From Ponzi Schemes To Draft PCC5E: Keeping Up With The KYC Compliance Requirements

The recent lawsuit against JP Morgan Chase has attracted attention not simply because of the value involved, but because it serves as a reminder that even major financial institutions can find themselves drawn into litigation where fraudulent activity is alleged to have passed through ordinary banking channels.

According to reports, investors have filed a proposed class action alleging that JP Morgan Chase processed transactions connected to an alleged USD328 million crypto-linked Ponzi scheme operated by Goliath Ventures. Separately, the US Department of Justice has announced criminal charges against Goliath’s CEO, Christopher Alexander Delgado, alleging that the scheme ran from January 2023 to January 2026. At this stage, however, these remain allegations and the claims against the bank will have to be tested through the legal process.

The more useful lesson is therefore not to treat the case as proof of institutional failure, but as a timely reminder of the pressure being placed on compliance frameworks as digital assets become more embedded in mainstream financial activity. Crypto does not remove the ordinary obligations of vigilance; if anything, it heightens them, particularly where funds can move quickly across platforms, wallets and jurisdictions in ways that make transactional patterns harder to interpret.

From a South African perspective, this is where the role of KYC becomes especially important for accountable institutions under the Financial Intelligence Centre Act (“FICA”). The Financial Intelligence Centre (“FIC”) makes clear that all accountable institutions must adopt a risk-based approach, conduct customer due diligence, establish beneficial ownership, monitor transactions, keep records, and maintain an effective risk management and compliance programme. These are not merely administrative requirements. They are the foundation upon which institutions are expected to identify suspicious or unusual activity before it develops into something more serious.

The legislation itself reinforces this point. Section 21 of FICA requires accountable institutions, when establishing a business relationship or concluding a single transaction, to identify and verify the client and, where relevant, the persons acting on behalf of the client or behind the client. Section 21C goes further by requiring ongoing due diligence, including transaction monitoring, source-of-funds scrutiny where necessary, and attention to unusual or complex transactions that have no apparent business or lawful purpose. In practical terms, proper KYC is not something completed once at onboarding and then forgotten. It must continue throughout the life of the relationship. 

That is why accountable institutions should resist the temptation to view KYC as a box-ticking exercise. In an environment where fraudulent schemes may present themselves as legitimate investment opportunities, polished commercial operations, or innovative crypto products, the real safeguard lies in understanding the client, understanding the source and movement of funds, and recognising when actual transactional behaviour no longer matches the client profile first presented. The importance of that discipline is only increasing as financial crime grows more sophisticated and more cross-border in nature. 

The broader message is a sober one. Trust in financial systems is not built by scale alone, nor by the prominence of the institutions involved. It is built by careful attention, sound governance and meaningful compliance. For accountable institutions, that means KYC remains one of the most important legal and operational tools available to detect risk early, protect the integrity of the institution, and support the wider fight against money laundering and fraud.

Adding to the practical significance of KYC for accountable institutions, the Financial Intelligence Centre (“FIC”) has recently published further regulatory developments that underscore the expanding scope of compliance obligations. On 19 March 2026, the FIC issued draft Public Compliance Communication 5E (“draft PCC 5E”), which provides guidance on the implementation of draft Directive 10 of 2025, read with section 43B of FICA.

Draft Directive 10, which was gazetted for consultation on 19 December 2025, proposes to widen the scope of geographic information required from accountable institutions upon registration on the FIC's reporting and registration platform. In particular, accountable institutions will be required to disclose the geographic locations of their head offices, subsidiaries and branches, whether situated domestically or in a foreign jurisdiction.

Importantly, the FIC has clarified that the registration of branches and subsidiaries does not constitute them as new accountable institutions in addition to the head office of the accountable institution. The registering accountable institution will acquire unique organisation identity numbers and login credentials for each registered subsidiary and branch on the FIC's platform.

Draft PCC 5E, which will update and replace the current PCC 5D, must be read together with draft Directive 10, and the consultation period runs until close of business on Friday, 27 March 2026, with comments to be submitted via the FIC's online consultation form.

These developments reinforce the message that compliance is not static. Draft PCC 5E records that a failure to register with the FIC, or to provide or update information in terms of section 43B of FICA, may lead to administrative sanctions, while Draft Directive 10 states that an accountable institution that fails to comply with the directive is non-compliance and may also be subject to administrative sanctions.

 As the regulatory framework under FICA continues to evolve, accountable institutions must remain alert not only to their ongoing KYC and due diligence obligations, but also to new registration and reporting requirements that form part of the broader architecture designed to detect and prevent financial crime.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.