In May 2025 the Financial Intelligence Centre (FIC) highlighted the importance of having a Risk Management and Compliance Programme (RMCP): “An adequate RMCP may safeguard accountable institutions from legal entities and natural persons seeking to criminally abuse the accountable institution,” said Christopher Malan, Executive Manager for Compliance and Prevention at the FIC.
RMCPs are seen as the cornerstone of compliance with the Financial Intelligence Centre Act (FICA). However, it is often the area where most Accountable Institutions (AIs) fail as they either don't have one or their RMCP is not adequately tailored to their business or kept updated. It is on this premise that the FIC issued a general request on 4 March 2025 for AIs to submit a copy of their RMCPs electronically on the goAML platform by 12 March 2025.
Malan has advised that the requirement to submit RMCPs to the FIC remains in force, despite the expiry of the closing date. As such, AIs who are in default should immediately submit their outstanding RMCPs electronically to the FIC on the goAML platform.
The below serves to outline a basic guide of what an RMCP is and some important things to consider when compiling your RMCP.
A RMCP is a document which contains all the procedures a business needs to undertake in order to ensure full compliance with the FIC Act. This includes developing and documenting controls which mitigate and manage the business’ money laundering, terrorist and proliferation financing risks. The RMCP should be reviewed and continuously updated (where necessary) to ensure it is effective and sufficient.
All accountable institutions, as listed in Schedule 1 of the FIC Act, are required to develop, document, maintain and implement a RMCP.
Part of fulfilling the RMCP obligation requires an AI to understand how various criminals could use their services or products to “clean” money or use the proceeds to finance terrorism or the proliferation of weapons. It is the responsibility of the AI to put in place risk mitigation measures and controls as part of their RMCP to protect the business. This forms part of applying a risk-based approach. Some examples of risk factors to consider include: the type of clients you serve, the products and services you sell, distribution channels, the geographic locations of where your clients are based, how transactions are paid for (is it in cash or electronic?) etc . As an AI understanding whether a client poses a higher or lower risk for money laundering, terrorist financing and proliferation financing will assist in applying varying degrees of verification and other measures at onboarding and in ongoing business relations.
Keep your RMCP updated – it is not a once off document! As regulations and your business landscape change, so should your RMCP. It is also important that your RMCP is signed and dated by the relevant parties.
The highest authorities in the business should take ultimate responsibility for the implementation and enforcement of the RMCP. It is a document that everyone in the business should have access to and be aware of. Businesses should enforce training of FICA as well as the RMCP.
The above highlights some of the important aspects that need to be considered when developing and implementing your RMCP.
As a reminder from the FIC: “Accountable institutions are reminded that non-submission of the RMCP constitutes non-compliance with the FIC Act. Non-compliant accountable institutions should submit their outstanding RMCPs on the FIC’s registration and reporting portal, goAML.” Malan has cautioned AIs not to equate submission of the RMCP as being compliant with all the prerequisites for a fully compliant RMCP. “RMCPs will be tested against the legislative requirements through inspections and compliance monitoring.”
Should you require assistance, nCino KYC have a well experienced team of FICA compliance experts that can work together with you to compile an RMCP document that is tailored to your business. Partner with nCino KYC today and let our compliance experts help streamline your compliance processes. To learn more about our solution, reach out to our team.