Crypto assets broaden opportunities in the transaction environment but also pose significant money laundering and terrorist financing risks due to their ease of availability, use, anonymity, and decentralised nature.
The Financial Intelligence Centre (FIC) classified the overall inherent risks of money laundering for crypto asset service providers (CASPs) in South Africa as “high” following a risk assessment of the sector, which was published in April 2025.
To mitigate these risks, CASPs have been brought into the South African regulatory fold as accountable institutions and are listed as item 22 of Schedule 1 to the Financial Intelligence Centre Act (FIC Act). A person who performs the business activities of a CASP, regardless of the technology platform used or the specific type of crypto asset being used for transactions, is an accountable institution and must register with the FIC.
In addition, crypto assets were declared a financial product in October 2022, making it compulsory for CASPs to be licensed by the Financial Sector Conduct Authority (FSCA), and registered with the FIC. CASPs are also supervised by FSCA and the FIC.
CASPs that provide advisory or intermediary services in respect of crypto assets must also register as accountable institutions under Item 12 of Schedule 1 to the FIC Act, in addition to Item 22.]
South Africa took another significant step in closing the gap against criminal exploitation in November 2024 when the FIC issued Directive 9, which came into effect on 30 April 2025. The Directive related to the ‘travel rule’ for accountable institutions that engage in crypto asset transfers. The travel rule aligned with the global regime, as set out by the anti-money laundering and combating the financing of terrorism (AML and CFT) standards setting body, the Financial Action Task Force (FATF).
The travel rule relates to the transfer and/or receipt of crypto assets by accountable institutions for or on behalf of their customers, the information that must be provided alongside these transactions, and the related records that must be kept.
CASPs must include the complete originator and beneficiary details when effecting transfers. The Directive sets out the obligations of the ordering, the intermediary and recipient CASPs. It further details the specific information that needs to be obtained for all the relevant parties to transaction.
For example, it is a requirement for an ordering CASP to provide the recipient CASP with the full names, identity number, distributed ledger address and crypto asset account number of the originator in the case of a South African natural person.
The Directive also sets out the applicable requirements in different scenarios such as when the originator is a foreign natural person or a legal person.
As accountable institutions, CASPs must meet certain FIC Act compliance obligations which include filing regulatory reports that assist in combating money laundering and terrorist financing.
Some of the FIC Act regulatory reporting streams for all accountable institutions, including CASPs, are cash threshold reports, suspicious and unusual transaction reports, and terrorist property reports.
CASPs are required to understand the existing money laundering and terrorist financing risks in their sector, and to keep up to date with the indicators so they can monitor suspicious and unusual transactions and activities.
Suspicious and unusual transactions or activities must be reported to the FIC as soon as possible but no later than 15 business days after becoming aware of the circumstances that gave rise to the suspicion.
CASPs are also required to file a cash threshold report in instances where any of the providers receive or pay out cash above R49 999.99 within three business days of such an event occurring.
For sector specific guidance on CASPs, refer to the public compliance communication 57 or visit the dedicated web page on the FIC website. The FIC’s compliance contact centre can be reached on +27 12 641 6000 or log an online compliance query on the FIC website.
