Shades of Grey: Things are not simply black or white

International financial crime watchdog the Financial Action Task Force (FATF) announced on 24 February 2023 that South Africa was added to its so-called "grey list" of countries under special scrutiny to implement standards to prevent money laundering and terrorism financing. In their release they stated, “New jurisdictions subject to increased monitoring are South Africa and Nigeria. When the FATF places a jurisdiction under increased monitoring, it means the country has committed to resolve swiftly the identified strategic deficiencies within agreed timeframes.”


The FATF sets international standards (the FATF Recommendations or Standards) which need to be committed to by jurisdictions around the world as part of an international co-ordinated effort to deter corruption, organised crime and terrorism. As part of this global effort, states are expected to transpose the FATF Standards into their national legislation and thereby deter or prevent illicit money flows that aid criminal and terrorist activity.

The FATF conducts regular evaluations of countries’ risk controls and risk mitigation measures to combat money laundering, terrorist financing and the financing of proliferation of weapons of mass destruction. In the case of South Africa, the Eastern and Southern African Anti-Money Laundering Group (ESAAMLG) together with the FATF, assess South Africa’s AML and CFT controls and the assessment consists of a comprehensive review of the effectiveness of the measures and their level of compliance with the FATF recommendations.

The first on-site visit by FATF to South Africa took place from 22 October to 12 November 2019. During this visit, FATF reviewed the different measures that were in place in South Africa, and furthermore,  assessed the level of understanding South Africa demonstrated in terms of its own national risks associated with money laundering and the financing of terrorism. As each country will have its own risks particular to the country’s geo-political, economic, financial and legislative environment: these risks have to be reflected in each country’s risk control framework.  

On completion of the visit, a Mutual Evaluation Report (MER) was prepared by both FATF and the ESAAMLG which comprised of the findings of the in-depth review conducted into South Africa’s implementation and effectiveness of AML/CFT/CFP measures. This Report was subsequently adopted by FATF during their June 2021 Plenary meeting. The ESAAMLG also adopted the report in September 2021.

At the Plenary meeting FATF delegates remarked that South Africa had a solid legal framework to fight money laundering and the financing of terrorism but had significant shortcomings with regard to implementing an effective controls framework including poor enforcement of the AML/CFT legislation already in place in the country exacerbated by a significant failure to pursue serious cases of money laundering and the financing of terrorism.

The MER summarised the AML/CFT measures in place in South Africa as at the date of the on-site visit (22 October to 12 November 2019). It further analysed the level of compliance with the FATF 40 Recommendations and the level of effectiveness of South Africa’s AML/CFT system and provided recommendations on how the system could be strengthened.  

Specifically, the report listed a set of “12 priority actions” that the South African government was required to take within a year to avoid being placed under increased monitoring (i.e., on the FATF ‘Grey List’). Hence, South Africa needed to implement more robust anti-money laundering and counter terrorist financing controls and in line with its risk profile.

The report specifically stated as regards the country’s risk profile that “South Africa is a G20 economy and a regional financial hub for Sub-Saharan Africa. Its banks offer a diverse suite of products and are the main entry point to the financial system. South Africa is exposed to the laundering of domestic crime proceeds and foreign crime proceeds from the region. It is also exposed to terrorism financing risks associated with foreign terrorism, foreign terrorist fighters (FTFs), and potential domestic terrorism.”

The implications for South Africa

The FATF Mutual Evaluation Report for South Africa cast a shadow over the country’s AML/CFT regime in its assessment of South Africa’s implementation of the FATF Standards and stated that in relation to 20 of the 40 FATF recommendations, South Africa was held to be either partially compliant or non-compliant.  Adding the country to the FATF ‘Grey List’ means that South Africa will be subject to increased monitoring by the FATF and their designated regional bodies until such time that SA can demonstrate that it is has achieved success in all 12 action points laid out in the FATF Action Plan. South Africa must demonstrate effective compliance with the FATF Standards and substantial progress of its action plan goals in order to be removed from the ‘Grey List’.

Countries on the FATF ‘Grey List’ are not automatically deemed to be ‘High Risk’ per se but will bear a higher ML/TF risk and corporate entities domiciled in these higher risk jurisdictions are therefore likely to become subject to Enhanced Due Diligence checks. South Africa being deemed a higher risk country will result in additional Customer Due Diligence checks and therefore additional cost for other international firms seeking to contract with South African financial organisations. This might discourage global investors from conducting business with South African entities.

Correspondent banking relationships between overseas banks and local South African banks will see increased CDD requirements for these Correspondent Banks on South African Respondent Banks making the relationship more onerous from a CDD and cost perspective. Higher risk relationships might also have implications for the reputation of these overseas banks and continued relationships with higher risk Respondent banks might also fall outside of their risk appetite resulting in a decrease in access to the international market for local South African Respondent banks.

Being added to the ‘Grey List’ will also result in premium increases, an increased cost of compliance for international business partners looking to continue contracting with South African entities, and cross-corresponding banking relationships will also be affected. All these factors combined could lead to disbanding of relationships and lost revenue for South Africa, not to mention the reputational damage which the country will suffer.

Re-aligning KYC to a risk-based approach

The crux of the matter is that the majority of South Africa’s accountable institutions have not transitioned from a rule-based to a risk-based approach to ML/TF risk assessment and mitigation, nor have they developed the necessary framework to support and maintain this. Such a transition is challenging and takes time and expertise to implement effectively. Whilst there are several elements to consider when re-aligning a KYC approach, it is worth highlighting four key components.

Appetite: There is not a one size fits all when it comes to risk appetite. All firms have their individual strengths and weaknesses according to the markets they operate in and the sectors they target for growth. It is therefore important that each business can outline why they are in certain markets and how they mitigate the risks of conducting such business using their own bespoke enhanced due diligence processes. A good example of this is how the historically conservative Canadian banks embraced the growth of Cannabis as a new market.

Risk Controls Framework: A significant part of an institutions risk controls framework is comprised of the operational procedures or handbook according to which the business must operate within the overarching firm-wide AML/CFT Policy. A firm’s Standard Operating Procedures need to be sufficiently detailed whilst also supplying practical instructions to users. Updates to the policy need to be introduced in a coherent manner.

Technology: KYC has historically been a manually intensive, time consuming and expensive exercise. This is gradually evolving as ‘REGTECH’ solutions flood the market in areas such as on-boarding, customer screening (sanctions/adverse news) and transaction monitoring. There are undoubtedly good solutions available, and this space will change dramatically in the years to come. However, the market is in a phase of consolidation and the winners are still to be determined.

Furthermore, vendor selection and implementation are time consuming processes that require substantial investment in resourcing from both the buyer and the vendor. Added to this, is the knowledge shortage within the banking sector regarding new technologies. Buyers need to ask vendors the right questions and the only way to learn this is by being immersed in and familiar with the capabilities and limitations of the various technology platforms.

People and standardisation: Individuals will still play a key role in the KYC process, but their responsibilities will become more technical and subjective but crucially, much more interesting which should improve motivation and performance levels. The historic rule-based approach uses a fairly robotic application of human resources which can lead to human error. Efficiently managed KYC teams need to conform to a standard that will change regularly as global events drive policy changes. Therefore, to monitor and maintain these standards remains a constant and continuous challenge.


South Africa has now been added to the FATF ‘Grey List’ together with Nigeria and will now be subject to increased monitoring by the international body and its regional agencies. However, South Africa can lead the way and learn from the AML and CFT legislation that other countries have adopted and implemented. The EU and the UK have always been viewed as leading global financial hubs with well-established regulatory frameworks. Therefore, a risk-based approach was introduced into EU legislation by the Fourth EU Anti-Money Laundering Directive (4AMLD) in June 2015, and transposed into UK legislation in June 2017 (MLR, 2017) by considering the latest FATF Recommendations of 2012.

EU and UK firms experienced the same set of complications that South African firms are currently experiencing when they adopted a risk-based approach. They had similar concerns as to what it meant to apply a risk-based approach and how to implement this approach within their policies and procedures.

Lysis Group has more than 20 years’ experience as global Financial Crime Compliance and Client Lifecycle Management experts and we have successfully helped many UK-based financial institutions to move from a rule-based to a risk-based approach. We can bring our lessons learned from these journeys to help South African regulated financial institutions to make the transition to a risk-based approach in both a cost effective and sustainable manner. The Lysis Group operates within South Africa from their Cape Town offices.

More Posts
Browse all Posts

Offices across the globe.