Vertical 03 · Coming Q3 2026 · Early access cohort

The enforcement got real.
Your workflow hasn't.

The Information Regulator is moving to proactive audits. POPIA fines are escalating. Breach notifications are up 40% year-on-year. And SA compliance practices are still running gap reviews on Excel templates from 2019. We've built one system for POPIA, FICA, and B-BBEE that's shaped around how regulators actually inspect.

Join the early-access cohort See what's covered

The Information Regulator's 2025/26 Annual Performance Plan

Proactive audits. Active enforcement. Public fines as high as R 5 million. The era of "we'll get to it" compliance is over.

+0%

YoY rise in POPIA breach notifications

R 0m

Largest public POPIA fine to date

Frameworks covered · POPIA, FICA, B-BBEE

From R 0

Per month · ZAR · early-access pricing

What's covered

Three frameworks. One workflow.

Each framework has its own template set, its own deliverables, its own audit trail — but they all run through the same client-engagement engine. One client, multiple frameworks, no duplication.

POPIA

Gap analysis & ongoing monitoring

Assessment template per condition (8 lawful processing conditions). Findings, evidence, remediation plan. Re-assessment cycle.

Anchored in POPIA Conditions 1-8

FICA

Risk-based AML & KYC workflow

Customer risk-rating, screening, ongoing monitoring. RMCP review and update. STR + CTR reporting trail.

Aligned with FIC Act & FATF post-greylisting amendments

B-BBEE

Verification engagement workflow

Element-by-element scorecard, documentary evidence, verification report. Annual cycle planning.

Per SANAS R47-03 & B-BBEE Codes

Cross-framework

Single client. Multiple engagements.

One client record. Multiple framework engagements running in parallel. No re-keying, no duplicate emails, one audit trail.

Designed for compliance practices running 50+ clients across 3 frameworks

What you replace

Six tools that don't talk to each other.

Client register

One row per client. Frameworks they're enrolled in. Risk rating across each. Renewal dates. Ownership.

Engagement workflow

Letter of engagement → scope → fieldwork → findings → report. Each stage timestamped, owned, auditable.

Risk register

Per-client risk rating. POPIA risk + FICA risk + B-BBEE element scoring. Aggregated in one view.

Client portal

Read-only access for the client to upload requested documents. Status visible. Audit trail every time something is opened.

Findings & remediation tracker

Each finding tied to a control. Severity, owner, target date, evidence of closure. Re-test cycle automatic.

Renewal & review schedule

Annual B-BBEE verification, quarterly POPIA review, biennial FICA RMCP update. Each on its own clock.

Why now

"When the regulator asks 'show me what you found in February and how you closed it', the right answer is not 'one second, let me find the spreadsheet'."

From the Information Regulator's 2025/26 Performance Plan briefing

Werksmans summary, May 2026

Early-access cohort

Early access. Lifetime pricing.

First 10 compliance practices to join the early-access cohort lock in launch pricing for the lifetime of their subscription. We work with you on what to build first. You get the SA-built tool nobody else has.

Starter · up to 5 practitioners

R 2 500/month

+ R 9 500 setup, once · co-built with the cohort

POPIA, FICA, B-BBEE templates
Client register + risk rating
Engagement workflow + findings tracker
Renewal calendar
Client portal (read-only document upload)

Start here

Cohort offer Growth · 6–20 practitioners

R 4 500/month

+ R 14 500 setup, once · 7-day onboarding

Everything in Starter
Multi-framework concurrent engagements
Aggregated cross-client risk dashboard
Branded report PDFs (firm letterhead)
Priority support + co-design influence

Apply for the cohort

Early-access pricing locks for the lifetime of your subscription. ZAR. VAT excluded. 30-day pilot before any invoice.

The enforcement got real. Your workflow hasn't.