AML Compliance for Accountants and Auditors in Africa: What You Must Know

Introduction

Accountants and auditors in Africa are not peripheral players in the AML compliance ecosystem; they are regulated entities with binding legal obligations. FATF Recommendation 22(d) classifies accounting professionals as DNFBPs precisely because their access to client funds, corporate structures, and financial records makes them a vector for money laundering if proper controls are not in place. In Nigeria, this means mandatory SCUML registration and CDD under the MLPPA 2022. In South Africa, it means full accountable institution status under FICA.

The regulatory environment for African DNFBPs intensified significantly after both Nigeria and South Africa were placed on the FATF grey list: Nigeria in 2023 and South Africa in February 2023. Accounting firms that treat AML compliance as a banking sector problem have fundamentally misread the regulatory direction of travel. The question for compliance officers and managing partners at African accounting firms in 2026 is not whether to comply, but how to build a program that holds up under regulatory examination.

Interesting read: What Is AML Compliance (2026)?

What Makes Accountants DNFBPs Under FATF?

The Financial Action Task Force classifies accountants as DNFBPs under Recommendation 22(d) because their professional activities can be exploited to facilitate or conceal financial crime. The obligations apply when an accounting professional carries out transactions involving the buying or selling of real estate or business entities; manages client money, securities, or other assets; opens or manages bank or securities accounts on a client's behalf; organizes contributions for the creation or management of companies; or creates, operates, or manages legal arrangements such as trusts.

For accounting firms that routinely hold client accounts, prepare transaction documentation, or advise on corporate structuring, virtually every substantive client engagement falls within the FATF DNFBP scope. This is not a narrow carve-out; it is the mainstream of accounting practice.

Nigeria: SCUML Registration and MLPPA 2022 Obligations

1. Who Must Register with SCUML?

Under the Money Laundering Prevention and Prohibition Act 2022, all accounting and auditing firms operating in Nigeria must register with the Special Control Unit Against Money Laundering (SCUML), a department of the EFCC. Failure to register is a criminal offense under Section 5 of the Act.

SCUML registration requires a CAC-certified certificate of incorporation, a tax identification number, a list of partners and directors with their BVN, the details of the firm's designated compliance officer, and a documented AML/CFT policy. Registered firms receive an SCUML certificate valid for two years and must renew annually with updated compliance documentation.

2. CDD Requirements for Nigerian Accounting Firms

The MLPPA 2022 requires accounting firms to conduct customer due diligence before establishing any client relationship and on a continuing basis throughout the engagement. The core CDD components are as follows:

Simplified due diligence is only permissible for clients assessed as low-risk under a documented, auditable risk assessment framework. It is not a default option.

3. STR Filing with the NFIU

Nigerian accounting firms are required to file Suspicious Transaction Reports (STRs) with the Nigerian Financial Intelligence Unit within 24 hours of identifying suspicious activity. The NFIU's goAML platform is the mandatory submission portal. STRs must be filed regardless of whether the transaction in question was completed or abandoned.

The 2024 EFCC AML/CFT/CPF Regulations also require Currency Transaction Reports (CTRs) for all cash transactions above NGN 5 million for individuals and NGN 10 million for corporate clients.

4. The Tipping-Off Prohibition

Section 14 of the MLPPA 2022 prohibits accounting professionals from alerting a client that an STR has been filed or is under consideration. Tipping off carries a penalty of up to two years' imprisonment and a NGN 1 million fine. Compliance officers at Nigerian accounting firms must ensure that client-facing staff understand this prohibition clearly; it is not a back-office compliance matter.

Read also: AML Laws Explained for Financial Institutions in 2026

South Africa: FICA Obligations for Accountants and Auditors

1. Accountable Institution Status Under FICA

South Africa's Financial Intelligence Centre Act 1 of 2001, as amended by the Financial Intelligence Centre Amendment Act 1 of 2017, designates accounting professionals as "accountable institutions" under Schedule 1 of FICA. This applies to firms conducting statutory audits under the oversight of the Independent Regulatory Board for Auditors (IRBA), firms providing trust and company service provider functions, and accounting professionals providing tax advisory, insolvency, or liquidation services.

The FIC issued guidance in 2023 clarifying that any person performing trust and company service provider activities, regardless of their professional title, falls within the accountable institution definition and must comply fully with FICA.

2. Risk and Compliance Programme Requirements

South African accounting firms must maintain a documented risk and compliance program that includes a business-wide risk assessment covering ML/TF risks inherent to the firm's client base, products, services, and geographies, reviewed at least annually. The program must also include a written risk rating for each client updated at review intervals, annual AML/CFT training for all staff with signed attendance records, an independent internal audit of the AML program at least annually, and a designated compliance officer with direct reporting access to senior management or the board.

The FIC's 2023 Sector Risk Assessment for Accountants identified that South African accounting firms face elevated ML/TF risk from clients operating in real estate, construction, and cross-border trade sectors that should be treated as higher risk by default in any South African firm's Business-Wide Risk Assessment.

4. CDD and EDD Under FICA

For legal entities, CDD must include identifying the responsible person (the authorized representative) and the beneficial owner defined as any individual with 25% or more ownership or effective control under FICA. Enhanced Due Diligence is mandatory for domestic and foreign PEPs and their associates, clients from FATF high-risk jurisdictions, trust arrangements, and clients with complex or layered ownership structures.

5. Reporting to the FIC

South African accounting firms must submit Suspicious and Unusual Transaction Reports to the Financial Intelligence Centre for any transaction suspected of involving proceeds of crime or ML/TF activity, with no minimum threshold. Cash Threshold Reports are required for cash transactions above ZAR 24,999.99 in a single transaction or multiple linked transactions. Terrorist Property Reports must be filed immediately upon identifying property owned or controlled by a designated person. All reports are submitted through the FIC's goAML portal.

A Real-World AML Failure: When an Audit Engagement Became a Compliance Crisis

In 2022, a South African audit firm was sanctioned by the FIC after a routine supervisory examination revealed that the firm had conducted an audit engagement for a construction company without completing EDD on three directors connected to a foreign PEP network. The firm's CDD process had verified director identities against HANIS but had not screened for PEP connections or adverse media. The construction company was subsequently identified as a vehicle for cross-border proceeds laundering.

The firm received an administrative penalty and was required to implement a monitored remediation program under FIC supervision. This case reflects the FIC's own 2023 sector risk finding that construction sector clients represent an elevated ML/TF risk for South African accounting firms, a finding that should be reflected in every firm's Business-Wide Risk Assessment.

Interesting read: AML Record Keeping Requirements for African Banks

Building an AML Compliance Programme for Your Accounting Firm

Step 1: Appoint a Compliance Officer

Designate a senior professional as the Money Laundering Reporting Officer (MLRO) in South Africa or AML Compliance Officer in Nigeria. This person must have adequate seniority, documented AML training, and direct board or senior management access. The role cannot be delegated to a junior administrator.

Step 2: Conduct a Business-Wide Risk Assessment

Map your client portfolio by sector, geography, transaction complexity, and PEP exposure. Rate each segment as low, medium, or high risk. This document is your primary line of defence in a regulatory examination, and it must be reviewed annually, not treated as a one-time exercise.

Step 3: Implement Client Onboarding Controls

Use automated identity verification and business verification tools to meet CDD requirements efficiently. Youverify's AML screening platform enables real-time PEP and sanctions screening across African government databases.

Step 4: Train Your Team Annually

All professional staff, not only compliance officers, must receive annual AML/CFT training covering red flags specific to accounting and audit engagements, STR and CTR obligations, and the tipping-off prohibition. Training records with signed attendance must be maintained and available for regulatory inspection.

Step 5: File Reports Promptly and Accurately

Integrate STR and CTR filing into your engagement management system. Suspicious activity identified during an audit or advisory engagement must be reported to the NFIU or FIC within the required window of 24 hours in Nigeria. Delayed filing is treated as non-compliance.

AML Red Flags for Accounting and Audit Engagements

Accounting and audit engagements involving the following indicators should trigger enhanced scrutiny and potential STR or SUR filing:

1. Client business revenues are inconsistent with their declared industry, scale, or market position.

2. Multi-layered corporate structures with no clear commercial rationale for the complexity.

3. Requests to hold funds, assets, or company interests on behalf of an unnamed or undisclosed third party.

4. Clients with disproportionate cash turnover relative to sector peers.

5. Transactions involving funds that leave and return through multiple intermediaries with no apparent business purpose.

6. Pressure to complete transactions quickly without adequate documentation.

7. Resistance to disclosing ownership or control chains during the CDD process.

Penalties for Non-Compliance: Nigeria and South Africa

Conclusion

AML compliance for African accountants is a statutory requirement with serious criminal and financial consequences for non-compliance, and in the post-FATF greylisting environment, regulators across both Nigeria and South Africa are actively examining DNFBP sectors that have historically received less supervisory attention than banks. Accounting firms that have not yet built their SCUML registration, CDD framework, and NFIU or FIC reporting workflows are already operating outside the law.

The firms that will be best positioned for the next wave of regulatory examination are those that have moved their AML compliance programs onto automated platforms: real-time PEP and sanctions screening at client onboarding, ongoing monitoring that catches risk profile changes between annual reviews, and audit-ready records that hold up under FIC or CBN scrutiny.

Youverify's AML screening can serve the African regulatory environment, supporting compliance teams across Nigeria, South Africa, and 15+ other African markets. To get started, book a free demo today. 

About The Author

Victoria Okere is a compliance content strategist at Youverify specializing in African AML regulation, FATF DNFBP frameworks, and financial crime risk. She covers regulatory developments across Nigeria, South Africa, and the broader sub-Saharan Africa market.