Paul Vos, Regional Managing Director of CIPS Southern Africa

South Africa's removal from the Financial Action Task Force (FATF) grey list in October 2025 marked a critical turning point for the country's financial credibility. But for businesses, particularly procurement and compliance teams, the real test is only beginning.

If 2025 was about reform, 2026 will be about proof.

The country's exit followed more than two years of intensive regulatory reform. This included the completion of 22 FATF action items to secure removal together with a broader evaluation that highlighted 67 recommended actions to strengthen anti-money laundering (AML) and counter-terrorist financing (CFT) controls. The scale of that effort reflects how high the stakes were. According to the International Monetary Fund (IMF), greylisting can reduce capital inflows by as much as 7.6% of GDP, highlighting the link between financial integrity and economic performance.

While the removal has helped restore investor confidence and stabilise market sentiment, it has not reduced scrutiny. Instead, it has fundamentally reshaped it.

"Greylist exit has not reduced scrutiny, it has refocused it," says Paul Vos, Regional Managing Director of the Chartered Institute of Procurement & Supply (CIPS) Southern Africa. "We are seeing a shift from tick-box compliance to evidence-based governance, where procurement is increasingly recognised as a strategic control point within organisations."

This shift is most visible in supplier due diligence. Procurement is no longer a purely operational function, it is now embedded in governance and risk frameworks.

Boards and executives are paying closer attention to supplier vetting, recognising that weak controls expose organisations to financial crime, reputational damage, and regulatory penalties. Global institutions such as the World Bank highlight opaque ownership structures as a major enabler of corruption and illicit financial flows, reinforcing the need for stronger due diligence practices.

For South African businesses, this means verifying supplier legitimacy beyond documentation, aligning procurement with enterprise risk frameworks, and ensuring that decisions are auditable.

"Procurement owns the process, compliance sets the standards, finance validates financial risk, but ultimately, accountability sits with executive leadership," Vos explains. "This elevates supplier vetting from a task to a governance safeguard."

Ironically, exiting the grey list often brings greater scrutiny. The world now expects proof that reforms are real, sustainable, and embedded. Regulators, investors, and banks operate on a simple principle: leaving the grey list earns trust; staying off it requires discipline.

This means financial institutions intensify monitoring, regulators demand faster and more transparent reporting, companies face higher thresholds when onboarding suppliers, and non-compliance, now that credibility has been regained, is inexcusable.

South Africa's Revenue Service (SARS) has reinforced this, noting that "the fight against financial crime is continuous," with a new FATF review cycle beginning in 2026, underscoring that the country's compliance journey is far from complete.

Financial institutions are under pressure to demonstrate robust controls, and that pressure cascades down supply chains. Banks have adopted a "zero-surprise" approach. Enhanced KYC (Know Your Customer) and KYB (Know Your Business) checks, including cross-border verification, automated sanctions screening, and deeper scrutiny of ownership structures are now standard. Documentation, site visits, and proof of activity are more stringent, and collaboration with regulators to detect irregular payments or shell entities has increased. Financial institutions are sending a clear message: supplier risk is now a systemic financial risk.

At the centre of this landscape is beneficial ownership. Understanding who ultimately owns or benefits from a company is now critical. The Organisation for Economic Co-operation and Development (OECD), a global policy and governance body, notes that opaque ownership structures remain a common enabler of corruption, tax evasion, and financial crime.

"Organisations can no longer rely on surface-level data," Vos says. "Regulators expect full transparency down to the natural person behind the entity. Ignoring beneficial ownership is no longer a compliance risk, it's a strategic and reputational risk."

Complex supply chains also exacerbate risk, particularly in Tier 2 and Tier 3 suppliers and the subcontracting layers where direct oversight is limited. Without structured visibility, organisations may be exposed to shell companies, undisclosed ownership, or irregular financial activity.

Consequently, due diligence is no longer a one-time process. Risk evolves with ownership changes, financial pressures, subcontracting, and geopolitical developments. Leading organisations implement regular risk reviews, real-time sanctions monitoring, and periodic re-verification of supplier information. "Onboarding is only the baseline," Vos notes. "Continuous assurance is now the benchmark for responsible procurement."

For procurement teams, this means developing new capabilities. Analytical and investigative skills, ethical leadership, and data-driven decision-making are essential. The CIPS Global Standard consolidates these expectations into one professional benchmark, equipping procurement teams with the skills, confidence, and ethical foundation needed to navigate South Africa's post-greylist environment.

Ultimately, South Africa's greylist exit is not the finish line, it is the start of a more demanding compliance era. "The organisations that succeed will be those that treat supplier due diligence as a strategic priority, not a compliance exercise," Vos says. "Because in a post-greylist environment, transparency is no longer a differentiator, it's a requirement."