Banking records that pull their weight.
Records management and information governance for South African banks, insurers, asset managers, and FSCA-regulated entities. Audit-ready transaction archives, FICA verification at scale, customer files findable in seconds, regulator-grade evidence trails.
Book Free Assessment →Records that get scrutinised for a living.
- i.
Retention obligations measured in years, not months.
FICA, FSCA, JSE and SARS each set their own retention requirements — commonly five to seven years past the end of the customer relationship, sometimes longer. The records have to be retrievable, complete, and tied to a defensible audit trail throughout.
- ii.
High-volume, high-stakes customer files.
Every onboarding generates a stack of KYC documents, FICA verifications, mandates and product disclosures. Every change generates more. Multiply that by your active book, then by every product line. The volume is real; so is the cost of getting it wrong.
- iii.
A regulator who reads the file before reading the firm.
When the FSCA, the Prudential Authority, or your external auditor opens an inspection, they ask for the file. If the file is incomplete, you've already lost the argument. Records hygiene is the floor of regulatory credibility.
What we map your records against.
- FICA — the Financial Intelligence Centre Act and its Risk Management and Compliance Programme requirements.
- FSCA Conduct Standards — sector-specific Conduct Standards and Treating Customers Fairly (TCF) outcomes.
- JSE Listings Requirements — record-keeping, disclosure and announcement archives.
- Banks Act and Insurance Act prudential rules — where applicable.
- POPIA — with particular attention to special personal information and cross-border processing.
- Income Tax Act, VAT Act — the seven-year retention floor under SARS.
Six things, sector-tuned.
- i.
FICA-grade record retention.
Customer files, mandates, KYC verifications and ongoing due diligence retained for the periods FICA and FSCA require, with chain of custody and search that returns the record on the first try.
- ii.
KYC and FICA onboarding workflow.
Centralised verification, document capture, escalation routing for high-risk customers, and the audit trail that proves you did the steps in the right order.
- iii.
Audit-ready transaction archives.
Source documents, statements, confirmations, and supporting records assembled in a defensible structure. When the auditor or the Regulator asks, you produce.
- iv.
TCF and Conduct Standard evidence.
Records architecture that maps to the TCF outcomes and the FSCA Conduct Standards your sector falls under. So the evidence exists before the supervisory engagement starts.
- v.
DSAR and PAIA response at financial-services scale.
High-volume, often privileged, often time-pressured. We handle intake, scope, redaction and production end-to-end, with the privilege review your legal team would otherwise have to do at 11pm.
- vi.
Information Officer-as-a-Service (Premium).
A named senior Information Officer with sector experience, sitting between you and the Information Regulator. Breach response, complaints handling, regulator liaison — covered.
For most financial services clients: Professional or Enterprise.
Regional banks, insurers and asset managers typically sit in Professional — full programme, named senior IO, DMS rollout, 24/7 breach response. JSE-listed groups, Big-5 banks and large insurance groups sit in Enterprise — MSA framework, named Programme Director, standing eDiscovery retainer, board briefings.
Sector close but not exactly this?
We've worked across most of the South African financial economy — banks, insurers, asset managers, brokers, retirement funds, financial advisors, fintech, and the supporting infrastructure around them. If your sub-sector isn't quite what we've described, tell us what you do and we'll show you what's relevant.
— T.