate, prosecute and convict those who exploit gaps in financial oversight. Technology can surface patterns in real time, but enforcement agencies must turn those signals into cases that stand up in court.
Saunders warns: “The bad guys are constantly innovating, and they will take any gap. You have to invest in people, in process and in technology. If you miss one of those, you are exposed.”
* Arthur Goldstuck is CEO of World Wide Worx, editor-in-chief of Gadget.co.za, and author of “The Hitchhiker’s Guide to AI – The African Edge”.