South Africa haemorrhages an estimated R100bn every year to financial crime, yet the very institutions charged with stopping it continue to work in isolation. Organised crime networks operate as coordinated enterprises, structured to run multiple financial crime typologies at scale and in parallel.
According to RelyComply, regulators, law enforcement and financial institutions, meanwhile, lack any standardised, interconnected risk management system, and as criminals harness digital innovation the gap keeps widening, undermining the sector’s core duty to protect the public.
RelyComply recently took the time to discuss what it labels ‘the great convergence’, through the Twin Peaks and the COFI Bill’s unified approach to end siloed compliance.
That imbalance is set to be addressed. Under the 2017 Financial Sector Regulation (FSR) Act, the ‘Twin Peaks’ reform model and its accompanying Conduct of Financial Institutions (COFI) Bill seek to consolidate the country’s patchwork of financial sector laws into a single framework.
The reform is explicitly designed to dismantle the separation that has long divided AML, fraud risk and prudential risk teams, compelling all accountable institutions to merge these functions into one co-dependent workflow and to feed a coordinated data-sharing ecosystem that underpins real-time financial crime prevention.
The Twin Peaks model, established in 2018, splits regulatory responsibility between two authorities. The Prudential Authority safeguards the stability of the financial system, while the Financial Sector Conduct Authority (FSCA) oversees market conduct, including the fair treatment of customers.
The COFI Bill, being phased in by the National Treasury with alignment largely falling to the FSCA, unites existing legislation into one consistent statute, bringing substantial amendments to the Banks Act 1990, the Financial Markets Act 2012 and other laws.
The structural difficulty is that COFI presumes firms have already digitalised AML processes and adopted comprehensive frameworks. In reality, AML, fraud and conduct risk teams still operate apart, reporting is handled independently, and cross-functional threats are often managed multiple times under different rules and in different systems. Where intelligence and compliance operations are fragmented, the capacity to meet COFI’s demands simply does not exist.
The Bill applies to all accountable institutions under the FSR Act, from major banks and insurers to asset managers, payment service providers and credit rating companies. A “principle of proportionality” means smaller firms will not shoulder identical obligations to larger players, but proportionality is not exemption.
Directors face stricter governance requirements, licensing changes and an expectation to evidence their oversight. Periodic monthly or annual reporting will no longer suffice; real-time monitoring capable of flagging suspicious activity as it happens is required, backed by audit trails that show the Financial Intelligence Centre (FIC) exactly where decisions on high-risk alerts were taken.
At the FSCA 2026 conference, firms were urged to look beyond internal data and make financial crime intelligence, excluding sensitive personal customer data, shareable with regulators, related sectors and law enforcement. If criminal networks collaborate, the logic runs, so must their opponents. AI-based monitoring must be embedded throughout defences, giving real-time visibility into emerging risks that, once shared across the ecosystem, multiply every institution’s ability to neutralise similar threats.
RegTech providers are already helping firms turn quality AML into operational reality through cost-effective, integratable AI-driven solutions. A COFI-ready institution will typically need board-level dashboards for conduct governance, integration with existing KYC and AML workflows, explainable AI models that document their decision-making, a single source of truth for auditing financial data and automated suspicious activity reporting to the FIC, and scalable cloud infrastructure that adapts as requirements evolve.
The vision of collaborative, system-wide financial crime prevention is ambitious but achievable. With a clear regulatory direction and practical RegTech partnerships, the compliance gaps organised criminals depend on can begin to close. South Africa has the framework. Now it needs the collective will to use it.
RelyComply’s post can be read in full here.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst





