PCC 23A raises practical scope and compliance questions for credit providers.

When the Financial Intelligence Centre issued final PCC 23A on 30 March 2026, it did more than publish another technical notice. It clarified how the Centre interprets the scope of credit providers under item 11 of Schedule 1 to the FIC Act and highlighted potential money laundering, terrorist financing, and proliferation financing risk indicators relevant to the sector.

That matters because many businesses still approach FIC compliance in the wrong order. They focus first on registration, reporting deadlines, or policy documents without first addressing the more basic question: does the business actually fall within item 11, and if it does, what follows in practice?

PCC 23A makes it harder to rely on assumption or convenience. It pushes credit providers to examine the substance and economic reality of their activities, not merely the labels they use internally. For many businesses, that is where the real compliance discussion should start.

Why PCC 23A matters now: it shifts the conversation from assumption to tested compliance readiness.

Question 1: Are we actually in scope as an item 11 credit provider?

This is the first question, and it is the most important. PCC 23A was issued to clarify how a credit provider should be interpreted under item 11 of Schedule 1 to the FIC Act.

It deals with two broad categories. The first is a person who carries on the business of a credit provider as defined in the National Credit Act. The second is a person who carries on the business of providing credit under credit agreements that are excluded from the National Credit Act by section 4(1)(a) or (b).

That wording matters because it shows that the scope may be wider than many businesses expect. Some still assume that the FIC framework applies only to traditional lenders or to entities clearly registered with the National Credit Regulator. PCC 23A shows that this view is too narrow.

Scope assessment should be tested properly, not assumed.

The real issue is not whether a business calls itself a credit provider. The real issue is whether, in law and in substance, it is carrying on the business of providing credit in a way that places it within item 11.

That is why scope should be tested, not assumed. If a business has never properly documented why it believes it falls inside or outside item 11, that is already a weakness in its compliance position.

Question 2: What does “carries on the business” actually mean?

This is one of the most useful parts of PCC 23A. The FIC explains that, especially for item 11(b), it will look at the substance and economic reality of the activity.

That includes factors such as the frequency and regularity of credit transactions, whether the activity is conducted for commercial gain or profit, whether systems or infrastructure exist to advance, manage, or recover credit, and whether the activity is marketed or made available to third parties.

No single factor decides the matter on its own. The assessment is holistic. This moves the focus away from labels and toward behaviour.

Substance and economic reality matter more than convenient labels.

A business cannot safely say, “We are not a lender,” if, in practice, it regularly structures, advances, manages, or recovers credit as part of its business model. In the same way, a business cannot assume it falls outside item 11 simply because the arrangement sits inside a broader commercial relationship or is described in softer language than traditional lending.

For management teams, this means the scope discussion should not stop at contract wording. It should extend to the business model itself, the internal processes that support it, the way clients are engaged, and the systems used to manage the activity.

Question 3: Are we relying too casually on “incidental credit”?

This is an area where businesses can become comfortable too quickly. PCC 23A does leave room for genuine incidental credit. It explains that an entity which only enters into incidental credit agreements, and does not carry on the business of providing credit, is not deemed to be an accountable institution under item 11.

That said, the PCC also gives a clear warning. Multiple incidental arrangements may collectively indicate that the entity is, in substance, carrying on the business of a credit provider. Artificial structuring, fragmentation, or repetition will not be accepted as a valid basis for excluding a business from item 11.

Practical examples help draw the line between genuine incidental credit and regular credit activity.

The label “incidental” does not help if the activity is regular, structured, and commercially significant.

The lesson is straightforward. Businesses should not rely on the word “incidental” without evidence. If the activity is regular, commercially structured, supported by systems, and linked to how the business earns revenue, then the scope question deserves a much closer review.

Question 4: If we are in scope, what changes operationally?

If you are in scope, the impact reaches far beyond registration.

Quite a lot changes. PCC 23A is not only about who falls within item 11. It also helps explain what that status means for day-to-day compliance.

One of its most important points is that credit agreements are regarded as business relationships, not merely single transactions. That matters because it brings customer due diligence and targeted financial sanctions obligations into sharper focus.

PCC 23A also states that item 11 credit providers must develop, implement, and maintain a Risk Management and Compliance Programme in terms of section 42 of the FIC Act. That RMCP must be proportionate to the nature, size, and complexity of the business and tailored to its risks.

If your business is in scope, the more useful question is not whether you are compliant on paper. It is whether your controls, processes, and oversight arrangements are aligned with the real nature of the business.

Question 5: What risk indicators should we be reviewing now?

This is where PCC 23A adds further practical value. It does not stop at scope. It also sets out risk indicators that matter for credit providers in the real world.

PCC 23A risk indicators help credit providers turn compliance into practical monitoring.

On the money laundering side, PCC 23A points to issues such as the use of credit funds for illicit activity, early repayment or repayment in unusual amounts without a reasonable explanation, multiple cash repayments without a plausible source of funds, and clients who are reluctant to provide personal or business information.

It also highlights cases where the business does not make economic sense, where a borrower’s strategy changes without a clear commercial reason, or where the client forms part of a complex ownership structure or foreign trust arrangement.

In relation to terrorist financing, PCC 23A flags repeated early pay-ups on mortgage facilities followed by further withdrawals, significant unexplained deposits, large crypto-related purchases on credit by customers with no previous history of such activity, and multiple credit cards being used by third parties to withdraw cash in foreign jurisdictions.

It also refers to proliferation financing indicators. These include credit facilities extended to entities involved in dual-use goods, sensitive technologies, or controlled commodities, as well as transactions linked to sanctioned jurisdictions or attempts to evade targeted financial sanctions controls.

For compliance teams, PCC 23A should therefore trigger more than a scope review. It should also trigger a control review. Staff need to know what to look for. Systems should be able to identify unusual activity. Beneficial ownership scrutiny should be strong enough for complex juristic persons. Higher-risk sectors, products, and geographies should also receive appropriate attention.