21 Analytics logo
Request a Demo
South Africa Flag 21 Analytics

South Africa

In hopes of becoming one of the African crypto leaders and a crypto hub, South Africa started formulating its crypto regulatory framework. Additionally, when the country was added to the Financial Action Task Force’s (FATF) grey list in 2023, it saw this as a push to speed up its framework development and focus on implementing the Travel Rule.  

The South African Financial Intelligence Centre has put forward Draft Directive 9 of 2024 imploring crypto asset service providers (CASPs) to implement the Travel Rule, the directive is said to align with the FATF’s Recommendation 16 and will become effective upon publication in the Government Gazette. 

Draft Directive 9 is to be implemented alongside a risk management and compliance program developed by CASPs, as mandated in Section 42 of the FIC Act*. Additionally, CASPs who fail to comply with the provisions set forth in the directive will be subject to administrative sanctions per Section 45C of the FIC Act**. 

In April 2024 the FIC called for feedback on Directive 9. The feedback phase closed on 31 May and the directive is currently in a consultation phase.  The regulatory framework discussed below is based on the draft version of the directive and will be amended when the directive is finalised. 

*Section 42 of the FIC Act requires all accountable institutions to have in place a risk management and compliance programme (RMCP). An RMCP documents the identified money laundering, terrorist and proliferation financing risks the institution faces, and how it will deal with these risks.

**Section 45E of the FIC Act establishes an appeal board to adjudicate on appeals emanating from sanctions issued by the FIC and supervisory bodies for non-compliance with the FIC Act.

What is the scope of the Travel Rule in South Africa?

The Directive is applicable to all institutions listed in items 12 and 22 of Schedule 1 to the FIC Act. This includes: 

Any person who carries on the business of a financial services provider requiring authorisation in terms of the Financial Advisory and Intermediary Services Act, 2002 (Act 37 of 2002), to provide advice [and] or intermediary services in respect of the investment of any financial product”. 

A person who carries on the business of one or more of the following activities or operations for or on behalf of a client:   

  • exchanging a crypto asset for a fiat currency or vice versa;  

  • exchanging one form of crypto asset for another;  

  • conducting a transaction that transfers a crypto asset from one crypto asset address or account to another; 

  • safekeeping or administration of a crypto asset or an instrument enabling control over a crypto asset; and 

  • participation in and provision of financial services related to an issuer’s offer or sale of a crypto asset.  

[Where “crypto asset” means a digital representation of perceived value that can be traded or transferred electronically within a community of users of the internet who consider it as a medium of exchange, unit of account or store of value and use it for payment or investment purposes, but does not include a digital representation of a fiat currency or a security as defined in the Financial Markets Act, 2012 (Act 19 of 2012).] 

Who is the supervisory body for CASPs in South Africa?

South African Financial Intelligence Centre (FIC)

What is the Travel Rule threshold in South Africa?

R 5000 (Roughly EUR 250) 

In all instances, the below information must be transmitted before or alongside each crypto transaction.  The information may be submitted to the intermediary or counterparty CASP in batches, but post-transaction transmission is not permitted. 

Local transactions: 

For local transactions (transactions within the borders of South Africa, barring Lesotho) the ordering CASP must transmit the below information to the beneficiary CASP: 

  • originator’s name,

  • originator's ID number (if a South African citizen or resident) or passport number (if a non-citizen or non-resident),

  • originator’s residential address or date and place of birth,

  • originator's wallet address,

  • all information pertaining to the originator’s wallet that is used as the source for the crypto asset transfer,

  • beneficiary’s name, 

  • all information pertaining to the beneficiary’s wallet that is used destination for the crypto asset transfer. 

This data must be obtained and verified in accordance with the FIC Act and the RMCP. The ordering CASP is required to develop, document, maintain and implement its RMCP in accordance with section 42 of the FIC Act.

International transactions: 

For a single transaction of under R 5000, the below data set is to be provided by the ordering CASP. However, the data does not need to be verified by the CASP, unless there is a suspicion of money laundering etc.

  • originator’s name,

  • all information pertaining to the originator’s wallet that is used as the source for the crypto asset transfer,

  • beneficiary’s name,

  • all information pertaining to the beneficiary’s wallet that is used destination for the crypto asset transfer. 

 

Irrespective of the transaction, the ordering CASP must: 

  • Identify the counterparty CASP, 

  • Conduct due diligence on the counterparty CASP to ascertain whether the CASP has appropriate means to safeguard the information and avoid transferring to a sanctioned institution. 

BEFORE the transaction is made. 

CASPs do not need to perform due diligence for every transaction with the same counterparty. A once-off check is adequate, unless there is a suspicion of money laundering, terrorist financing or proliferation financing. 

If the counterparty CASP cannot meet the above requirements, the ordering CASP is forbidden from executing the transfer. 

Obligations of intermediary crypto asset service providers

In the event that an intermediary CASP is used, the intermediary must ensure that all originator and beneficiary information required (as seen above) is collected and transmitted with the transaction. 

It is up to the intermediary to develop a risk-based policy and procedures as previously mentioned. These measures must be included in the RMCP. 

Moreover, these procedures must determine: 

  • When to execute, reject, or suspend a cross-border crypto asset transfer that lacks any of the required information specified above,

  • The appropriate follow-up action the intermediary crypto asset service provider will take in each instance where it executes, rejects, or suspends a cross-border crypto asset transfer as described above.

Obligations of recipient crypto asset service providers

The recipient CASP must adhere to the requirements for verifying the beneficiary's identity as stipulated by the FIC Act. Additionally, they must develop, document, maintain, and implement a RMCP.

For an inward cross-border transfer valued at less than R5 000 from an originator in a high-risk or monitored jurisdiction listed by the FATF, the beneficiary CASP must verify the accuracy of the beneficiary information. 

The recipient CASP must take reasonable measures, such as post-event or real-time monitoring when feasible, to identify cross-border crypto asset transfers that lack the required information as specified above.

Like intermediary CASPs, recipient CASPs must develop a risk-based policy and procedures. These measures must be included in its RMCP. 

These procedures must determine: 

  • When to execute, reject, or suspend a cross-border crypto asset transfer that lacks any of the required information specified above,

  • The appropriate follow-up action the intermediary crypto asset service provider will take in each instance where it executes, rejects, or suspends a cross-border crypto asset transfer as described above.

Self-hosted wallets are in scope

Unlike other regions that blatantly define thresholds, what data is to be collected by CASPs, when and how wallet owners are to provide proof of ownership over their wallets and so forth, the South African Travel Rule directive leaves a lot to the hands of CASPs. 

It stipulates that: 

  • Ordering and recipient CASPs are required to create, document, maintain, and enforce effective risk-based policies and procedures for handling crypto asset transfers that involve self-hosted wallets.

  • The policies and procedures must outline how and through what processes additional information on the self-hosted wallet is obtained when the CASP identifies a higher risk of money laundering, terrorist financing, or proliferation financing. The policies and procedures must be incorporated into the RMCP.

When do you need to comply with the Travel Rule in South Africa?

Draft Directive 9 will be live once it has been published in the Government Gazette

Which regulations are applicable to the South African Rule?

Directive 9 

FIC Act

Written by:
About Nicole
Nicole Giani
Content & Social Media Manager

With a Post-Graduation in English Linguistics, Nicole started her career as an educator before moving on to education management and compliance to meet the South African Department of Education's standards.  Thereafter, she moved to crypto writing - uniting her passion for education with crypto to educate the ecosystem on the Travel Rule.

Cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy.
Accept