Sameer Kumandan | Managing Director | SearchWorks | mail me |
With South Africa tightening its grip on crypto regulations, Crypto Asset Service Providers (CASPs) must act now to avoid compliance failures.
As of April 30, 2025, new crypto compliance rules in form of Directive 9 will introduce stricter requirements for tracking and reporting crypto asset transactions.
A key component of this is the ‘travel rule’, which mandates that client details accompany both domestic and cross-border crypto transfers. These details include the originator’s full name, identity or passport number, date and place of birth and residential address (if “readily available”). They also include the wallet address for transactions over R5,000.
New crypto compliance rules as a result of greylisting
South Africa’s greylisting by the Financial Action Task Force (FATF) has triggered a wave of stricter compliance regulations.
In direct response, Directive 9 places the responsibility on CASPs to ensure that crypto transactions do not link to money laundering, terrorism financing or other illicit financial activities. This obligation includes the ‘ordering CASP’ – the provider where the sender of the crypto assets has their account.
It also includes the ‘recipient CASP’ – the provider that receives the crypto assets from the ordering CASP on behalf of the customer. And it includes any intermediary CASP, which transmits and receives crypto assets on behalf of the ordering or recipient CASP, or another intermediary.
Why CASPs must take note
South Africa’s Financial Sector Conduct Authority (FSCA) officially declared crypto assets as financial products in October 2022.
By December 2022, the country included CASPs in regulatory frameworks as accountable institutions. Therefore, these service providers must comply with the Financial Intelligence Centre Act (FICA) regulations to remain on the right side of the law.
CASPs now carry the responsibility to perform customer due diligence and verify a customer’s identity before processing transactions. This duty is particularly critical because crypto assets enable quick and seamless transfers of funds across borders. That speed makes it harder to determine who is behind the transactions. Consequently, criminals can easily exploit crypto for illicit activities.
If CASPs want to avoid financial penalties and reputational damage, they must establish robust governance and compliance measures. These should include real-time checks against global watchlists, live customer verification video calls, and advanced biometric verification.
For instance, they can challenge the user to blink, smile, or perform specific movements during scanning. However, verification alone is not enough.
New crypto compliance rules and CASPs compliance
CASPs must also monitor transactions regularly. They need to detect unusual patterns and behaviours that could indicate illicit activity. These regulatory requirements compel CASPs to keep more detailed and extensive records of client transactions. Additionally, they must implement comprehensive risk assessment frameworks to evaluate client risk during onboarding and beyond.
For example, geopolitical developments could drive individuals or groups to use crypto for illegal activities. This shift occurs because crypto is harder to trace than traditional banking transactions. Thus, CASPs must understand when to reject or suspend cross-border crypto transfers. They also need to determine what follow-up actions to take when that happens.
While many have welcomed this directive, others have raised concerns. They argue that the travel rule presents significant privacy governance challenges.
POPIA restricts the transfer of personal information outside South Africa. However, due to the global nature of crypto transactions, the travel rule may require transmitting personal data to countries without stringent privacy safeguards. Moreover, POPIA stipulates that businesses should only collect and process the data necessary for completing a transaction.
This requirement could conflict with the travel rule’s broader demands.
In conclusion
As more regulations emerge to ensure the crypto world operates within well-governed frameworks, CASPs and financial institutions need support. They must stay ahead of evolving compliance obligations and reduce operational risk.
The implementation of Directive 9 marks a critical shift in South Africa’s regulatory framework for CASPs. With non-compliance now carrying the risk of administrative sanctions under the FIC Act, CASPs must take immediate steps to meet these obligations.
