Crypto assets (“crypto“) exist in a unique regulatory space. Unlike traditional currency, crypto is not issued by central banks. Crypto can however be used in similar ways to traditional currency: it can be traded, used for payments, investing, security or capital raising.

No single law governs crypto in South Africa. Instead, regulation is fragmented across various laws, demanding that organisations understand this legal landscape.

This article is the second in a series on crypto regulation. The first article, available here, delved into the regulation of crypto as a form of payment. In this article, we map the regulation of crypto through anti-money laundering and counter terrorism laws, and financial services laws.

Regulating the unregulated: Crypto and the Financial Advisory and Intermediary Services Act     

The Crypto Assets Regulatory Working Group of the Intergovernmental Fintech Working Group (“IFWG“) recommended in 2020 that South Africa employ a staged approach to bringing crypto assets within the regulatory umbrella. The IFWG is made up of representatives from National Treasury, the Financial Intelligence Centre, the Financial Sector Conduct Authority (“FSCA“), the National Credit Regulator, the South African Reserve Bank, the South African Revenue Service and the Competition Commission.

In line with this recommendation, as of October 2022, crypto has been declared by the FSCA as a financial product, bringing it under the purview of the Financial Advisory and Intermediary Services Act (“FAIS“). See our article on the amendments to FAIS – here.

The inclusion of crypto assets as financial products under FAIS was done as somewhat of an interim and urgent measure. This amendment was an interim measure to provide the FSCA with the powers to clamp down on consumers being abused by financial advisors and intermediaries offering financial services in respect of crypto assets. Once the Conduct of Financial Institutions Bill (“CoFI Bill“) is passed and has been brought into operation, FAIS will be repealed and the issue of crypto asset-related financial advice and intermediary services will be dealt with under the CoFI Bill. The decision was taken not to wait until the CoFI Bill was enacted as urgent action was required. The IFWG regarded crypto assets to be volatile and inherently risky given their decentralised and disintermediated value proposition (i.e. crypto assets offer a direct, peer-to-peer transactional capability that does not require a financial intermediary, such as a bank). Their decentralised nature leads to the challenge of decentralised responsibility in the event of something going wrong. That is, because there is no central intermediary, issuer or ledger keeper, consumers essentially have no recourse to any authority or entity to address or resolve user errors (e.g. using the wrong crypto asset address) or abuse. Further, the IFWG regarded the matter as urgent owing to significant abuse having been noted over the preceding 24 months.  Finally, urgent intervention was required as crypto asset-related activities were on the rise and inaction by the South African financial regulators could accelerate the creation of unregulated parallel systems.

As such, to the extent crypto asset service providers (“CASPs“) render financial services (as defined) in respect of crypto assets, these activities are regulated under FAIS by the FSCA.

What are a CASP’s obligations in terms of FAIS?

A CASP is required to obtain a licence as a financial service provider (“FSP“) before engaging in activities as a CASP. The FSCA has made it clear that any CASPs operating without this authorisation will be subject to regulatory action. Those CASPs who have already obtained licences from the FSCA will need to ensure that they only conduct the financial services for which they have been authorised. This extends to canvassing for, marketing and advertising any financial services business.

Although brought within the ambit of FAIS, licensed CASPs did not need to comply with certain obligations imposed on other FSPs until very recently. Specific exemptions for CASPs included (i) compliance with the regulatory examination requirements; and (ii) compliance with Chapter 3 of the Determination of Fit and Proper Requirements relating to regulatory examinations. Importantly, these exemptions expired on 30 June 2025, meaning that as of 1 July 2025, CASPs have to ensure that their activities fully comply with FAIS.

In addition, licensed CASPs will need to demonstrate compliance with the requirements imposed on all FSPs, generally, in terms of the General Code and the Determination of Fit and Proper Requirements. These include (i) the general duties of skill, and diligence imposed on all FSPS; (ii) adhering to the disclosure, advertising, conflicts of interest, and advice requirements contained in the General Code; and (iii) ensuring operational ability, financial soundness, and the good standing of the CASP and its key individuals and representatives.

There have been delays in the finalisation of the CoFI Bill. It is likely that the coming months will reveal new guidance and potentially targeted regulation of CASPs. In the 2025 FSCA 3-Year Regulation Plan, the FSCA states that the FSCA is in the process of considering certain potential Guidance Notices relating to, amongst others, CASPs.

Is the FSCA looking kindly on CASP applications?

The FSCA has been accepting CASP licence applications since 1 June 2023 and, as of December 2024, the FSCA had received a total of 420 CASP licence applications. It had approved 248 applications and had declined 9 applications.

Applications have been rejected (and in some cases applicants withdrew applications with a view to resubmitting) for the following key reasons: Failing to (i) provide a clear and comprehensive business plan and business model description; (ii) provide a business model description that outlines the activities of the CASP as well as its key business and operational frameworks supporting those business activities; and (iii) demonstrate that the CASP has the competency required to be a CASP, including having sufficient knowledge on crypto assets as well as sufficient practical experience with crypto assets.

The FSCA has invited rejected applicants (as well as other applicants who have voluntarily withdrawn their applications) to re-apply once they have evidenced their full and proper compliance with the CASP licensing requirements.

How CASPS were brought into the FICA fold?

On April 14, 2020 the IFWG introduced its Position Paper on crypto assets, which aligned closely with the Financial Action Task Force (“FATF“) Virtual Asset Guidelines. The paper introduced the term CASPs as a new class of regulated institutions that aligns with the FATF “VASP” definition and requires CASPs to comply with FATF’s counter money laundering (“ML“), terrorist financing (“TF“) measures.

This Position Paper resulted in amendments to the Financial Intelligence Centre Act (“FICA“) and brought CASPs under regulation through the Financial Intelligence Centre’s (“FIC“) recognition of CASPs as “accountable institutions”. FICA defines CASPs as persons that perform the following for or on behalf of a client: (i) exchanging crypto for a fiat currency or exchanging a fiat currency for crypto ; (ii) exchanging one form of crypto for another; (iii) conducting a transaction that transfers crypto from one address or account to another; (iv) safekeeping or administration of crypto or an instrument enabling control over crypto; or (v) participation in and provision of financial services related to an issuer’s offer or sale of crypto.

What are a CASP’s obligations in terms of FICA?

A CASP is required to register as an accountable institution with the FIC and comply with obligations under FICA to counter ML, TF and proliferation financing (“PF“). As an accountable institution, a CASP must implement a risk management and compliance programme that enables the CASP to (i) develop and implement a customer identification and verification protocol that, among other things, determines which clients are a high ML/TF/PF risk and ensures that the CASP is not doing business with a sanctioned client; (ii) apply enhanced client due diligence and transaction monitoring for those customers who are high risk; (iii) monitor unusual transactions; (iv) report suspicious transactions and transactions above a certain cash threshold to the FIC; (v) screen its employees for competence and integrity, and ensure that they are not sanctioned individuals.

In complying with these obligations, CASPs will need to ensure that they adopt a risk-based approach that addresses the ML, TF and PF risks posed by its use of crypto for or on behalf of clients. The FIC has stated that this will require CASPs to take into account whether the crypto provides anonymity, is easily transferable, or is known to be susceptible to abuse or misuse. Further, when assessing the risk posed by a certain transaction or client relationship, CASPs will also need to have special consideration to the type of transaction, the source of the crypto, client transaction patterns and correspondent CASP risk. For example, a client which hosts its crypto in a non-custodial digital wallet is considered to be transacting anonymously and is accordingly a higher risk of ML/TF/PF. Further, in addition to screening potential clients against the targeted financial sanctions lists, the FIC recommends that CASPs develop a watch list of high-risk crypto asset addresses and wallets against which to screen potential clients and correspondent CASPs.

Concluding remarks on FAIS and FICA in respect of crypto

South Africa has taken significant steps to regulate crypto assets by bringing CASPs under both AML (FICA) and financial services (FAIS) frameworks. While a CASP will need to comply with the general obligations in terms of these regulations, regulators have introduced crypto-specific measures to mitigate against the novel risks posed by crypto. New Guidance Notes relating to crypto assets and CASPs are anticipated from the FSCA in the coming months which will provide additional clarity on current regulations and further address these risks. When the CoFI Bill is enacted and comes into effect, this will usher in a new framework for crypto asset regulation as part of a greater financial services regulations overhaul.  

Written by by Hilah Laskov, Director; Armand Swart, Director; and Hlonelwa Lutuli, Associate; Werksmans