The Real AML Challenge for DNFBPs in South Africa

Why compliance still feels harder than it should and what’s actually driving it

For most Designated Non-Financial Businesses and Professions (DNFBPs), anti-money laundering compliance does not fail because firms are unwilling to comply. It fails because the system they are expected to operate in was not built with them in mind.

In South Africa, this tension has become more visible. Regulatory pressure has increased following FATF greylisting. Supervisory bodies are more active. Expectations are clearer, and enforcement is tightening.

Yet for many DNFBPs, the day-to-day reality of compliance still feels fragmented, manual, and uncertain.

This raises a more useful question than “are firms compliant?”

Instead: why does AML compliance remain so difficult for DNFBPs, even when the rules are understood?

DNFBPs Are Not Built Like Financial Institutions

Banks are designed around financial risk.

DNFBPs are not.

Attorneys, accountants, estate agents, and trust and company service providers exist to deliver professional services, close transactions, and serve clients efficiently. AML obligations sit on top of that core function rather than being embedded into it.

That structural mismatch is the root of many compliance pain points.

You are expected to:

  • Identify beneficial ownership in complex structures
  • Assess financial crime risk
  • Monitor transactions
  • Report suspicious activity

But without the infrastructure, systems, or scale that banks rely on.

The result is predictable. Compliance becomes something reactive rather than operational.

The Resource Constraint Problem

Most DNFBPs in South Africa operate as small to mid-sized firms. Even larger practices rarely have the depth of compliance infrastructure seen in financial institutions.

This creates a practical constraint:

  • No dedicated AML teams
  • Limited budgets for RegTech
  • Heavy reliance on manual processes

In practice, this often looks like:

  • Client due diligence performed through fragmented sources
  • Risk assessments documented but not actively used
  • Excel-based tracking of compliance activities

The issue is not a lack of intent. It is that compliance is being executed with tools that do not scale.

As regulatory expectations increase, this gap becomes harder to manage.

The Complexity of Knowing Your Client

Customer Due Diligence (CDD) is one of the most consistently underestimated challenges.

In theory, the requirement is straightforward: know who you are dealing with.

In practice, DNFBPs are often dealing with:

  • Layered corporate structures
  • Trusts with unclear control mechanisms
  • Cross-border entities
  • Politically exposed persons (PEPs)

Determining beneficial ownership is not always a linear process. Verifying source of funds or wealth can be even more difficult, particularly where documentation is limited or spans multiple jurisdictions.

Criminal networks understand this complexity. DNFBPs are often used deliberately to:

  • Create legal structures
  • Facilitate property transactions
  • Add legitimacy to financial flows

This places DNFBPs directly in the path of financial crime risk, whether they intend to be or not.

Risk Assessments That Don’t Translate Into Action

Many firms have a Business Risk Assessment (BRA) in place.

Fewer use it meaningfully.

A common issue identified by regulators is that risk assessments are:

  • Generic
  • Static
  • Not understood by staff
  • Not integrated into client onboarding or monitoring

This creates a disconnect between policy and practice.

If a firm identifies high-risk clients but does not adjust its due diligence processes accordingly, the assessment has little practical value.

The challenge is not producing a document. It is operationalising risk in a way that influences real decisions.

The Reporting Gap

Suspicious Activity Reports (SARs) from DNFBPs remain consistently low, not just in South Africa but globally.

This is not necessarily because suspicious activity is absent.

It is more often due to uncertainty:

  • What exactly constitutes suspicion?
  • At what point does a concern become reportable?
  • Will reporting damage the client relationship?
  • Is there a risk of tipping off?

For professions built on trust and confidentiality, this creates hesitation.

The result is under-reporting, which weakens the broader financial crime detection system and increases regulatory scrutiny on the sector.

Professional Obligations vs Compliance Obligations

Certain DNFBPs operate under additional layers of complexity.

Legal professionals, for example, must navigate:

  • Attorney-client privilege
  • Confidentiality obligations

Accountants may face:

  • Tension between advisory roles and scrutiny of financial flows

Estate agents often operate in:

  • High-pressure transactional environments where speed matters

These competing priorities are not easily reconciled.

AML frameworks assume a level of investigative detachment that is not always compatible with client-facing professional roles.

A Fragmented Regulatory Landscape

Unlike banks, DNFBPs are not supervised by a single authority.

Depending on the sector, oversight may come from:

  • Professional bodies
  • Industry regulators
  • The Financial Intelligence Centre (FIC)

This creates inconsistency in:

  • Enforcement approaches
  • Interpretation of obligations
  • Levels of supervision

For firms operating across multiple service lines, this can result in overlapping or unclear expectations.

From a compliance perspective, clarity is often as valuable as capability, and fragmentation undermines both.

High-Risk Transaction Environments

Certain DNFBP sectors are inherently exposed to financial crime risk because of the nature of the transactions they handle.

In South Africa, this is particularly relevant in:

  • Real estate
  • Legal structuring of entities
  • High-value goods and assets

These transactions often involve:

  • Large sums
  • Complex ownership arrangements
  • Limited transparency

This makes DNFBPs attractive entry points for money laundering, particularly at the placement and integration stages.

Technology Is Still Underutilised

While banks have invested heavily in AML technology, adoption among DNFBPs remains uneven.

Barriers include:

  • Cost
  • Implementation complexity
  • Lack of internal expertise

As a result, many firms still rely on:

  • Manual screening
  • Basic verification tools
  • Disconnected systems

This increases the likelihood of:

  • Missed red flags
  • Inconsistent processes
  • Audit and regulatory findings

Technology alone is not a solution, but the absence of it makes compliance significantly harder to sustain.

Training Gaps and Frontline Awareness

AML frameworks are only as effective as the people applying them.

In many DNFBPs:

  • Training is infrequent
  • Staff turnover disrupts knowledge continuity
  • AML is seen as a compliance function rather than a shared responsibility

This leads to situations where:

  • Red flags are missed
  • Procedures are not followed consistently
  • Policies exist but are not understood

Awareness at the frontline level is critical, particularly because many DNFBPs rely on human judgement rather than automated monitoring.

The Cultural Factor

One of the less visible but more persistent challenges is cultural.

Many DNFBPs do not naturally see themselves as part of the financial crime prevention ecosystem.

They see themselves as:

  • Legal advisors
  • Property professionals
  • Accountants

Not as gatekeepers of the financial system.

Until that perception shifts, compliance will continue to feel like an external burden rather than an integrated function.

Where This Leaves South African DNFBPs

The current environment is unlikely to become less demanding.

If anything, pressure will increase due to:

  • FATF scrutiny
  • Regulatory reform
  • Greater enforcement activity

For DNFBPs, the question is no longer whether AML compliance is required. That is settled.

The more relevant question is:

How do you build a compliance approach that actually works within the realities of your business?

This likely involves:

  • Moving away from purely manual processes
  • Embedding risk into operational decisions
  • Improving staff awareness and accountability
  • Adopting tools that reduce, rather than add to, complexity

A Final Observation

The DNFBP sector is often described as a weak point in the global AML framework.

That framing is incomplete.

The issue is not weakness. It is misalignment.

DNFBPs are expected to perform a role designed for financial institutions, without being structured like them.

Until that gap is addressed, compliance will continue to feel disproportionate to the resources available.

For firms operating in South Africa, acknowledging that reality is the first step toward building something more practical and sustainable.