Crypto assets offer significant economic opportunities but factors such as their availability, ease of use, anonymity, and decentralised nature make them vulnerable to abuse for money laundering, terrorist and proliferation financing.

In a sector where transactions are fast, irreversible, and borderless, CASPs must demonstrate they know their customers, understand their risks, and report suspicious transactions and behaviours to the Financial Intelligence Centre (FIC).

Strong anti-money laundering, combating the financing of terrorism and combating the financing of proliferation (AML, CFT and CFP) controls protect not only the financial system, but the reputation of individual CASPs and the sector, ensuring long‑term sustainability.

Listed in the Financial Intelligence Centre Act (FIC Act) as accountable institutions, crypto asset service providers (CASPs) must meet certain obligations. CASPs are designated under Item 22 of Schedule 1 to the FIC Act; in addition, where a firm provides advice or intermediary services in crypto assets under the FAIS Act, it is also an accountable institution under Item 12 of Schedule 1 and must comply accordingly. These obligations include registering with the FIC, developing and implementing a risk management and compliance programme, and reporting suspicious transactions and behaviours.

In addition, the FIC issued Directive 9 in December 2024 in relation to the ‘travel rule’ which imposes additional obligations on accountable institutions. The travel rule relates to the transfer and/or receipt of crypto assets by accountable institutions for or on behalf of their customers, the information that must be provided alongside these transactions, and the related records that must be kept. Directive 9 applies to domestic and cross‑border transfers and requires originator and beneficiary information to be transmitted prior to or concurrently with the transfer by CASPs listed in Items 12 and 22.

This information, held by the ordering and beneficiary CASPs, must be made available to appropriate authorities upon request. As a requirement, CASPs must collect and hold specific information of both the originator and the beneficiary involved in a crypto asset transaction. This customer data should be shared among the applicable CASPs and be made available on request to the appropriate regulatory and/or law enforcement authorities.

Illicit activities associated with the use of crypto assets

• Crypto assets are vulnerable to misuse in facilitating illicit activities such as ML, TF and PF, fraud, theft, and extortion. Some of the indicators related to source of funds or wealth linked to such criminal activities include, but are not limited to:
• Crypto asset transactions originating from or destined to online gambling services
• Lack of transparency or insufficient information on the origin and owners of the funds, such as those involving the use of shell companies
• The use of one or multiple credit or debit cards that are linked to crypto asset wallet to withdraw large amounts of fiat currency, or the funds for purchasing crypto assets are sourced from cash deposits into credit cards
• A customer's source of wealth is disproportionately drawn from crypto assets originating from crypto assets service providers that lack AML, CFT and CFP controls.

Customer trends and typologies

Entities and individuals may abuse crypto assets to evade sanctions. The borderless nature of crypto assets may be exploited to shift value outside of traditional financial system using peer-to-peer transactions, unhosted wallets (wallets that allow private users full control over their funds) or CASPs with limited controls. These allow sanctioned entities or individuals to obscure the origin and destination of funds.

Criminals may also use money mules to evade detection. Money mules are individuals who transfer or withdraw illicit funds on behalf of criminals or organisations. These individuals may open exchange accounts or facilitate peer-to-peer transfers, giving criminals access to platforms that are regulated while obscuring the ultimate or true beneficial owner. 

Unhosted wallets can be exploited by criminals to obscure the origin of illicit funds. CASPs with limited controls are often targeted by these criminals to facilitate the transfer of crypto assets into unhosted wallets. The irreversible nature of crypto assets and the speed with which funds can be moved across borders also makes it vulnerable to abuse.

Criminals may also carry out investment scams and Ponzi schemes, convincing victims to buy crypto assets and make transfers. After collecting these funds fraudulently, criminals may move the money through complicated networks of wallets and service providers before introducing it back into the financial system. It is therefore essential for CASPs to consider scenarios where client behaviour and characteristics may indicate potential money laundering activities and may warrant reporting.

Risk assessment

CASPs are required to understand the existing money laundering and terrorist financing risks in their sector, and to keep up to date with the indicators so they can monitor suspicious and unusual transactions and activities.

The FIC classified the overall inherent risks of money laundering for CASPs in South Africa as “high” following a risk assessment of the sector, which was published in April 2025. The sector risk assessment includes red-flag indicators which would assist CASPs when applying a risk-based approach to customer due diligence and in meeting their FIC Act obligations.

Accountable institutions must evaluate the risks associated with its clients, geographical location, products, services, delivery channels, and any other relevant factors. CASPs are jointly supervised for AML/CFT/CFP by the FIC and the FSCA in terms of the FIC Act.

Reporting obligations

As part of their FIC Act obligations, CASPs must identify and report to the FIC transactions or activities deemed to be suspicious and unusual. The FIC analyses this information to develop financial intelligence, which it shares with law enforcement, prosecutorial and other competent authorities for their investigations and applications for asset forfeiture.

The three main FIC Act regulatory reporting streams for all accountable institutions, including CASPs, are cash threshold reports, suspicious and unusual transaction reports, and terrorist property reports.

Suspicious and unusual transactions or activities must be reported to the FIC as soon as possible but no later than 15 business days after becoming aware of the circumstances that gave rise to the suspicion.

CASPs are also required to file a cash threshold report in instances where any of the providers receive or pay out cash above R49 999.99 within three business days of such an event occurring.

Below are typical details CASPs need to include in their reports to the FIC:

• Transaction details: Transaction identification, date and time, amount, crypto asset address, wallet identifiers, and any notes or memos
• Client information: Full name, contact details, identification documents or any other identifying information provided during the account registration process
• A summary of the client's account activity, including transaction history, account balances, trading patterns, and any additional relevant information.In addition, firms must comply with targeted financial sanctions obligations and report terrorist property in terms of section 28A of the FIC Act and section 26A of the FIC Act read with the POCDATARA Act.

For sector specific guidance on CASPs, refer to the public compliance communication 57 or visit the dedicated web page on the FIC website. The FIC’s compliance contact centre can be reached on +27 12 641 6000 or log an online compliance query on the FIC website. 

Access detailed guidance on risk indicators and FIC Act reporting obligations