South Africa’s Crypto Asset Service Provider (CASP) Regulation To Align with FATF Standards and Travel Rule

Table of Contents


In June 2020, South Africa’s Finance Minister Mr. Tito Mboweni published long-awaited proposed amendments to the country’s Financial Intelligence Centre Act (FICA or FIC Act). The proposal aims to update South Africa’s cryptocurrency regulatory framework and bring it in line with the Financial Action Task Force (FATF)’s Standards on virtual asset and virtual asset servicer provider (VASP) regulation.

The FATF Standards, updated in June 2019 to onboard the so-called FATF Travel Rule (which obliges VASPs to share transmittal data with counterparties) sets a global playbook for anti-money laundering (AML) and combats the financing of terrorism (CFT) to which each of its 200 jurisdictions must adhere.

The new changes to the FIC Act (established in 2001 to help AML/CFT in South Africa) adds sizeable AML compliance requirements to the plate of South African crypto companies operating both in and outside the country.

To ensure that VASPs, referred to as crypto asset service providers (CASPs) in South Africa (and Japan), are properly regulated, they will be required to register as an “accountable institution” with the Financial Intelligence Centre (FIC) and undertake specific duties to comply with FICA.

IFWG’s Position Paper on Crypto Assets (March 2020)

Mr. Mboweni’s proposed amendments (discussed here) comes after March 2020’s 58-page framework on crypto regulation was published to help regulate CASPs. It is still under review.

The Intergovernmental Fintech Working Group (IFWG)’s new Position Paper on Crypto Assets, created by its Crypto Assets Regulatory Working Group (CAR WG), offers over 30 recommendations to help establish a strict new regulatory framework for crypto assets that’s in line with global new anti-money laundering (AML) and combating-terrorism-funding (CFT) regulatory measures.

The paper divides crypto-dealing companies into 6 types of South African CASPs that will be required to register with financial authorities and comply with traditional financial regulations as “accountable institutions”.

The IFWG and CAR WG are policymaking collectives appointed by the country’s financial authorities, and include the South African Reserve Bank (SARB), Treasury and Financial Intelligence Centre (FIC).

The Intergovernmental Fintech Working Group’s members

South Africa’s Crypto Asset Regulations Align with FATF Recommendations 15 and 16

South Africa is a member of both the FATF and its FATF-style regional body the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG) and is therefore obligated to implement its 40+9 Recommendations.

In 2019 the FATF and ESAAMLG did an on-site visit of South Africa as part of the country’s 4th Mutual Evaluation Report (MER), the first since 2009, and would’ve discussed their findings at the FATF plenary in June 2020. Due to the COVID-19 pandemic, the MER review has now been tabled until October 2020.

In particular, the CAR WG regulatory paper builds on two of the FATF’s most vital virtual asset-facing guidances:

  • Recommendation 15 (New Technologies), amended in 2019 to include virtual assets and virtual asset service providers (VASPs), known as CASPs in South Africa.
  • Recommendation 16 (Wire transfers), amended in 2020 to include a “travel rule”, which forces countries to ensure their VASPs share beneficiary and originator transmittal information with counterparts

Various private Recommendation 16 solutions are currently in development, such as Sygna Bridge’s network alliance for exchanges (currently being integrated by exchanges in Japan, Korea, Taiwan and Canada).

What is South Africa’s FATF “Travel Rule” for Crypto Asset Service Providers?

In 2019 the FATF set a June 2020 deadline for its 200+ member countries to establish and implement frameworks that ensure their VASPs comply with the Recommendation 16 “travel rule”.

South African policymakers have now demonstrated their intent to ensure CASPs comply with the R.16 update by including passages in the IFWG paper that acknowledge this requirement and mirrors the G20 AML watchdog’s official guidance nearly verbatim. 

“CASPs will be required to implement Recommendation 16 (‘the travel rule’) of the FATF Recommendations.”

Both the originator (sender) CASP and beneficiary (recipient) CASP should collect and keep “required and accurate” originator and beneficiary crypto asset transmittal information, and share this with relevant authorities when needed.

Originator CASPs should also submit personally identifiable information (PII), to their beneficiary counterparties.

According to section of the CAR WG’s Position Paper on Crypto Assets:

The originating CASP should obtain, and hold, required and accurate originator information as well as required and accurate beneficiary information of the crypto asset transaction, submit this information to the beneficiary CASP or another obliged entity, and make this information available on request to the appropriate regulatory and/or law enforcement authorities. 

The beneficiary CASP should obtain, and hold, required and accurate originator information as well as required and accurate beneficiary information of the crypto asset transaction, and make this information available to the appropriate regulatory and/or law enforcement authorities if and when requested to do so. 

What Personally Identifiable Information (PII) should CASPs share?

The originator VASP must share the following sender information with the beneficiary VASP:

  • Originator’s name (customer)
  • Originator account number used to process the transaction
  • Unique identifiable information such as either a residential address, national identity number or date, and place of birth.

The beneficiary VASP must share the following recipient information with the originator VASP:

  • Beneficiary name (customer)
  • Beneficiary account number used to process the transaction
FATF recommendation 16 for CASPs
What R.16 travel rule information should CASPs share?

Recommendation 16’s travel rule poses many technical and privacy-related compliance challenges that CASPs will have to deal with.

However, its implementation should help the crypto industry better protect its customers against scams and hacks and gain interest from institutional and mainstream investors.

hacker using a laptop

FATF Recommendation 15: Which companies will be regulated as CASPs?

The position paper further advocates that the following types of companies who deliver crypto services should be regulated as CASPs in accordance with the FATF’s Recommendation 15 on New Technologies:

1. Crypto asset trading platform 
(or any other entity performing these services)
Companies who provide:
1) intermediary buyer/seller services of crypto assets;
2) the trading, conversion or exchange of fiat currency or other value into crypto assets,
3) the trading, conversion or exchange of crypto assets into fiat currency or other value
4) or conversion or exchange of crypto assets into other crypto assets; and
5) remittance services using crypto assets as a means of facilitating credit transfers(remitter or value transfer provider).
2. Crypto asset vending machine provider 
Providing intermediary services for the buying and selling of crypto assets (including any of the above-mentioned services).
3. Crypto asset token issuer
CASPs conducting token issuances, including:
– ICOs;
– the issuance of stablecoins;
– the issuance of global stablecoins;
– participating in and providing financial services related to an issuer’s offer or sale of crypto assets.
4. Crypto asset fund or derivative service provider
These are entities offering investment funds or derivative products with crypto assets as the underlying asset.
5. Crypto asset digital wallet provider (custodial wallet)
Entities that offer software programs that store private and public crypto keys used to interact with various digital protocols that allow the user to send and receive crypto assets, monitor balances and control the customers’ crypto assets.
6.Crypto asset safe custody service provider (custodial service)
These entities safeguard, store, hold or maintain custody of crypto assets belonging to another party.

What will the FIC Act require from South African CASPs?

CASPs will be treated as “accountable institutions”, similar to banks and traditional financial institutions, and will have to ensure they: 

  • Report cash transactions exceeding R25,000 ( or applicable limit)
  • Conduct know-your-customer (KYC) identification and verification
  • Follow customer due diligence (CDD) requirements
  • Keep accurate records of users and transactions
  • Monitor unusual user activity and file Suspicious Activity Reports (SARs)
  • Report any possible terrorism funding (TF) activities

Failure to do so can incur administrative penalties by the FIC.


To avoid increased monitoring by the FATF and the possibility of attracting more money launderers, terrorism financiers, and other financial criminals, it has been a high priority for South African authorities to take action and create a resilient regulatory AML/CFT framework to govern crypto assets and mitigate its risks.

Building on the Treasury and SARB’s 2014 initial public statement on virtual currencies and their 2019 consultation paper on crypto asset reforms, there is no question now that South Africa’s financial authorities have thrown their full weight behind the comprehensive domestic regulation of virtual assets. 

South African bank notes

While crypto assets are not considered legal tender in the RSA, the Reserve Bank has publically declared its plans for a future digital Rand and it can be assumed that a South African central bank digital currency (CBDC) is not too far off.

Up to now, the regulatory uncertainty in South Africa has created a tense standoff between CASPs and financial institutions. Despite a survey finding that 1 in 10 South African internet users own crypto assets (the highest in the world), banks have been lax to support crypto exchanges due to murky regulatory waters surrounding virtual assets like Bitcoin. 

In 2019, First National Bank, South Africa’s most progressive bank in many ways, unexpectedly announced it would withdraw its services to the country’s virtual asset service providers, which has forced reputable companies like SA’s most popular fiat-to-crypto exchange Luno and crypto-to-crypto exchange Ice3X to find new banking partners. 

The new regulations are challenging, but have the potential to ultimately prove to be beneficial to the Rainbow Nation’s exchanges, who already conduct strict AML/KYC programs.

By complying with FATF’s Recommendations 15 and 16 and South African authorities, CASPs and the crypto assets they’re dealing with should become more appealing to South Africa’s financial institutions and public investors than ever before post-2020.

South Africa's IFWG and CAR WG Publish FATF-Compliant Crypto Asset Regulatory Framework

Joint Working Group (JWG) Adopts IVMS101 InterVASP Messaging Standard for FATF Travel Rule