Companies & ownership

FICA for Companies: The Real Requirements

The Act asks for four things — not a lever-arch file. What the 'company FICA pack' must legally contain, and which familiar demands are policy rather than law.

Published Last reviewed 10 min read

Legal position stated as at 11 June 2026

Written by

Martin Kotze

Attorney, Conveyancer & Notary Public

About
Quick answer

For a company client the FIC Act requires four things: (1) verify the company itself — registered name, registration number and registered address, corroborated against an independent source, preferably CIPC records (s 21(1); GN 7A paras 98–100); (2) identify and verify the person acting for the company, plus authority to act — typically a resolution (s 21(1)(c)); (3) understand the business and its ownership and control structure (s 21B(1)); and (4) identify the beneficial owners — natural persons only — taking reasonable steps to verify them (s 21B(2)). Not on the list: IDs of all directors, proof of anyone’s address, or full FICA packs for corporate shareholders.

Contents

The four building blocks

For a client that is a company (or close corporation or other legal person), the Act requires four things:

  1. Verify the entity itself. Establish and verify the client’s identity — for a company, attributes such as its registered name, registration number and registered address, corroborated against an independent source, for which the FIC points to CIPC records as the preferred source. (FIC Act s 21(1); GN 7A paras 98–100)
  2. Identify and verify the person in front of you. Whoever acts on the company’s behalf must be identified and verified like any natural person, together with proof of authority to act — typically a board resolution or mandate. (FIC Act s 21(1)(c))
  3. Understand the business and its structure. Establish the nature of the client’s business and its ownership and control structure — an organogram, share register or similar. (FIC Act s 21B(1); PCC 59 para 2.5)
  4. Identify the beneficial owners — natural persons only. Establish who the beneficial owners are, and take reasonable steps to verify their identities, “so that the accountable institution is satisfied that it knows who the beneficial owner is”. (FIC Act s 21B(2))

Section 21A adds an information duty for business relationships: the nature and purpose of the relationship and the source of the funds — with no particular document prescribed.

The person in front of you

The one natural person whose full identification and verification is always required is whoever acts for the company — signs the mandate, opens the account, instructs the attorney — together with proof of authority (s 21(1)(c)). That person is often a director; but it is the acting, not the office, that triggers the duty. A director who neither acts for the company nor qualifies as a beneficial owner is simply not on the statutory radar.

Structure information vs full CDD on every layer

Section 21B(1) is an information duty: the institution must understand each layer of the ownership and control structure — but understanding a layer is not the same as doing full customer due diligence on it (PCC 59 para 2.5). What each layer must supply is who owns it and in what proportions: share registers, organograms, similar records. The humans at the top are then identified through the beneficial-ownership cascade.

What is NOT required for a company client

IDs of all directorsRMCP choice

Directors as such are not on the list. A director’s identity is required only if that director is the person acting for the client (s 21(1)(c)), is a beneficial owner, or comes in under the step-3 senior-management fallback. The pre-2017 regulation that required directors’ particulars was repealed.

Proof of address — of the company, its directors or its shareholdersRMCP choice

Nowhere required by the current Act or Regulations. The company’s registered and business addresses are listed in guidance merely as identity attributes an institution may use, per its RMCP. (GN 7A para 98)

Details of small shareholdersRMCP choice

A shareholder below the controlling-interest marker (FIC recommendation: 5%), who exercises no other control, is not a beneficial owner and need not be identified at all (PCC 59 Annexure A). Contrast partnerships, where every partner counts.

Full CDD on corporate shareholdersRMCP choice

No statutory duty to collect a corporate shareholder’s incorporation documents, directors’ IDs or its own “FICA pack” — you need its position in the structure and enough information to trace through it. (An RMCP may, for higher-risk structures, choose to gather more — lawful, but a policy choice.)

A prescribed company-documents listRMCP choice

The Act prescribes no CoR or CK forms. PCC 59 lists possible sources — share certificates, board-approved organograms, share registers, the memorandum of incorporation, auditor letters, registrar certificates — as examples, not a checklist. (PCC 59, documents note after para 2.5)

The badge on each card reflects the practical reality: institutions may still ask for these items as their own RMCP policy — lawfully — but the demand comes from the institution’s rulebook, not the statute.

CM1? CK1? CoR 14.3? The form-name translator

Many FICA checklists still demand “CM” forms — company forms that ceased to exist when the Companies Act 71 of 2008 took effect in May 2011 (close corporations kept their CK forms; no new CCs can be formed). If a checklist asks for a form your company has never had, this is what is actually meant:

Old name (pre-2011)Current equivalentWhat it shows
CM1 (certificate of incorporation)CoR 14.3 registration certificate / CIPC disclosure certificateThe company exists, its registration number and date
CM22 (registered office notice)CoR 21.1 (notice of registered office) or the CIPC disclosure certificateThe registered address
CM29 (contents of register of directors)CIPC disclosure certificate / CoR 39 director amendmentsWho the current directors are
Memorandum & Articles of AssociationMemorandum of Incorporation (MOI)The company’s constitution
CK1 / CK2 (close corporations)Still CK1/CK2 — CCs keep their forms; no new CCs since 2011Founding statement and amendments

In practice a current CIPC disclosure certificate (downloadable from CIPC e-services) covers most of what the legacy forms proved — and CIPC records are the FIC’s preferred verification source for the entity itself (GN 7A paras 98–100).

Worked example: a simple private company

Worked example

Client: Ubuntu Bakery (Pty) Ltd opens an account. Shareholders: Thabo (60%) and Anika (40%), who is also the director dealing with the bank.

Required: verify the company against CIPC records; identify and verify Anika as the person acting, plus her authority (resolution); establish the business (a bakery) and the ownership structure (the share register); both Thabo and Anika exceed 5%, so both are beneficial owners — establish their identities and take reasonable steps to verify (e.g. ID copies or an electronic check, cross-checked against the company’s CIPC beneficial-ownership filing).

Not required by law: anyone’s proof of address; Thabo’s presence in a branch; certified anything — unless the bank’s RMCP says so.

Why banks ask for more

Bank checklists routinely add annual financial statements, SARS letters, operating-address proof, certified IDs for every director and in-person verification. All of that is the institution’s RMCP at work: lawful, enforceable by that institution, and explicitly its choice under the risk-based approach (FIC Act s 42(2)(d); GN 7A para 84). If a requirement does not fit your structure, ask what alternatives the RMCP accepts — and remember the institution may not waive its own rules (s 21E; GN 7A para 135).

Frequently asked questions

  • Not as a matter of law. Directors as such are not on the statutory list. A director’s identity is required only if that director is the person acting for the company (s 21(1)(c)), is a beneficial owner, or comes in under the step-3 senior-management fallback. The pre-2017 regulation that required directors’ particulars was repealed. Proof of address for directors appears nowhere. A bank’s RMCP may still ask — lawfully — as policy.

  • No. A shareholder below the controlling-interest marker (FIC recommendation: 5%), who exercises no other control, is not a beneficial owner and need not be identified at all (PCC 59 Annexure A). Partnerships are different — every partner is a beneficial owner regardless of percentage.

  • No statutory duty requires a corporate shareholder’s incorporation documents, directors’ IDs or its own “FICA pack”. The institution needs its position in the structure and enough information to trace through it — a share register or organogram. An RMCP may, for higher-risk structures, choose to gather more; that is a policy choice.

  • For business relationships that is a statutory information duty: section 21A requires the institution to obtain information on the nature and purpose of the relationship and the source of the funds — though no particular document is prescribed for it.

  • That is RMCP policy, not statute. No provision requires face-to-face onboarding — fully remote, biometric verification is lawful (GN 7A paras 82–91). Banks that require in-person verification of signatories have chosen that method in their RMCPs.

Sources

Why you can trust this: Martin Kotze has been an admitted Attorney of the High Court of South Africa, registered Conveyancer, and Notary Public since 2014, practising from Pretoria. The firm is regulated by the Legal Practice Council under firm registration F17333.

This guide is general information, not legal advice for your specific matter.

Keep reading

Related guides

Need more than a guide?

Talk to an attorney about FICA compliance

We advise companies, trusts and accountable institutions on customer due diligence, beneficial ownership and RMCPs — and we run this regime in our own practice every day.

Book a consultationCorporate & commercial practice
Back to the FICA hub