Key compliance events in 2026

From CPD and AFS submissions to COFI and FIC requirements, compliance in the months ahead may feel increasingly complex and time-consuming. The good news is that with the right planning, it does not have to become a burden. When you understand what is expected and stay ahead of key deadlines, you can spend less time on admin and more time supporting your clients. Our experts from Masthead share their best tips to help you meet your compliance obligations and stay on the right side of the regulations in 2026.

1. Take note of key deadlines

Plan ahead for these so you aren’t rushing to meet them, or worse – fail to meet them and have your licence suspended.

Three key deadlines for all category FSPs:

• 30 January 2026: final submission and payment of FSCA levies
• 31 May 2026: end of CPD cycle
• 4 months after your business year end: submission of annual financial statements (AFS) to the FSCA

In addition, FSPs need to submit PAIA annual reports, provisionally on 30 June 2026 although this date is still to be confirmed.

Category II FSPs and those with assets under management need to submit liquidity calculations and declarations 45 days after their business’ half-year end.

Masthead has a full calendar and reminder list on their website for 2026’s key compliance dates.

2. Keep your records and FSCA profile up to date

This goes without saying, but a reminder that on a regular basis, all FSPs need to update their records such as advice related FNAs, business accounts and tax affairs. These should be easily accessible. At least once a year review your succession plan and update this if necessary.

All FSPs should also make sure their profile on the FSCA is current and that the FSCA is advised of any changes such as a change of banking details, address and any other material change.

Representatives Register

FSPs with representatives must keep this register current, updating it within 15 days of any change.

Masthead Compliance Manager Shanal Boodiram has some tips for FSPs:

• Changes related to representatives must be updated internally and communicated to the FSCA within 15 days. These may include appointments, terminations and supervision status, among other details. To ensure this doesn’t slip through the cracks, build it into your processes to update details as soon as there are changes, such as when a representative joins or leaves the FSP. Alternatively, diarise the deadline to ensure you remain within the 15-day timeframe.
• Check that the licence categories and subcategories are correct.
• The information reflected on the FSCA website (the official representative profile) must align with the FSP’s Representative Register. Check the FSCA website to ensure your latest changes are correctly reflected on the FSCA’s central records.

3. Be aware of new legislation and industry developments

Implementation of new legislation can mean new reports and admin for advisers, so staying on top of new developments is a must. Two key developments this year could be the Omni-Risk Return (Omni-RR) and COFI.

Omni-RR update

Boodiram says that the Integrated Regulatory Solution (IRS) has a planned industry pilot scheduled for mid-2026 and a planned go-live for September 2026. Stay in touch with your compliance officer for any changes to dates and new requirements for advisers and FSPs.

“The Omni-RR will support a new automated risk model within the IRS. The IRS will cover the full supervisory life cycle of financial institutions and deliver end-to-end SupTech services or innovative technologies. Central to the IRS will be an automated risk model. The Omni-RR is a key data source feeding into the risk model.”

COFI update

COFI has been touted as changing the industry but for advisers already following TCF and regulatory requirements, COFI may not be as much of a game changer as expected. However, there may be changes to licensing applications and requirements based on business activity.

Head of Compliance at Masthead, Anri Dippenaar, says that they continue to engage with the FSCA licensing department and represent their advisers at workshops.

“We expect that licensing will proceed through the IRS system (or other platform) but the exact dates for implementation (also reliant on National Treasury) are not available. At this point, we are advising clients to ensure that they have a good understanding of the type of activities that the business performs as this will be important for licensing.”

Boodiram says advisers can prepare for the FAIS-to-COFI transition by:

• Preparing for the shift to an activity-based licensing model
• Embedding TCF into their culture, governance, advice processes, complaints management, and related controls
• Strengthening reporting frameworks, including requirements such as Omni-RR

4. Be aware of privacy and suitability issues when using AI

AI may soon be a must-have, but it comes with privacy concerns around data and automated advice.

Masthead KZN Regional Manager Ignatius Jacobs says that advisers need to make sure that when they make use of public or free AI tools, no client information is used. “It is possible that this information can be available to other users. This is a breach of POPIA.”

He suggests using sandbox AI tools with sound cybersecurity measures. When making use of AI or automated advice, advisers need to adhere to Board Notice 194 of 2017, section 38, that applies to FSPs offering this service.

Advisers need to make sure that any automated advice provided to clients is appropriate and suitable – in line with the General Code of Conduct. Ryno Volschenk, Johannesburg Masthead Regional Manager, says using AI to provide investment advice may not necessarily be suited to the particular client nor take their unique circumstances into account. You need to double-check and make sure your advice is appropriate.

“In addition, when FSPs and their compliance officers use AI tools for regulatory analysis or interpretation, they should be aware that the information generated may be incorrect,” Volschenk adds. This could lead to the incorrect application of FAIS requirements, particularly in relation to Board Notice 194 of 2017, and may result in incorrect application, for example, being incorrectly licensed.

5. Stay FIC compliant

South Africa may have been removed from the greylist last year, but the focus on FIC compliance will remain. Advisers need to have their Risk Management and Compliance Programme (RMCP) in place and update it regularly. They also need to follow anti-money laundering (AML), counter-terrorist financing (CTF) and counter-proliferation financing (CPF) rules and be able to show that they are doing so.

“Don’t interpret being taken off the greylist as a reduction in compliance,” says Chantelle Ann Wilford, Masthead Compliance Officer and Practice Management Consultant. “Regulators have been clear that the greylist exit is not a finish line, but the start of a phase focused on sustained and demonstrable effectiveness, particularly ahead of the next FATF mutual evaluation scheduled for 2026 - 2027.”

She says advisers need to have policies and plans in place and consistently and effectively apply these or possibly face penalties.

Wilford has some key tips:

• Tailor your RMCP to your business – avoid generic plans and templates
• Make sure you have customer due diligence processes in place, that these are followed in practise and that you can show this, including showing that you are properly identifying and verifying clients and ultimate beneficial owners (UBOs)
• Apply risk profiling continuously – client risk assessments should be updated through the life of the client relationship, not treated as a once-off onboarding requirement.
• Train staff practically – provide regular, practical FICA training so staff can identify red flags and understand escalation processes

6. Know your B-BBEE requirements and reporting

Boodiram says that all FSPs that fall under the Financial Sector Code must submit BBBEE compliance reports, regardless of size. “There are different reports required depending on the size of the institution, which is based on total annual revenue. Reports must be submitted to the Financial Sector Transformation Council (FSTC), which will advise on the deadline each year. The next deadline, for the 2025 year, is 27 February 2026.”

Work with your compliance officer in 2026

Key individuals and business owners are ultimately responsible for compliance and ensuring regulation is followed, any changes implemented and appropriate advice given to clients. But your compliance officer (CO) is the expert so use them to ensure compliance and minimise the time burden. Working with them in2026 will give you more time for your clients and to grow your business.