What is FICA compliance and how can InTouch help?

FICA (Financial Intelligence Centre Act) requires South African businesses to verify customer identities and screen for money laundering risks. InTouch automates the entire FICA compliance process — including identity verification, proof of address, AML/PEP screening, and customer due diligence — in seconds rather than days.

Can I verify multiple customers at once for FICA compliance?

Yes. InTouch supports bulk automations — upload a spreadsheet with thousands of records and run KYC, AML screening, identity verification, or address validation across your entire client book automatically. Every record is processed against live, trusted data sources with per-record status tracking.

What types of verification does InTouch support?

InTouch offers 15+ verification types including: South African ID verification, AML/PEP screening, sanctions and watchlist checks, adverse media screening, proof of address verification, proof of bank account verification, KYB (Know Your Business), CIPC company verification, biometric verification, and contact enrichment.

Is InTouch compliant with POPIA?

Yes. InTouch includes a built-in Consent Service that lets you collect, record, and store customer consent digitally with a tamper-proof audit trail — ensuring compliance with POPIA (Protection of Personal Information Act) requirements before running any verification checks.

How does the risk rating system work?

InTouch provides customisable risk rating assessments across weighted categories including customer type, AML/PEP screening results, interaction method, customer activities, source of wealth, and geographic location. Each assessment produces a scored risk band (Low to Ultra High) with a full auditable decision trail.

← Go back home

Sample Document · For Illustration Purposes

Audit Trail
Sample Report

A redacted example of the verification audit trail and compliance record automatically generated by InTouch for every client onboarded through the platform. This is what your compliance officer and regulators see on demand.

Report Type

Full KYC + AML + Company KYC

Generated

2026-05-14 09:41:22

Sample Records

3 Records Included

About This Document

What You Are Looking At

Every time InTouch runs a verification — whether a single KYC check or a bulk AML screen — the platform automatically generates a structured, tamper-proof audit record. This sample shows exactly what that record looks like, using redacted fictional data.

This document exists because compliance officers, auditors, and regulators frequently ask: "When a verification is challenged, what evidence can you produce?" The answer is this report — generated in seconds, exportable as PDF, and stored for 5 years in alignment with FICA Sections 22–23.

Generated Automatically

No manual effort required. Every verification automatically produces this record — nothing extra to configure or remember.

Tamper-Proof

Each record is cryptographically hashed at creation. Any modification is immediately detectable, ensuring evidentiary integrity.

Exportable as PDF

Export any individual record or batch of records as a PDF at any time. Available for regulators, auditors, or internal review.

5-Year Retention

All records are retained for a minimum of 5 years from the end of the business relationship, satisfying FICA's mandatory retention requirement.

Sample Record 01

Individual KYC + Identity Verification Record

This is a representative audit trail record for a natural person onboarded through the InTouch platform. All names, ID numbers, and personal details are fictional and used for illustration only.

Verification Record — Natural Person

TXN-2026-0514-KYC-004821 · Initiated by: Compliance Portal · Operator: [Redacted Institution]

VERIFIED — LOW RISK

Initiated

2026-05-14 09:38:10

Completed

2026-05-14 09:38:13

Duration

2.84 seconds

Initiated By

sarah.jones@[redacted]

Step 1 — Consent (POPIA + FICA)

Consent Requested2026-05-14 09:31:04 UTC+2✓ Logged

Consent Granted2026-05-14 09:37:52 UTC+2✓ Valid

Consent ChannelSMS → Secure branded pageRecorded

Consent IDCST-884712-2026

Privacy Notice Versionv2.1 (2026-01-01) — Presented at consent✓ Valid

Step 2 — Identity Information Collected (FICA Regs 3–6)

Full NameTHABO ████████ DLAMINI✓ Collected

ID Number85████████08█✓ Collected

Date of Birth████-██-15✓ Collected

Document TypeSA Smart ID Card✓ Accepted

Residential Address██ ████████ Street, Sandton, 2196✓ Collected

eKYC KYC StatusConfirmed: SLA Compliant — Person matched, Address matched✓ CONFIRMED

Credit Bureau IDVID Exists: Yes · CDV Passed: Yes · DHA Score: 100 · Source: DHA Original✓ VERIFIED

eKYC Name ScoreOverall: 100 · Surname: 100 · Names: 100 · Source: DHA (2025-05-19)✓ 100 / 100

GenderMale — Confirmed via ID Number and DHA recordRecorded

Step 3 — Government Database Verification (DHA/HANIS + NPR)

DHA Lookup StatusMatch confirmed — Live real-time response✓ MATCH

DHA ErrorNo errors✓ PASS

Name MatchExact match to DHA record✓ PASS

DOB MatchConfirmed match✓ PASS

Smart Card IssuedYes — Smart ID Card confirmed issued✓ CONFIRMED

ID Sequence Number2Recorded

Dead IndicatorAlive✓ ALIVE

ID Number BlockedNo✓ CLEAR

On HANISYes — Record present on Home Affairs National Identification System✓ YES

On NPRYes — Record present on National Population Register✓ YES

Birth Place CountrySouth AfricaRecorded

Document AuthenticityAI OCR + NFC chip verified — No tampering detected✓ AUTHENTIC

Response Time1.12 secondsLogged

Step 4 — Biometric Liveness & Facial Match

Liveness CheckLive person confirmed — 3D depth map analysis✓ PASS

Facial Match Score97.4% match to ID document photo✓ HIGH CONF.

Spoof Attempt DetectedNone detected✓ Clear

Synthetic ID IndicatorsNone detected✓ Clear

Step 5 — Best Address Verification (Credit Bureau + CIPC)

Top Address Score100 / 100 — Street address · Johannesburg, Gauteng · Source: NEDBANK LTD via SACRRA✓ CONFIRMED

Address TypeStreet address (not PO Box)✓ STREET

Meets FIC RulesYes — Top address compliant with Financial Intelligence Centre requirements✓ FIC COMPLIANT

Meets SARB RulesYes✓ SARB COMPLIANT

Meets SARS RulesYes✓ SARS COMPLIANT

Bureau SourceSACRRA (primary) · CIPC (secondary, score 90)2 Sources

Record First Seen2015-01-27 · Latest update: 2025-05-14Logged

eKYC Address Score89 (SACRRA/NB0102, 2024-07-08) · 86 (CIPC, 2025-05-12)✓ MATCHED

Step 5b — Contact-ability Verification (Phone Numbers)

Home NumberScore 80 · Landline · Telkom · Gauteng/Mpumalanga/Limpopo region · Diallable: Yes · Valid: Yes✓ VALID

Work NumberScore 80 · Landline · Telkom · Gauteng/Mpumalanga/Limpopo region · Diallable: Yes · Valid: Yes✓ VALID

Cell NumberScore 80 · Vodacom · National/Cell · Diallable: Yes · Valid: Yes✓ VALID

Latest Contact StatusAll numbers: Possible — most recent verification 2025-05-14Logged

Step 5c — Eagle Eye Pre-Assessment Credit Check

ID Number ValidYes✓ VALID

Is DeceasedNo✓ ALIVE

Is DirectorYes — Subject holds at least one directorshipNoted

Owns PropertyNoRecorded

Has Credit AccountsYes✓ YES

Has Adverse AccountNo✓ CLEAR

Under Debt ReviewNo✓ CLEAR

Has JudgementsNo✓ CLEAR

Has DefaultsNo✓ CLEAR

Is IndigentNo✓ CLEAR

Has Trace LocatorNo✓ CLEAR

Step 6 — Full AML Screening (Sanctions/PEP/Crimelists/Watchlists/Adverse Media)

UN Sanctions ListNo matches found✓ CLEAR

OFAC / EU / HMTNo matches found✓ CLEAR

PEP / DPEP / FPEPNo matches found✓ CLEAR

Prominent Influential Person (PIP)No matches found✓ CLEAR

Adverse MediaNo relevant negative coverage detected✓ CLEAR

Watchlist / CrimelistNo matches found✓ CLEAR

Screening Databases Count1,400+ lists screened globallyLogged

Step 7 — Bank Account Verification (AVS)

Account Number████████████

BankNedbank

Account TypeCurrent Account✓ VALID

Account StatusOpen✓ ACTIVE

ID Number ValidYes — ID matches bank record✓ PASS

Account Holder NameName Valid: Yes✓ MATCH

Initials ValidNo — Minor discrepancy flagged; name match confirmed, initials format mismatch⚠ REVIEW

Accepts CreditsYes✓ YES

Accepts DebitsYes✓ YES

Account Open ≥3 MonthsYes — Account established and stable✓ PASS

Has ConsentTrue — Data subject consent confirmed prior to AVS query✓ CONSENTED

Step 8 — Risk Rating Assessment

Customer Type

1 / 5

AML / PEP Screening

0 / 10

Interaction Method

3 / 10

Customer Activities

1 / 10

Source of Wealth

1 / 10

TOTAL RISK SCORE

6 / 45

Risk BandLOW RISK

Due Diligence LevelStandard CDD appliedCDD

Next Review Date2027-05-14Scheduled

Event Timeline — Full Audit Log

09:31:04 — Consent Request Sent

SMS dispatched to data subject · Consent ID: CST-884712-2026

09:37:52 — Consent Granted

Data subject approved via secure branded page · Privacy Notice v2.1 acknowledged

09:38:10 — Verification Initiated

Operator: sarah.jones@[redacted] · Session ID: SES-20260514-0041

09:38:11 — Document Captured & Authenticated

AI OCR extraction complete · Authenticity checks passed · No tampering detected

09:38:11 — DHA/HANIS Lookup Completed

Response: 1.12s · Exact match confirmed · DHA-RESP-884712

09:38:12 — Biometric Liveness Confirmed

Facial match: 97.4% · No spoof detected · Live person confirmed

09:38:12 — AML / PEP Screening Complete

1,400+ lists screened · 0 hits · All clear

09:38:13 — Bank Account Verified

Account active · Name match confirmed · Account type: Cheque

09:38:13 — Risk Rating Applied: LOW (6/45)

Standard CDD · Next review: 2027-05-14 · Onboarding approved

09:41:22 — PDF Report Generated & Stored

Audit record sealed · Hash generated · 5-year retention clock started

Record Integrity Hash (SHA-256) — Generated at seal time

a7f4d2c9e1b83045f6a291cd78e3b0f4a92d7c81e5b3047a6f1293de78c40b9
Sealed: 2026-05-14T09:41:22.841Z · Verified: ✓ Integrity intact

Sample Record 02

AML Screen — TER/SIP Hit Detected (EDD + Immediate Escalation)

This record illustrates how InTouch handles a screening result where a Terrorist/Sanctioned Individual match is detected at 100% confidence — showing the full chain of evidence, multi-jurisdictional sanctions data, linked individuals, and the mandatory escalation pathway documented in the audit trail.

Combined AML Screening Record — TER/SIP Match Detected

TXN-2026-0509-AML-002147 · Initiated by: Bulk Automation Run · Operator: [Redacted Institution] · Enquiry Reason: Fraud Detection and Prevention

TER/SIP HIT — IMMEDIATE ESCALATION

Initiated

2026-05-09 14:22:01

Completed

2026-05-09 14:22:04

Duration

2.91 seconds

Batch ID

BULK-20260509-0012

AML Match Summary

Primary Name Screened[REDACTED] [REDACTED] — Input name and surname

Match CategoryTER/SIP — Terrorist / Sanctioned Individual or Person✗ TER/SIP

Match Rate100 — Exact name match confirmed100% MATCH

GenderMaleRecorded

DeceasedNo — Subject confirmed alive at last review⚠ ACTIVE

Last Reviewed09 Sep 2025Recorded

Active Official Sanctions Lists

United NationsUN Security Council (UNSC) — Active✗ ACTIVE

United States (OFAC)OFAC - Central African Republic + Counter Terrorism Sanctions — Asset Freeze — Active✗ ACTIVE

European UnionEU Council — Central African Republic Restrictive Measures — Asset Freeze — Active✗ ACTIVE

United Kingdom (HMT/OFSI)Her Majesty's Treasury / Office of Financial Sanction Implementation — Active✗ ACTIVE

Australia (DFAT)DFAT Consolidated List — Asset Freeze — Active✗ ACTIVE

FranceMinistry of Economy and Finance (DG Treasury) — Asset Freeze — Active✗ ACTIVE

Switzerland (SECO)State Secretariat for Economic Affairs — Asset Freeze + Travel Ban — Active✗ ACTIVE

JapanMinistry of Finance Economic Sanctions — Asset Freeze — Active✗ ACTIVE

MonacoMinister of State — National Asset Freezing List — Asset Freeze — Active✗ ACTIVE

Total Sanctions MeasuresAsset Freeze (all jurisdictions) + Travel Ban (Switzerland) · 9 jurisdictionsMULTI-JURISDICTION

Linked Individuals & Organisations (Extracted from AML Record)

Linked OrganisationLords Resistance Army (LRA) — Category: SIE (Sanctioned Illegal Entity) — Role: Leader✗ SIE

Known Associates (SIP)Multiple linked individuals confirmed on SIP lists — Accomplices, family members, and co-conspirators on record✗ SIP NETWORK

Associated LocationsUganda, Central African Republic, Democratic Republic of Congo, South Sudan, Sudan — Multiple business addressesLogged

Adverse Media & Source Coverage

Adverse Media SourcesReputational Risk Exposure articles captured from 2005 to 2025 — BBC, Al Jazeera, Reuters, UN Press, Sudan Tribune, Monitor UG, Independent UG✗ EXTENSIVE

Regulatory EnforcementINTERPOL Notice · ICC Situation and Cases — Uganda✗ ACTIVE

Sanctions Sources (Recent)OFAC action 2025-03-28 · Monaco list 2025-04-26 · France DG Treasury 2022-11-08✗ CURRENT

System Action Triggered

ActionOnboarding immediately blocked — EDD + STR workflow initiated✗ BLOCKED

Escalated ToCompliance Officer (MLRO) — [redacted]@[redacted institution] · FIC notification triggeredNotified

Risk BandCRITICAL — Terrorist/Sanctioned Individual, multi-jurisdictional asset freeze and travel banCRITICAL RISK

Decision DeadlineImmediate — No discretionary review window; regulatory reporting obligation appliesIMMEDIATE

Record Integrity Hash (SHA-256)

c3e8a1f5d9b204671a38cde50f97b2e4c61d8a0f3b29e574d1087fa6c3e9b21a
Sealed: 2026-05-09T14:22:04.112Z · Verified: ✓ Integrity intact

✗ What This Demonstrates — TER/SIP Escalation

When a Terrorist or Sanctioned Individual match is detected at 100% confidence, InTouch immediately flags for review during onboarding, creates a full multi-jurisdictional sanctions record, logs all linked individuals and organisations, captures adverse media sources, and triggers the STR/FIC notification workflow. The complete audit trail — including every sanction list active at the time of screening — is permanently sealed and available for regulatory inspection. This is the highest-severity AML outcome and is handled with zero discretion: the system acts, logs, and escalates without operator intervention.

Sample Record 03

Company KYC — CIPC Entity Verification + Director Confirmation

This record illustrates how InTouch verifies a juristic person (company) using CIPC data, confirming enterprise status, registration details, and matching the supplied director list against the official CIPC record.

Company KYC Record — Private Company

TXN-2026-0520-CKYC-000934 · Initiated by: Compliance Portal · Operator: [Redacted Institution]

CONFIRMED CORRECT

Initiated

2026-05-20 12:14:49

Completed

2026-05-20 12:14:51

Duration

1.97 seconds

Enquiry Reason

Test / KYC Onboarding

Step 1 — Company Identity & CIPC Registration

Enterprise Name[REDACTED COMPANY NAME]✓ Collected

Registration Number████/██████/██✓ Collected

Company TypePrivate CompanyRecorded

Enterprise StatusIn Business✓ ACTIVE

CIPC Last Updated2024-12-30Logged

Name MatchedMatched — Input name confirmed against CIPC register✓ MATCHED

Step 2 — KYC Result

Enterprise NumberConfirmed against CIPC register✓ CONFIRMED

Enterprise StatusIn Business — Status verified at enquiry time✓ IN BUSINESS

Final KYC ResultConfirmed Correct✓ CONFIRMED

Record Date2024-12-30Logged

Step 3 — Director Verification (Supplied vs CIPC)

Director 1████████ ████████ — Active: Yes · Supplied: Yes · Status: Confirmed✓ MATCHED

Director 2████████ ████████ — Active: Yes · Supplied: Yes · Status: Confirmed✓ MATCHED

Director 3████████ ████████ — Active: Yes · Supplied: Yes · Status: Confirmed✓ MATCHED

Director 4████████ ████████ — Active: Yes · Supplied: Yes · Status: Confirmed✓ MATCHED

Total Directors Confirmed4 of 4 supplied directors confirmed active on CIPC register✓ ALL MATCHED

Record Integrity Hash (SHA-256)

f9b2e37d14a058c6d3ae71890fb4c2e5a38d1b7f064c92e8a5173db29f6c40d1
Sealed: 2026-05-20T12:14:51.750Z · Verified: ✓ Integrity intact

✓ What This Demonstrates — Company KYC

Juristic person verification through InTouch pulls live CIPC data to confirm registration status, match the supplied company name, and cross-reference every submitted director against the official CIPC register. The entire check — including the director match list — is logged and sealed in seconds, providing a fully evidenced company KYC record for FICA Section 21B compliance.

Guide

How to Use the Audit Trail in Practice

For compliance officers, auditors, and regulatory examiners — here is how the InTouch audit trail supports your obligations.

Regulatory Examinations

Export the full audit trail for any client, date range, or verification type. Present to FIC examiners as evidence of CDD procedures applied and results obtained.

Internal Audits

Filter by operator, verification type, risk band, or outcome. Identify patterns, gaps, or policy exceptions across your client book.

Dispute Resolution

If a verification outcome is challenged, the immutable, timestamped audit trail provides irrefutable evidence of exactly what was checked, when, and what result was returned.

Periodic KYC Refresh

The next-review date on every record enables your compliance team to proactively manage ongoing monitoring cycles without relying on manual reminders or spreadsheet tracking.

Access Your Audit Trail

Every record generated by InTouch is immediately available in your portal at portal.intouch.io under Automation Runs. Export individual PDF reports or full batch results at any time. Records are retained automatically for 5 years from the date of the business relationship's conclusion.

See your own audit trail live

Start a free 14-day trial and run your first verification in minutes. Every check immediately produces an audit-ready record like the ones shown above.

Contact Our Information Officer Start Free — 14-Day Trial →Book a Demo

No credit card required · Cancel anytime

Audit TrailSample Report

What You Are Looking At

Generated Automatically

Tamper-Proof

Exportable as PDF

5-Year Retention

Individual KYC + Identity Verification Record

Verification Record — Natural Person

Step 1 — Consent (POPIA + FICA)

Step 2 — Identity Information Collected (FICA Regs 3–6)

Step 3 — Government Database Verification (DHA/HANIS + NPR)

Step 4 — Biometric Liveness & Facial Match

Step 5 — Best Address Verification (Credit Bureau + CIPC)

Step 5b — Contact-ability Verification (Phone Numbers)

Step 5c — Eagle Eye Pre-Assessment Credit Check

Step 6 — Full AML Screening (Sanctions/PEP/Crimelists/Watchlists/Adverse Media)

Step 7 — Bank Account Verification (AVS)

Step 8 — Risk Rating Assessment

Event Timeline — Full Audit Log

AML Screen — TER/SIP Hit Detected (EDD + Immediate Escalation)

Combined AML Screening Record — TER/SIP Match Detected

AML Match Summary

Active Official Sanctions Lists

Linked Individuals & Organisations (Extracted from AML Record)

Adverse Media & Source Coverage

System Action Triggered

Company KYC — CIPC Entity Verification + Director Confirmation

Company KYC Record — Private Company

Step 1 — Company Identity & CIPC Registration

Step 2 — KYC Result

Step 3 — Director Verification (Supplied vs CIPC)

How to Use the Audit Trail in Practice

Regulatory Examinations

Internal Audits

Dispute Resolution

Periodic KYC Refresh

See your own audit trail live

Audit Trail
Sample Report