SAQA All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.

Occupational Certificate: Compliance Officer 
91671  Occupational Certificate: Compliance Officer 
Development Quality Partner - CISA 
QCTO - Quality Council for Trades and Occupations  OQSF - Occupational Qualifications Sub-framework 
Occupational Certificate  Field 03 - Business, Commerce and Management Studies  Finance, Economics and Accounting 
Undefined  240  Not Applicable  NQF Level 06  Regular-ELOAC 
Passed the End Date -
Status was "Reregistered" 
SAQA 06120/18  2018-07-01  2023-06-30 
2024-06-30   2027-06-30  

In all of the tables in this document, both the pre-2009 NQF Level and the NQF Level is shown. In the text (purpose statements, qualification rules, etc), any references to NQF Levels are to the pre-2009 levels unless specifically stated otherwise.  

This qualification does not replace any other qualification and is not replaced by any other qualification. 

This qualification aims to prepare a learner to provide compliance services to assist management to discharge their responsibilities to comply with applicable regulatory requirements.

A qualified learner will be able to:
  • Design and implement compliance risk management frameworks.
  • Define, assess, maintain and advise on the regulatory universe.
  • Develop, facilitate compilation of and review compliance risk management plans.
  • Conduct compliance monitoring.
  • Compile and submit internal and external compliance reports.
  • Interact with industry regulators, supervisors and stakeholders.

    There is increasing pressure on organisations, both public and private, to ensure that their business activities comply with statutes, regulations and standards, both local and international. In addition, the regulatory environment has become more and more complex. As a result, organisations have chosen to implement consolidated and harmonised approaches to achieve compliance without overlaps, duplication or wasted resources. The responsibility for compliance lies with top management and to achieve this organisations are increasingly seeking the services of compliance practitioners to advise, support, monitor and control risk-based compliance frameworks. This qualification provides learners with the necessary knowledge, skills and workplace experience to fulfil this role.

    The Compliance Institute Southern Africa is the professional body for compliance officers. It has taken responsibility for the development and assessment of this qualification. These measures form part of a package of measures to encourage and promote compliance within the regulatory environment and to promote the professional status, image and credibility of its members. The profile of learners who can access this qualification is quite varied.

    It includes learners who are:
  • School leavers, who are drawn into compliance practice.
  • Higher Institution graduates, typically with accounting or legal qualifications.
  • Accounting or legal professionals.
  • Practitioners currently operating in the compliance field.

    Once qualified, learners would be employed in a variety of compliance functions within large organisations. Alternatively, learners could set up their own independent practices to provide outsourced compliance services to smaller businesses.

    One of the core functions of the Compliance Institute Southern Africa is the establishment and maintenance of the Generally Accepted Compliance Practice (GACP) framework. The GACP is benchmarked internationally and its application forms the core of this qualification. This means that organisations making use of the services of qualified practitioners can be assured that such practitioners are aware of and can apply the highest standards in regulatory risk-based compliance. This, naturally, also means that customers, including the general public, can be assured that the organisations they deal with work within the letter and spirit of the regulatory universe. 

  • Communication Skills at NQF Level 4.
  • Mathematical Literacy at NQF Level 4.

    Recognition of Prior Learning:
    Accredited providers and approved workplaces must apply the internal assessment criteria specified in the related curriculum document to assess and possibly approve prior learning claimed.

    Accredited providers and approved workplaces may recognise prior learning against the relevant access requirements.

    Prior learning must be acknowledged by a statement of results.

    Access to the Qualification:
    A recognised NQF Level 4 qualification granting access to tertiary studies at NQF Level 6. 


    This qualification is made up of the following compulsory Knowledge and Practical Skill Standards, all at NQF Level 6:

    Knowledge Standards: Enterprise Risk Management:
  • Compliance Officer, 6 Credits.
  • Compliance Principles, 12 Credits.
  • Compliance Practice, 30 Credits.
  • Change Management: Compliance Officer 6 Credits.
  • Project Management: Compliance Officer, 3 Credits.
  • Generic Management Principles: Compliance Officer, 3 Credits.

    Total number of Credits for Knowledge Standards: 60.

    Practical Skill Standards:
  • Design and Implement Compliance Risk Management Frameworks, 9 Credits.
  • Define, Maintain and Advise on the Regulatory Universe, 12 Credits.
  • Develop, Facilitate Compilation of and Review Compliance Risk Management Plans, 12 Credits.
  • Conduct Compliance Monitoring. 12 Credits.
  • Compile and submit internal and external compliance reports, 12 Credits.
  • Interact with Industry Regulators, Supervisors and Stakeholders, 3 Credits.

    Total number of Credits for Practical Skill Standards: 60.

    This qualification also requires the following compulsory Work Experience Standards:
  • Compliance Risk Management Design and Implementation Processes, 18 Credits.
  • Regulatory Universe Definition and Maintenance Processes. 24 Credits.
  • Compliance Risk Management Plan Development Processes, 24 Credits.
  • Compliance monitoring Processes, 24 Credits.
  • Compliance Reporting Processes, 24 Credits.
  • Industry Regulator, Supervisor and Stakeholder Interactions, 6 Credits.

    Total number of Credits for Work Experience Standards: 120. 

    1. Design and implement compliance risk management frameworks.
    2. Define, maintain and advise on the regulatory universe.
    3. Develop, facilitate compilation of and review compliance risk management plans.
    4. Conduct compliance monitoring.
    5. Compile and submit compliance reports.
    6. Interact with industry regulators, supervisors and stakeholders. 

    Associated Assessment Criteria for Exit Level Outcome 1:
  • Compliance risk management frameworks are designed, developed, implemented and maintained in accordance with the Generally Accepted Compliance Practice framework.
  • Advice is provided to management in respect of the compliance policies and procedures which address compliance related complaints.
  • A communication strategy and process is developed and implemented in order to keep compliance stakeholders informed of the design, implementation and maintenance of the compliance framework.
  • Compliance stakeholders are engaged to promote alignment of compliance and business objectives.
  • Sound working relationships are maintained with compliance stakeholders.
  • Compliance related advice is provided to management, staff and other compliance stakeholders.

    Associated Assessment Criteria for Exit Level Outcome 2:
  • Regulatory requirements, including existing, changed or new requirements are researched and those which are applicable to the business are identified and explained in plain language to management, staff and other compliance stakeholders.
  • Compliance issues and concerns are identified and compliance related advice is provided to management.
  • An organisation's products and services are described to facilitate business relevant compliance solutions.

    Associated Assessment Criteria for Exit Level Outcome 3:
  • Compliance risks related to regulatory requirements are identified and assessed and control measure are outlined.
  • Compliance plans are designed and developed in risk management format.
  • Regulatory requirements are analysed and the implications of non-compliance are assessed using appropriate risk assessment methodologies.
  • Compliance risk management plans are presented and communicated to management staff and relevant stakeholders in order to cultivate buy-in and to bring about changes in the control environment where necessary.

    Associated Assessment Criteria for Exit Level Outcome 4:
  • A compliance monitoring plan is developed in terms of organisational planning standards.
  • Compliance monitoring is undertaken and working papers are prepared to assist management and the board of directors to understand whether business is conducted in compliance with relevant regulatory requirements.
  • Compliance monitoring findings are analysed and evaluated in order to support valid monitoring conclusions and recommendations.
  • Compliance monitoring reports are produced in accordance with Generally Accepted Compliance Practice.
  • Compliance monitoring outputs are followed-up or tracked to assist management and the board to understand the status of compliance risks and exposures.

    Associated Assessment Criteria for Exit Level Outcome 5:
  • Governance structures relating to compliance reporting are identified and analysed.
  • Independence and objectivity is consistently demonstrated.
  • A compliance reporting process is implemented and internal reporting methodologies are applied in accordance with organisational reporting requirements.
  • Responsibilities for the submission of compliance reporting are allocated to compliance stakeholders in order to establish an effective compliance reporting framework.
  • Information is obtained effectively, efficiently and ethically from compliance stakeholders and managed for the purpose of compliance reporting.
  • Records relating to compliance reporting are kept to serve as an effective audit trail relating to compliance reporting.

    Associated Assessment Criteria for Exit Level Outcome 6:
  • Compliance roles and responsibilities in respect of regulators, supervisors and stakeholders are identified and recorded.
  • Written and verbal communication is undertaken with regulators, supervisors and/or compliance stakeholders in support of a sound working relationship with regulators or supervisors and to discharge responsibilities in terms of regulatory requirements.
  • Relationship with regulators or supervisors is managed in order to promote a sound working relationship between regulators or supervisors and the organisation.
  • Reports are submitted to regulators or supervisors in accordance with governance requirements.
  • Where there are revised or new regulatory proposals, a process is developed and implemented to evaluate the impact of such changes and to engage with and influence industry regulators, supervisors and stakeholders, where required.

    Integrated Assessment:
    An assignment will be completed and submitted during the work experience period.

    An external integrated summative assessment, conducted through the relevant QCTO Assessment Quality Partner is required for the issuing of this qualification. The external integrated summative assessment will focus on the Exit Level Outcomes and their associated assessment criteria. It will be conducted through a combination of a written assessment and the evaluation of the assignment completed during the work experience component.

    The written examination will be conducted at an approved assessment site and marked by registered assessors.

    The assignment will be evaluated at the employer's premises by a panel comprising a member of the professional body and the employer. 

    Until recently, compliance officers did not have to hold specific qualifications. However, as the regulatory requirements and controls have become more onerous and legislation has started to specify that companies are required to employ compliance officers, the need for formal qualifications is growing world-wide.

    The design of the Compliance Officer qualification takes into account the specifications contained in the Generally Accepted Compliance Practice (GACP) framework, which is aligned with international leading practice, specifically in respect of the Australian compliance standard AS3806 and the Bank for International Settlement's publication on Compliance and the Compliance Function in Banks, 2005:
    The GACP is made up of:
  • Compliance principles.
  • Compliance standards.
  • Compliance guidelines.

    Research relating to qualifications that are offered in other countries is set out below. The countries chosen for research are:
  • Australia: Chosen in view of the progress made in establishing an effective compliance professionalism framework.
  • United Kingdom: Chosen in view of the level of maturity of the regulatory or supervisory framework.
  • United States of America (USA): Chosen in view of the level of maturity of the regulatory or supervisory framework.

    No compliance qualifications are offered in other SADC countries.

    The Australasian Compliance Institute (ACI) has implemented an accreditation framework that recognises three levels of accreditation:
  • Associate: For relatively new professionals.
  • Certified Compliance Professional (CCP): For the majority of experienced professionals who will be managing compliance programmes for industry and government.
  • CCP Fellow: For exceptionally dedicated and competent professionals who have also contributed to the profession for the benefit of their colleagues and the general community.
    The Certified Compliance Professional broadly equates to Compliance Professional. To gain this accreditation candidates need a minimum of 5 year's compliance experience of which at least 2 years must have been in a senior role, and successful completion of either a five and a half day residential course, or a 22 week distance course.

    In the United Kingdom various qualifications are offered. Some are industry specific. The qualification that however, comes closest to the South African one is a Diploma in Compliance offered by the International Compliance Association (ICA) in association with the University of Manchester's Business School. This qualification is broadly equivalent to the Compliance Professional level. It contains the following core modules and an examination over a 9- to 12-month period:
  • Understanding the Regulatory Environment.
  • Regulatory Structure.
  • The Role of the Compliance Officer.
  • Risk Management.
  • Designing an Internal Compliance System.
  • Dealing with Regulatory Issues and Enforcement.
  • Compliance with Prudential Regulation.
  • Corporate Governance, Creating a Compliance Culture and the Benefits of Compliance.
  • Managing the Risk of Money Laundering and Terrorist Financing.
  • Market Abuse, Insider Dealing and Fraud Prevention.

    It focuses primarily on the financial service industry and is endorsed by the British Bankers' Association and mapped to the Financial Services Skills Council Standards of Competency for Compliance. A variant of this qualification is also offered to international compliance officers.

    Entry requirements are:
  • Sound educational background, e.g. Degree or professional qualification in an appropriate discipline.
  • Having completed the Foundation Certificate in Compliance Practice.
  • Three years' relevant work experience.

    In the USA, compliance qualifications are offered by various institutions or organisations. For example, Compliance LLC offers instructor-led and distance training as well as on-line examinations for a Certified Risk and Compliance Management Professional (CRCMP). This certification is weighted towards financial institutions and covers five parts:
  • Part A: Compliance with laws and regulations, and risk management.
  • Part B: The frameworks.
  • Part C: Sarbanes Oxley (US-specific legislation).
  • Part D: Basel II/Basel III (specific to the Banking industry).
  • Part E: Designing and implementing a risk and compliance programme.

    The South African qualification broadly covers the same content as these international programmes without giving weight to legislation specific to a particular industry. The South African qualification focuses on the implementation of a generic framework and practices which underpin compliance functions in any organisation operating in a range of different particular industries.

    The South Africa qualification is broadly comparable to the selected international offerings without focusing on industry specifics. 

    There are currently no qualifications which provide for any direct horizontal, diagonal or vertical articulation with this qualification. 



    As per the SAQA Board decision/s at that time, this qualification was Reregistered in 2015. 



    This information shows the current accreditations (i.e. those not past their accreditation end dates), and is the most complete record available to SAQA as of today. Some Primary or Delegated Quality Assurance Functionaries have a lag in their recording systems for provider accreditation, in turn leading to a lag in notifying SAQA of all the providers that they have accredited to offer qualifications and unit standards, as well as any extensions to accreditation end dates. The relevant Primary or Delegated Quality Assurance Functionary should be notified if a record appears to be missing from here.

    All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.