August 29, 2023

OIP 1 e1693178851538

Supervision and enforcement of regulatory requirements are the task of the sector supervisor/regulator. Much depends on the competence and regulatory style of the supervisory agency, which may be more active or passive (Klaus J Hopt ‘Comparative Corporate Governance: The State of the Art and International Regulation’ (, accessed August 20, 2023)). Competence and regulatory style of improving supervision and enforcement of regulatory requirements stiffen enforcement practices, and powers of supervisory agency.

A risk-based approach to regulatory enforcement provides an effective enforcement method. It is an approach ideal for enforcement of compliance with the regulatory requirements, and to protect against non-compliance. A risk-based approach means that law firms must understand the compliance risks to which they are exposed and must take appropriate mitigation measures in accordance with the level of risk.

A risk-based enforcement is about focusing on outcomes rather than specific rules and processes as the goal of regulation. Focusing on outcomes entails an actual paradigm shift from a traditional conception of regulatory enforcement based on finding and punishing violations towards an approach where the law is the last resort (OECD Regulatory Policy outlook (2021) “6 Risk-based regulation”, accessed August 20, 2023). Risk-based approach helps to improve the effectiveness and efficiency of regulation, and also improves accountability.

Legal practitioners practicing for their own account, either alone or in partnership or as a director of a juristic entity, are required to hold a Fidelity Fund Certificate (FFC). In support of the application for a FFC, a practitioner is required to submit to the Legal Practice Council (LPC) an annual statement on the trust account that it is registered with the Financial Intelligence Centre (FIC) as an accountable institution and is maintaining a Risk Management and Compliance Programme (RMCP). In terms of s 42(4) of the Financial Intelligence Centre Act 38 of 2001 (FICA), law firms must develop, maintain and implement a RMCP document.

The FIC gives law firms some mandatory obligations to effectively combat financial crimes. An Anti-Money Laundering (AML) compliance programme is now mandatory for legal practice. Law firms must ensure that their Anti-Money Laundering/Combating Terrorist Financing (AML/CTF) compliance policies and procedures are appropriate to the practice. A law firm must, on request, make a copy of its internal rules available to the Centre, or a supervisory body. Failure to produce an RMCP document to the supervisory body or the FIC would amount to non-compliance. Consequences for contravention include restriction or suspension of business activities.

Law firms are required to register with the FIC and to do a Customer Due Diligence (CDD), a process of collecting and evaluating specific information, in respect of an individual or legal person. CDD includes information about the economic sector of your client. Law firms have reporting duties to the FIC in respect of suspicious activities and transactions. CDD is an important part of mitigating risk to the firm.

Law firms dealing in sizable financial transactions every day, setting up companies/trusts and facilitating property transactions, are exposed to ML/TF risk. Firms disregarding specific ML/TF risk are likely to be targeted by money launderers. Adopting a risk-based approach ensures that measures to mitigate ML/TF are commensurate with the risks identified in the practice.

It is essential that regulators/supervisors can react in timely and appropriate compliance enforcement when non-compliance occurs, and apply robust supervisory measures when breaches were identified. Regulators should take action relating to securing compliance with regulatory requirements in the event of a breach by imposition of a sanction, or action taken to remedy non-compliance.

A rule-based or the stick approach, which corresponds to the letter of the law, may not necessarily be well suited for sector-wide regulatory non-compliance. Regulation must be appropriate to risk and enforcement commensurate with the breach.  The frequency and intensity of supervision should be adjusted in line with AML/CTF risk exposure of the sector. “Embedding risk-proportionality at the core of the regulatory systems is the most effective way to give them adequate legitimacy, resilience, agility and effectiveness” (OECD (op cit)). The intensity of regulatory enforcement and proportionality of enforcement measures are at the core of efforts to encourage compliance, and to make regulatory supervision more effective, and efficient.

Enforcement takes place through various instruments. The LPC has adequate enforcement instruments at its disposal that are available in the applicable regulations to make enforcement more targeted and proportional to risk. Tools focused on achieving regulatory outcomes are central to the efforts to make regulatory delivery more effective and efficient (OECD (op cit)).

The LPC or the Board of the Legal Practitioners’ Fidelity Fund may conduct ad hoc inspections where necessary (see Rule 50.1.1 of the Rules made under s 95(2), 95(3) and 109(2) of the Legal Practice Act 28 of 2014 (LPA)). Firms that are exposed to significant ML/TF risks would be subject to more frequent and intrusive supervision. The need for such inspections may be triggered by a specific event, which may expose sector to an increased ML/TF risk exposure or happen as a result of discovery of certain information.

Compliance-based strategy focuses on satisfying regulatory requirements. The risk-based regulatory enforcement will enable law firms to become or remain compliant across the legal practice regulatory landscape. To meet their regulatory obligations, law firms should ensure that they have put in place robust AML/CTF systems, and that controls are sufficiently effective to prevent and detect ML/TF.

It remains important to promote voluntary compliance so as to focus enforcement efforts on deviant behaviour while fostering voluntary enforcement as much as possible. Practitioners should not be expected to know everything about what to do and how, but are to be guided, advised and informed.

The responsibility of regulators does not end with the publication of the rule (Organisation for Economic Co-operation and Development (OECD) ‘Reducing the risk policy failure: Challenges for Regulatory compliance’ (2000) (, accessed August 20, 2023)). The effectiveness of enforcement mechanisms in legal practice depends on the general institutional environment. Weak resolution mechanisms give rise to non-observance of mandatory legal rules. Effective enforcement requires the availability of effective, proportionate and dissuasive sanctions in the event of non-compliance. The LPC needs to respond to non-compliance with regulatory requirements in ways that are appropriate to violations involved and target enforcement and implementation efforts on the areas that pose the highest risk.


Please note that our blog posts are informal commentaries on developments in the law at the time of publication and not legal advice.

About the author 

Sipho Nkosi

Sipho Nkosi is an experienced Legal Professional with a demonstrated history of working in the legal services industry. A strong legal professional with a B Proc degree focused in Law from the University of Natal (Howard College), with a keen interest in corporate governance and a profound insight into Compliance Risk Management. Skilled in litigation and procedural law, and an affiliate member of the Compliance Institute Southern Africa.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}