Now in development · IFWG Regulatory Sandbox applicant

Enterprise compliance,
built for South Africa's
mid-tier FSPs.

South African financial service providers face the same FICA, FAIS, and POPIA obligations as large institutions — without the compliance infrastructure. Fintegris is being built to change that.

Register Interest → See the Platform

Built on

AWS af-south-1 (Cape Town) All data sovereign in South Africa POPIA-aligned by design IFWG Sandbox applicant · May 2026
IFWG Sandbox Applicant
Platform Overview
Six Compliance Modules
AI-Native
Module 01
RMCP Management
AI-generated, GN 7A–aligned, board-approved
Module 02
Regulatory Reporting
RCR auto-population & FSCA ePortal submission
Module 03
CDD & Onboarding
KYC, beneficial ownership, CIPC integration
Module 04
Screening & Monitoring
Real-time sanctions, PEP, transaction monitoring
Module 05
Compliance Operations
Calendar, tasks, incidents, audit trail. Representative registry, debarment workflow, CPD & fit-and-proper, TCF monitoring, FAIS s.8 suitability & commission disclosure
Module 06
Regulatory Intelligence
FSCA/FIC update monitoring & impact analysis
6
Integrated modules
3
AI applications
100%
SA data residency
5–200
FSP employee range
The enforcement reality

The FSCA is not waiting.

Regulatory actions against licensed FSPs hit record levels in 2024/25. FAIS and AML contraventions account for the majority of penalties by both number and value.

Source: FSCA Regulatory Actions Report, 30 June 2025

767
New enforcement cases opened in 2024/25
R119M+
Administrative penalties imposed in 2024/25
382
Licences withdrawn during the period
The problem

Smaller FSPs carry the same obligations as large institutions — with a fraction of the resources.

Category I and II advisory firms, boutique asset managers, specialist forex intermediaries, and newly licensed CASPs face the full weight of FICA, FAIS, and POPIA. Enterprise GRC platforms are out of reach. Spreadsheets and consultants are not enough.

⚖️
RMCP failures are the most common enforcement trigger
GN 7A (February 2025) requires a firm-specific, risk-based, board-approved compliance programme. Generic templates copied from the internet do not satisfy this requirement — and regulators know the difference.
Penalty range seen: R200 000 – R3 000 000 for RMCP failures
📋
RCR non-submission is the #1 cause of licence withdrawal
The Risk and Compliance Return to the FSCA is a hard annual deadline. Missing it is the single most common reason a licensed FSP loses its authorisation — often due to administrative failure, not intent.
Over 90% of licence withdrawals involve RCR non-submission
🔍
CDD and beneficial ownership gaps remain a top finding
The 2021 FATF Mutual Evaluation Report identified FSP-sector CDD quality and beneficial ownership verification as priority weaknesses. The FSCA and FIC have continued enforcement action in these areas at elevated levels post-grey-listing.
Identified in all top enforcement cases in the 2024/25 report
The platform

Six modules. One platform. Every major FSP compliance obligation covered.

Fintegris is designed as a cloud-native SaaS platform for South African FSPs with 5–200 employees. It replaces manual, error-prone compliance processes with automated, auditable workflows calibrated to the South African regulatory framework.

AI-Assisted
Module 01
RMCP Management
AI generates a firm-specific, GN 7A–aligned Risk Management and Compliance Programme based on the FSP's licence category, product mix, and client profile. Board approval workflow built in. Auto-updates when FSCA guidance changes.
Prevents: Generic RMCP findings — the most frequent enforcement trigger in FSCA AML cases
Module 02
Regulatory Reporting
Risk and Compliance Return (RCR) auto-populated from platform compliance data and submitted to the FSCA ePortal before the deadline. Full filing history, acknowledgement tracking, and regulatory forms library maintained.
Prevents: RCR non-submission — the #1 cause of FSP licence withdrawal
AI-Assisted
Module 03
CDD & Onboarding
Automated customer due diligence: identity verification via VerifyNow (Home Affairs), beneficial ownership mapping via CIPC, AI-driven risk-based client classification with SHAP/LIME explainability. Enhanced due diligence workflows for high-risk clients.
Prevents: CDD and beneficial ownership gaps — identified in all top enforcement cases
AI-Assisted
Module 04
Screening & Monitoring
Real-time sanctions and PEP screening via ComplyAdvantage (UN, OFAC, EU, SARB, domestic lists). Transaction monitoring with AI-assisted STR/CTR pre-population for MLRO review and GoAML submission. Crypto Travel Rule support for CASPs.
Prevents: TFS screening failures and STR quality deficiencies highlighted by the FATF MER
Module 05
Compliance Operations
Compliance calendar with automated deadline reminders. Incident and breach management. Document management with version control. Training and CPD tracking for key individuals. Immutable audit trail for every compliance event.
Prevents: Procedural gaps and documentation failures common in smaller FSP enforcement cases
Module 06
Regulatory Intelligence
Continuous monitoring of FSCA and FIC regulatory updates. AI-assisted impact analysis: when new guidance is published, the platform identifies which RMCP sections, policies, and controls are affected. Compliance officers notified before obligations change.
Prevents: Regulatory change blindness — a documented contributor to enforcement cases involving new obligations
Why Fintegris

Purpose-built for South Africa. Not adapted from somewhere else.

Several international and domestic compliance platforms serve South African FSPs. Fintegris is designed from first principles for this regulatory environment.

🇿🇦
South African regulatory framework, not an import
Every workflow, every module, every regulatory reference is built against FICA, FAIS, POPIA, GN 7A, and Joint Standard 2 of 2024. Not a generic GRC platform configured for South Africa — purpose-built for it.
🔒
All data processed in South Africa
Hosted exclusively on AWS af-south-1 (Cape Town). No personal information leaves South African borders. POPIA s.72 cross-border transfer restrictions are satisfied by architectural design, not contractual workaround.
🤝
Human-in-the-loop, always
No AI output proceeds to a regulatory submission or compliance application without explicit officer authorisation. Human review gates are non-bypassable architectural constraints — not optional settings. The FSP's non-delegable obligations under FICA and FAIS are protected by design.
📊
Explainable AI — not a black box
Every AI-generated risk classification is accompanied by SHAP/LIME explainability outputs, allowing compliance officers to understand and challenge the model's reasoning. Fairness testing conducted per Aequitas/Fairlearn standards. SARB/PA FSB five-category AI governance framework addressed in full.
💰
Enterprise-grade compliance at mid-market pricing
Fintegris makes the same quality of compliance infrastructure available to a twenty-person advisory firm that large institutions access through dedicated compliance departments. Subscription pricing designed for the realities of the South African FSP long tail.
🔗
Native integrations to South African systems
Direct integration with FSCA ePortal for regulatory filings, CIPC for beneficial ownership verification, Home Affairs via VerifyNow for identity verification, and FIC GoAML for STR/CTR submission. No manual data re-entry between systems.
Regulatory engagement

Seeking regulatory clarity before writing production code.

Fintegris has applied for admission to the IFWG Regulatory Sandbox (May 2026). We are seeking guidance determinations from the FSCA, FIC, and SARB/PA on three specific regulatory questions before the platform's AI-assisted modules proceed to commercial deployment. This sequencing is deliberate: it eliminates the risk of building something that requires costly rearchitecting after a regulatory determination, and gives regulators the opportunity to shape responsible AI adoption in FSP compliance — not ratify it retrospectively.

FSCA · FICA s.42 / GN 7A
Does a board-approved, AI-assisted RMCP satisfy GN 7A's requirement for a firm-specific, risk-based compliance programme?
FIC · FICA s.29
Does AI-assisted STR/CTR pre-population, subject to mandatory MLRO review before submission, satisfy FICA s.29 reporting obligations?
SARB / Prudential Authority · FICA s.21
What minimum AI governance standards apply when an FSP relies on an AI risk classification model with SHAP/LIME explainability for CDD under FICA s.21?
Development timeline
May 2026
IFWG Sandbox application submitted
Conceptual architecture, governance documentation, AI Fact Sheet, Shared Responsibility Matrix, and POPIA PIA complete.
Months 1–3 (Phase 0)
Platform development commences
Core platform built concurrent with Sandbox assessment. Non-AI modules available to pilot FSPs on development completion.
🔬
Months 4–6 (Sandbox active)
Sandbox testing with 2–4 pilot FSPs
AI applications tested under IFWG supervision. Regulatory determinations from FSCA, FIC, and SARB/PA sought.
🚀
Month 7+ (Phase 2)
Full commercial launch
All six modules commercially live. AWS Marketplace listing. Broader FSP market rollout via FSCA-registered distribution and AWS ACE co-sell.
Technology

Cloud-native. AI-governed. Secure by design.

Built on AWS Cloud infrastructure in Cape Town with a layered AI strategy designed to meet SARB/PA governance expectations.

☁️
AWS af-south-1
All infrastructure hosted in the AWS Cape Town region. VPC private subnets, KMS encryption at rest (AES-256), TLS 1.3 in transit, Cognito MFA, WAF, and CloudTrail logging. Immutable audit trail via S3 Object Lock (WORM compliance).
ECS Fargate RDS PostgreSQL S3 Object Lock CloudWatch AWS KMS
🤖
AI Architecture
Three AI components with defined governance zones. Claude API (Anthropic) for RMCP generation and regulatory intelligence — no PII transmitted. Self-hosted Llama 3.1 8B within AWS VPC for sensitive text. XGBoost risk classification model with SHAP/LIME explainability.
Claude API Llama 3.1 8B XGBoost SHAP / LIME Aequitas
🔗
Integrations
Native connections to the South African regulatory and identity infrastructure ecosystem. All integrations operate within POPIA data minimisation requirements, with role-based access control and field-level encryption for PII.
FSCA ePortal FIC GoAML CIPC VerifyNow ComplyAdvantage
Get involved

Be among the first FSPs to access Fintegris.

We are currently identifying pilot FSPs to participate in the IFWG Sandbox testing period. If your firm is a licensed FSP looking to modernise its compliance infrastructure, we want to hear from you.

Or contact us directly: info@fintegris.tech · A product of Didusec (Pty) Ltd, AWS APN Partner