Skip to main content
Komply

South African Compliance OS

Scored. Tracked. Alerted.
Every month.

Continuous POPIA, B-BBEE, SARS, and FSCA compliance monitoring for South African businesses. One subscription, four modules, monitored continuously, reported monthly.

Covers

  • POPIA
  • B-BBEE
  • SARS
  • FSCA

The four modules are live. Onboarding the first 25 pilot tenants free · Built by a CA(SA) in Cape Town

Monthly scan

May 2026

Sample
POPIACaveat
78 / 100
B-BBEECaveat
Level 4
SARS SubmissionsClean
92 / 100
FSCA TrackerClean
84 / 100

Per-tenant RLS · ruleset reviewed quarterly

  • POPIA
  • B-BBEE
  • SARS
  • FSCA
§01Modules

Every regulator. Every month.

Monitored continuously, reported monthly. Reports land in your dashboard and email. Cross-module flags surface where a finding in one regulator affects another.

01POPIA

POPIA Compliance

POPIA compliance scan. Foundational, always runs. SEO, AI-search visibility, security, performance and accessibility checks are included in every Pro and Enterprise scan.

  • 1 domain (Starter) / 5 domains (Pro) / unlimited domains (Enterprise)
  • Remediation artefact generation — privacy policy text, cookie-consent banner code, data-subject-rights notice, Information Officer designation block (Pro+)
  • SEO, GEO, Security, Performance and Accessibility checks included in every Pro and Enterprise scan
  • Regulatory changes tracked and surfaced in your dashboard
02B-BBEE

B-BBEE Scorecard

Auto-calculate your Generic, QSE, or EME scorecard with EME / QSE / Generic auto-classification, priority sub-minimum knock-down, and Modified Flow-Through (MFT) ownership. Pro tier adds gap analysis, sector benchmark, and audit-ready PDF evidence.

  • Verification-grade B-BBEE scorecard (DTI Codes 2013+2024)
  • Gap analysis — smallest-cost lever to the next level
  • Indicative sector benchmark (13 sectors, from the B-BBEE Commission Status & Trends 2024 report, reviewed quarterly)
  • Audit-ready PDF evidence package
03SARS

SARS Submissions

VAT201 + EMP201 + EMP501 readiness scoring against your books before the deadline. Catches missing supplier VAT numbers, payroll anomalies, IRP5 reconciliation gaps, and the 2026 SARS TRN-rejection rule pre-submission. Tracks every VAT refund's 21-day SLA and auto-drafts SARS / Ombud escalation at the 60- and 90-day thresholds.

  • Xero OAuth — VAT report + bank tx + invoices + contacts + payroll (daily sync)
  • Readiness scoring: VAT201 / EMP201 (5-component) + EMP501 (7-component) + IRP6 / ITR14 deadline tracking
  • VAT refund auto-match + 30 / 60 / 90 day escalation thresholds
  • EMP501 IRP5 cross-validation — flags the 2026 TRN-rejection rule before SARS does
  • SARS verification response bundler — 21-day countdown + Xero auto-bundle (Pro+)
  • Penalty exposure calculator (TAA 10% + prescribed-rate interest)
04FSCA

FSCA Tracker

Score your FAIS readiness across CPD, complaints, conflicts of interest, fit-and-proper, and Joint Standard 2 of 2024 cyber. v2.0 adds the audit-prep automation suite — Komply drafts the artefacts external COs charge R5-15k/yr to produce.

  • Per-Key-Individual / per-Representative (KI / Rep) CPD ledger (BN 194 § 12 hours target by class count)
  • Complaints register with GCC § 19 working-day SLA clock
  • Annual Internal Compliance Monitoring Programme (ICMP) report generator — Komply drafts; human signs off (Pro+)
  • FAIS Ombud response bundler with 6-week countdown (Pro+)
  • FSCA debarred-register check at every hire + Pro+ weekly re-check
  • FAIS § 11 material change notification letter — auto-detect + PDF
  • COI Management Policy generator + sign-off + supersedes-chain (Pro+)
§02The stakes

The compliance landscape moved in 2025. If your last audit was annual, you're already behind.

Maximum POPIA administrative penalty per offence
R10M

POPIA Section 109

Information Regulator's first POPIA administrative fine
R5M

Jul 2023 enforcement notice (DOJ&CD)

Tender threshold requiring valid B-BBEE certificate
R30K+

DTIC procurement rules

SARS deadline: all returns submitted digital
May 2025

SARS announcement, 2025

§03Pricing

Simple, monthly, no contracts.

Three ways to buy. The full Compliance OS bundle, a single module if you only need one regulator, or a once-off audit pack for one cycle. Annual prepay on subscriptions gets two months free. Cancel any time — access continues to the end of the paid period.

Starter

POPIA + B-BBEE + SARS + FSCA basics. For SMBs under R20M revenue.

R750/ month

excl. VAT

  • POPIA monthly compliance scan (1 domain)
  • B-BBEE Scorecard Calculator with EME / QSE / Generic auto-classification
  • Priority sub-minimum + Modified Flow-Through ownership
  • SARS deadline calendar (VAT201, EMP201, EMP501, IRP6, ITR14)
  • FSCA — FSP profile, Key Individual / Representative (KI / Rep) CPD tracking, complaints register
  • FSCA debarred-register check at every new KI / Rep hire
  • FSCA § 11 material change notification letter (auto-detect + 1-page PDF)
  • Monthly automated reports
  • Monthly compliance digest by email
  • 1 admin user
Claim my pilot seat
Recommended

Pro

POPIA + B-BBEE + SARS + FSCA full + regulatory change alerts.

R3,500/ month

excl. VAT

  • Everything in Starter
  • POPIA on-demand scans — up to 5 domains
  • SEO, GEO, Security, Performance and Accessibility checks included in every Pro scan
  • One-click POPIA remediation artefact generation
  • B-BBEE gap analysis — cheapest lever to the next level
  • Indicative B-BBEE sector benchmark (13 sectors, B-BBEE Commission Status & Trends 2024, reviewed quarterly)
  • B-BBEE 3-year trajectory simulator
  • SARS readiness scoring (VAT201 + EMP201)
  • SARS refund tracking + Ombud escalation (60d / 90d auto-drafts)
  • EMP501 reconciliation + IRP5 cross-validation
  • Catches the 2026 SARS TRN-rejection rule pre-submission
  • SARS verification response evidence bundler (21-day countdown + Xero auto-bundle)
  • Xero integration — VAT report + bank tx + invoices + contacts + payroll (daily sync)
  • FSCA — readiness scoring + audit-ready PDF + share link + Cyber log
  • FSCA audit-prep automation: annual Internal Compliance Monitoring Programme (ICMP) report + FAIS Ombud response bundler + COI Management Policy generator
  • Replaces R5-15k/yr external CO ICMP fees alone
  • FSCA weekly debarred-register re-check + email alert on roster matches
  • 7-page audit-ready PDF + stakeholder share link
  • Monthly digest + debarred-register match alerts + SARS verification reminders
  • Slack / Telegram alerts — coming at a future point in time
  • 5 admin users
Claim my pilot seat

Enterprise

All four modules deep + CA(SA) remediation sessions + dedicated onboarding.

R7,500/ month

excl. VAT

  • Everything in Pro
  • POPIA scans — unlimited domains
  • CA(SA) remediation sessions — book directly from any finding card
  • ITR14 full readiness (depreciation + S11(j)/S11(o) + CGT) — coming at a future point in time
  • Sage SA + QuickBooks integration — coming at a future point in time
  • Multi-entity group rollup — coming at a future point in time
  • FSCA — multi-FSP rollup, Cat II / IIA scorecards, Representative Register XML helper — coming at a future point in time
  • White-label PDF for accounting firm distribution — coming at a future point in time
  • Dedicated onboarding
  • Quarterly compliance review call
  • Priority support + SLA
  • Unlimited admin users
Claim my pilot seat

All prices excl. VAT. Annual prepay: 2 months free, no setup fee. Pilot pricing: free during the pilot for the first 25 tenants — the once-off R5,000 setup fee is waived. Standard pricing applies after the pilot; monthly non-pilot plans then include a once-off R5,000 setup fee on the first month, also waived on annual plans.

Or by module

Need just one regulator?

Subscribe to a single module at full Pro feature depth. All four à la carte add up to R7,800/mo. The Pro bundle above gets you the same modules for R3,500 — a 55% saving if you need more than one regulator covered.

+ once-off R5,000 setup fee on first month — waived for pilot tenants and on annual plans.

POPIA

POPIA

R1,500/ month

excl. VAT · Pro feature depth

Monthly scan across 5 domains + remediation artefact generator + regulatory changes tracked in your dashboard. Pro feature depth on the single module.

Claim my pilot seat
B-BBEE

B-BBEE Scorecard

R1,800/ month

excl. VAT · Pro feature depth

Verification-grade scorecard + gap analysis + indicative sector benchmark + 3-year trajectory + 7-page audit-ready PDF + stakeholder share link.

Claim my pilot seat
SARS

SARS Submissions

R2,000/ month

excl. VAT · Pro feature depth

VAT201 + EMP201 + EMP501 readiness with Xero sync, refund tracking, IRP5 cross-validation, and the verification-response evidence bundler.

Claim my pilot seat
FSCA

FSCA Tracker

R2,500/ month

excl. VAT · Pro feature depth

Full audit-prep suite: annual ICMP, FAIS Ombud response bundler, COI Management Policy, weekly debarred-register re-check, material change letters.

Claim my pilot seat
Audit pack

Drop in for one cycle.

A once-off pack with a defined deliverable. Pay once, get 90 days of Pro access, decide on a subscription after.

FSCAOnce-off

FSCA ICMP 2026

Generate your annual ICMP, draft FAIS Ombud responses, produce your COI Management Policy, register your KIs, and run debarred-register checks. External compliance officers charge R5,000–R15,000/year just for the ICMP — Komply's audit-prep automation handles it in one workspace, then leaves the door open to convert to a Pro subscription.

R3,500once · 90 days of Pro FSCA access

excl. VAT

Claim my pilot seat
§04Built by

Built by a CA(SA) for SA compliance officers.

Built in Cape Town by a CA(SA). Tenant isolation by row-level security, encrypted at rest and in transit. How Komply is built →

§05FAQ

Questions
answered.

Have a question we haven't covered? Email us.

01When does Komply launch?

The four modules — POPIA, B-BBEE, SARS, and FSCA — are live. Komply is onboarding the first 25 pilot tenants free: join the waitlist and we'll invite you in order. Standard pricing applies after the pilot; the R5,000 setup fee is waived for pilot tenants.

02What does the POPIA scan check?

Privacy policy presence and accessibility, cookie consent semantics, data-subject rights notice, Information Officer designation, mail-server DNS hygiene (SPF / DKIM / DMARC), TLS configuration, server response headers, and third-party tracker enumeration. Findings cite POPIA section numbers and link to the Information Regulator's published guidance.

03What are the website-audit add-ons?

SEO (meta tags, structured data, sitemap), GEO (Generative Engine Optimisation — JSON-LD and AI-agent crawlability), Security (headers, exposed files, server hygiene), Performance (HTTP/2, response time, render-blocking scripts), and Accessibility (alt text, form labels, heading hierarchy, language declaration). These checks are included in every Pro and Enterprise scan.

04Does Komply fix POPIA findings for me?

Pro and Enterprise tenants can generate ready-to-paste remediation artefacts directly from each finding card — privacy-policy section text, cookie-consent banner code, data-subject-rights notice, and Information Officer designation block. Each artefact is a deterministic template citing the Information Regulator's Code of Conduct; review with your legal advisor before publishing. Enterprise additionally surfaces a "Book a CA(SA) remediation session" deep-link for hands-on review.

05What FAIS obligations does the FSCA module cover?

Continuous Professional Development (BN 194 § 12), complaints management (GCC § 19 — 5 working days to acknowledge, 20 to resolve), conflicts of interest (GCC § 3A) including the parent COI Management Policy, fit-and-proper file currency (BN 194 §§ 6, 11), cyber incident logging per Joint Standard 2 of 2024, the FAIS § 11 material change notification (15 calendar days), the FSCA debarred-persons register check at every hire, the annual ICMP report (FAIS § 17(1)(d) + Conduct Standard 4/2024), and the FAIS Ombud response package (6-week deadline). Out of scope in v2.0: suitability assessment record-keeping (GCC § 8), the Representative Register XML helper (v2.1), and the cyber prescribed-window timer (v2.1, when the Determination on Notification Requirements is gazetted).

06Does Komply draft my annual ICMP report?

Pro tenants get a Komply-drafted Internal Compliance Monitoring Programme report covering the prior 12 months across CPD, complaints, COI, fit-and-proper, and cyber. Each section is composed from the live register data; with ANTHROPIC_API_KEY configured, narrative paragraphs are LLM-drafted in a restrained junior-compliance-analyst voice (Claude Haiku 4.5) — without the key, deterministic templates ship. You edit every section before sign-off; the FSP principal owns the submitted document. External COs charge R5,000-R15,000/year for the same artefact.

07Can Komply bundle my FAIS Ombud response?

Yes — Pro tenants get a one-click "Generate Ombud response" inline on any escalated complaint. Komply composes a 6-page package: chronology from the existing register, FSP narrative (LLM-augmented or deterministic), supporting-evidence list (the rep's CPD records, prior complaints touching the same KI, COI disclosures), and a Komply audit-trail certificate. The 6-week submission window counts down on the response detail page. You review, edit, and submit to the FAIS Ombud — Komply doesn't auto-submit.

08Does Komply check the FSCA debarred-persons register at hire?

Yes — on every new Key Individual or Representative you add via /dashboard/fsca/key-individuals/new. Komply mirrors the FSCA debarred register weekly and fuzzy-matches the candidate name + (optional) SA-ID last 4. Strong matches (same name + same ID4) block creation unless you tick the override box and provide a written reason. Possible matches (name only, no ID confirmation) surface for review but don't auto-block — common surname duplicates would otherwise create false rejections. Pro tenants additionally get a weekly re-check across the active roster with an email alert when a new match surfaces.

09Does Komply submit to the FSCA on my behalf?

No. The FSCA's submission surfaces (FAIS Online, SmartReg, the Representative Register XML upload) are FSP-credentialed — there's no third-party API. Komply keeps your CPD ledger, complaints register, COI matrix and fit-and-proper file current, generates the audit-ready PDF, and surfaces deadlines. You still upload to the FSCA portals yourself.

10How is the FSCA module different from Moonstone?

Moonstone is consulting + training + tooling bundled. Komply is the tool — a continuous readiness dashboard you keep current between Moonstone's audits or your in-house Compliance Officer's reviews. Komply scores your readiness against published obligations; it doesn't replace the Compliance Officer's professional judgment.

11Who is Komply for?

Built for SA businesses from ~R10M revenue: Starter suits sub-R20M, Pro and Enterprise scale with you. The fit is strongest where there's government procurement exposure, regulated-industry status (financial services, health, telecoms, education), or significant personally-identifiable customer data. Decision-makers are CFOs, COOs, Compliance Officers, or owner-operators.

12How do the four modules work together?

Single tenant dashboard, single subscription, single login. Each module is monitored continuously and reported monthly. Cross-module flags surface where one regulator's finding affects another — a POPIA cookie violation that affects a BEE submission, a SARS anomaly that ties to a FSCA disclosure. One source of truth for your compliance posture.

13What about my existing compliance tools?

Komply replaces fragmented per-regulator tooling with one platform. Enterprise onboarding includes an audit of your existing compliance stack to identify consolidation opportunities. We don't ask you to throw away what works — we ask you to stop maintaining five separate tools and twenty separate logins.

14Is my data secure?

Yes. Per-tenant Row-Level Security on every table. Encryption at rest and in transit. POPIA-compliant Data Processing Agreement signed at onboarding. Compliance evidence stored under per-tenant Supabase Storage buckets with RLS policies.

15Why not just hire a compliance consultant?

Consultants are excellent for one-off audits, regulatory opinions, and complex remediation. Komply is built for the other 50 weeks of the year — continuous monitoring at a price and frequency human consultants cannot match. Most tenants run both: Komply for monitoring, a consultant for the heavy lifts.