Crypto Regulations and Travel Rule in South Africa: Full Guide (2025)

Crypto is extremely popular in South Africa, with the country ranked among the top crypto markets worldwide. The cryptocurrency market in the country is projected to reach a revenue of US$373.5 million in 2025, indicating further significant growth.

Over 5.8 million South Africans hold crypto assets, and South Africa has the highest Bitcoin adoption rate in the world.

At the same time, fraud in South Africa has become a growing issue. According to Sumsub’s Identity Fraud Report 2024, South Africa ranks among the top three African countries with the highest fraud growth (+310% compared to 2023), following Niger and Angola. Identity fraud in the crypto space is also a significant concern. This issue is further exacerbated by the increasing penetration of AI into everyday life, which makes committing fraud easier, including in the crypto sector.

For this reason, regulators in South Africa are paying special attention to crypto AML and Travel Rule compliance.

Let’s discuss the regulatory details, what awaits crypto regulations in South Africa in 2025, and the key challenges ahead. We’ll also take a closer look at South Africa Travel Rule compliance.

Is cryptocurrency legal in South Africa?

Yes, the use of crypto assets is legal in South Africa, but they are not considered legal tender. For regulatory purposes, crypto assets are recognized as financial products.

Who regulates crypto in South Africa?

In South Africa, the regulation of crypto service providers is primarily overseen by the Financial Sector Conduct Authority (FSCA), the Financial Intelligence Centre (FIC), and also the Reserve Bank. 

Two terms are used in the crypto space in South Africa: FSPs and CASPs. Crypto asset service providers are formally classified as Financial Service Providers (FSPs) under the Financial Advisory and Intermediary Services Act (FAIS). The term Crypto Asset Service Providers (CASPs) is not formally defined in the FAIS Act itself; instead, it is used informally to describe crypto asset service providers in relation to their role within the financial sector. While CASP is the term used by the FIC under FICA, it is sometimes used in reference to the FAIS Act to describe crypto asset service providers.

Financial Sector Conduct Authority (FSCA):

• The FSCA classifies crypto assets as financial products under the Financial Advisory and Intermediary Services Act (FAIS) 2002, which requires providers of financial services related to crypto assets to be licensed as Financial Service Providers (FSPs).
• The FSCA is responsible for ensuring that Crypto Asset Service Providers (CASPs) comply with regulatory requirements, including licensing and consumer protection.

Financial Intelligence Centre (FIC):

• The FIC plays a role in anti-money laundering and combating the financing of terrorism (AML/CFT) through the Financial Intelligence Centre Act (FICA) 2001. CASPs are required to register as accountable institutions under FICA, which involves obligatory Customer Due Diligence, Travel Rule implementation, as well as reporting suspicious transactions and maintaining customer records.

South African Reserve Bank (SARB):

• While not directly regulating crypto assets, the SARB monitors the financial stability implications of cryptocurrencies and stablecoins.

Crypto licensing in South Africa

As of December 10, 2024, the FSCA received a total of 420 CASP license applications, of which 248 were approved and nine declined.

Here’s an overview of the process and requirements for obtaining a license:

• Company registration: The first step is to register a company with the Companies and Intellectual Property Commission (CIPC) of South Africa. This involves choosing a legal form, reserving a company name, and submitting relevant documents.
• FSP license application: Anyone who provides financial services related to crypto assets will need to be appropriately licensed as a Financial Services Provider (FSP). Companies must complete and submit statutory forms for an FSP license, which includes a sub-category for crypto asset products. Existing FSPs need to apply for crypto assets to be included under their existing license.
• Fit and proper requirements as part of the FSP license: Applicants must meet fit and proper requirements, including operational ability and competency, as outlined in Board Notice 194 of 2017.
• AML/CFT compliance: Registration with the Financial Intelligence Centre (FIC) is required, along with adherence to anti-money laundering and combating the financing of terrorism (AML/CFT) regulations. This includes performing KYC as part of Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD), conducting risk assessments, monitoring transactions, and complying with the Travel Rule.

Licensing process

• Application submission: Submitting the necessary documentation to the FSCA, demonstrating compliance with regulatory standards.
• Approval and supervision: Upon approval, CASPs must adhere to ongoing supervisory measures.

Costs and timeline

• Costs: The process involves various fees, including an application fee and potential ongoing costs for compliance monitoring.
• Timeline: The licensing process can take up to six months, potentially longer if there is a backlog.

Detailed licensing requirements may be found on the FSCA website: Licensing and Registration.

Exceptions can be found on this website.

What are the AML crypto requirements in South Africa?

In South Africa, Anti-Money Laundering (AML) requirements apply to CASPs. On December 19, 2022, Crypto Asset Service Providers (CASPs) were officially classified as accountable institutions under the Financial Intelligence Centre Act (FICA). This change was introduced through amendments to Schedule 1 of FICA, published in Government Gazette 47596 on November 29, 2022.

As accountable institutions, CASPs must therefore undertake the following in accordance with FICA and the Money Laundering and Terrorist Financing Control Regulations, including any amendments:

• Register with the Financial Intelligence Centre (FIC)
• Implement customer identification and verification procedures
• Conduct Customer Due Diligence
• Appoint a compliance officer
• Train employees on FICA compliance and risk management
• Perform business risk assessments for money laundering, terrorist financing, and proliferation financing
• Establish and maintain a risk management and compliance program
• Submit regulatory reports on suspicious or unusual transactions
• Perform sanctions screening

Suggested read: FICA in South Africa—How to Stay Compliant

South Africa Travel Rule 2025: What businesses must know

In South Africa, the implementation of the Travel Rule is expected on April 30, 2025, when the Directive 9 concerning the implementation of the “Travel Rule” relating to crypto asset transfers in accordance with the Financial Action Task Force Recommendations comes into force.

Thresholds

There’s no de minimis threshold in South Africa for the Travel Rule application. Cryptocurrency businesses incorporated in the country are required to collect and transmit information regarding the identities of both the originator and beneficiary to its counterparty CASP for all crypto asset transfers, regardless of the transaction size. 

The threshold for data scope is set at R5,000.

In South Africa, data scoping for crypto asset transactions follows a threshold-based approach. If the transaction amount is below R5,000, the CASP may submit a reduced set of data regarding the originator. This includes the full name of an individual or company name, the distributed ledger address associated with the transfer if it is registered on a distributed ledger or similar technology, the crypto asset account number with the ordering CASP if such an account is used, or a unique transaction reference number if no account number is available. Additionally, Originating CASPs are not required to verify the accuracy of this data unless there is a suspicion of money laundering.

If the transaction exceeds R5,000, the CASP must provide the full set of required data as specified below.

Data to be shared

CASPs should carry out due diligence on its Counterparty (CASP) before transmitting data to determine whether the counterparty can be expected to protect the confidentiality of information transmitted to it and to avoid dealing with an illicit actor or an entity under sanctions. The data to be shared includes:

Natural persons

Originator:

• Full name
• Identity number, if the originator is a South African citizen or resident; or passport number or foreign national identity number, and date of birth, if the originator is not a South African citizen or resident
• Residential address, if such an address is readily available; or country of birth, if the residential address is not readily available
• Distributed ledger address associated with the transfer, if the transfer is registered on a network using distributed ledger or similar technology
• Crypto asset account number with the ordering CASP, if such an account is used to process the transaction, or a unique transaction reference number, if such an account number is not available.

Beneficiary:

• Full name
• Distributed ledger address associated with the transfer, in cases if the transfer is registered on a network using distributed ledger or similar technology
• Crypto asset account number with the recipient CASP, if such an account is used to process the transaction and this information is readily available to the ordering crypto asset service provider.

Legal entities

Originator:

• Registered name
• Registration number under which it is incorporated
• Registered address
• Distributed ledger address associated with the transfer, if the transfer is registered on a network using distributed ledger or similar technology
• Crypto asset account number with the ordering CASP, if such an account is used to process the transaction, or a unique transaction reference number, if such an account number is not available.

Beneficiary:

• Registered name
• Distributed ledger address associated with the transfer, in cases, if the transfer is registered on a network using distributed ledger or similar technology
• Crypto asset account number with the recipient CASP, if such an account is used to process the transaction, and this information is readily available to the ordering crypto asset service provider.

Penalties for non-compliance

Failure to register as an accountable institution with the FIC or non-compliance with AML/CFT requirements, including the Travel Rule, can lead to administrative sanctions, including fines.

Additionally, a person convicted of particular offenses may be liable to imprisonment for a period not exceeding 15 years or to a fine not exceeding R100 million (USD5.5m). A fine of R10 million applies only to specific types of offences, such as failure to report.

For more details, please see Articles 45(C) and 68 of FICA.

Crypto tax rules in South Africa

Transactions and speculation in crypto assets are subject to the general principles of South African tax law and are taxed accordingly. More details can be found here: Taxation in South Africa.

Challenges in cryptocurrency regulation in South Africa

There are several key issues that crypto service providers in South Africa currently face:

1. Operational efficiency and innovation:

The need for advanced technology to support efficient operations and compliance with evolving regulations poses a challenge for many crypto providers.

2. Regulatory updates and compliance:

• Travel Rule implementation: The implementation of the crypto Travel Rule in South Africa, starting from April 30, 2025, adds another layer of compliance complexity for CASPs.
• AML/CFT compliance: Ensuring adherence to anti-money laundering and combating the financing of terrorism (AML/CFT) regulations is a significant challenge, especially with the expansion of FICA to include CASPs.

The future of crypto regulations in South Africa

South Africa’s regulatory approach is expected to evolve, focusing on enhancing compliance frameworks, integrating international standards, and fostering a secure environment for crypto innovation. 

The country is adopting a phased approach to regulating crypto assets, integrating them into existing financial frameworks rather than creating new legislation. This approach aims to provide clarity and stability for investors, businesses, and end users.

The Financial Sector Conduct Authority (FSCA) has a three-year regulation plan through to 2027, which includes an overhaul of the entire regulatory regime under the Conduct of Financial Institutions (COFI) Bill. These initiatives may address gaps in current regulations, such as the lack of specific rules for token issuers.

Moreover, stablecoins require regulators’ attention. In South Africa, stablecoins operate in a “grey area,” where they are neither explicitly regulated nor prohibited. There is an expectation that they will become a major focus area for regulators, as it’s important to ensure that stablecoin users are 100% compliant in the country.

In general, South Africa’s proactive stance on crypto regulation may set a precedent for other African nations to foster regional cooperation and improve and clarify regulatory standards.