As South Africa tightens its crypto regulations, Crypto Asset Service Providers (CASPs) need to act quickly to avoid falling out of compliance. Starting April 30, 2025,
Directive 9 will enforce stricter rules on tracking and reporting crypto transactions. A major part of this is the ‘travel rule,’ which requires client details to accompany both local and international crypto transfers.
For transactions over R5000, this includes the sender’s full name, identity or passport number, birthdate and place, address (if available), and wallet address.
South Africa’s greylisting by the Financial Action Task Force (FATF) has sparked tougher regulations. Directive 9 aims to prevent crypto transactions from being used for money laundering, terrorism financing, or other illegal activities.
It holds CASPs accountable, including the ‘ordering CASP’ (the sender’s service provider), the ‘recipient CASP’ (the one receiving the assets), and any intermediaries involved.
Why CASPs Should Pay Attention
In 2022, South Africa’s Financial Sector Conduct Authority (FSCA) recognized crypto assets as financial products, and CASPs became regulated institutions. They now have to follow the Financial Intelligence Centre Act (FICA), which includes verifying customer identities before processing transactions.
Because crypto allows quick, cross-border transfers, it’s harder to track who’s behind transactions, leaving it open to misuse for criminal activity.
To avoid fines and reputational harm, CASPs should implement strong compliance measures, like real-time watchlist checks, video call verifications, and biometric scans (e.g., having customers blink or smile during ID checks). But even after verification, the work doesn’t stop.
CASPs must monitor transactions for unusual patterns linked to illegal activity. They need to keep thorough records and assess risk, considering external factors like geopolitical events that may push people to use crypto for illicit purposes. CASPs must also know when to reject or suspend cross-border transactions and how to follow up on them.
While some welcome the directive, concerns about privacy arise due to South Africa’s Protection of Personal Information Act (POPIA), which restricts transferring personal data outside the country. The travel rule could require sharing data with countries lacking strong privacy protections, and it may clash with POPIA’s rule to only collect necessary data for the transaction.
As the regulatory environment evolves, CASPs must stay on top of changing requirements to reduce risks. VOCA, powered by SearchWorks, is designed to help businesses comply with FICA, AML, CFT, FATF, and POPIA regulations. This automated platform simplifies compliance by offering real-time identity verification, risk assessments, and transaction monitoring to prevent fraud and ensure regulatory adherence.
One exciting new feature of VOCA is ongoing monitoring, which tracks customer profiles daily and sends alerts for any risk changes. It also automates reporting to ensure that any suspicious activities are documented as required by regulators.
With Directive 9 in effect, CASPs need to act now to avoid administrative sanctions and align with these new compliance requirements.
Watch this space for updates in the Techology category on Running Wolf’s Rant.
Like what you just read? Subscribe To Our Newsletter to stay in the loop.
Feel free to explore our website or check out our Featured Articles.
Looking for a gift for that special person in your life? Check out Netflorist.co.za, South Africa's top online florist and gift service. They offer flowers, gifts, and hampers for all occasions AND reliable nationwide delivery.
