South Africa's crypto licensing regime has matured significantly, with 310 of 533 applications approved as at March 2026 and supervisory enforcement intensifying. This guide unpacks the current state of CASP licensing and the compliance imperatives.
From Declaration to Mature Regime
The Financial Sector Conduct Authority's October 2022 declaration of crypto assets as financial products under the Financial Advisory and Intermediary Services Act 37 of 2002 transformed the South African crypto sector overnight. Within fourteen months of the licensing process opening on 1 June 2023, the FSCA had received hundreds of CASP licence applications, and within three years, the licensing regime has produced a recognisable cohort of authorised providers operating under continuous supervisory oversight.
For aspirant CASPs and existing licensed providers, the 2026 compliance landscape is defined by three forces: completion of the initial licensing wave, intensifying supervisory inspections under the Financial Intelligence Centre Act 38 of 2001 (FICA), and active enforcement action against unlicensed crypto activity.
Where the Regime Stands: March 2026
As at 31 March 2026, the FSCA had received 533 CASP licence applications. Of these, 310 had been approved, 17 declined, and 124 voluntarily withdrawn following engagement with the regulator on the appropriateness of the applicant's business or operating model. The remaining applications were under consideration.
The pattern of declined and withdrawn applications is informative. The FSCA has identified two recurring shortcomings as the principal grounds for decline: failure to meet the operational ability requirements (clear and comprehensive business plans, defined operational frameworks for crypto activities) and failure to demonstrate the requisite knowledge and practical experience in crypto assets (the competency requirements under the FAIS fit and proper standard). Aspirants whose applications were declined or withdrawn may reapply provided they demonstrate full compliance, but they may not conduct CASP-related activities in the interim.
The Regulatory Examination Threshold
Licensed CASPs and their key individuals were initially exempted from the FAIS Regulatory Examinations through a Board Notice 194 exemption issued in May 2023, originally lasting eighteen months. The exemption expired on 11 November 2024 and was extended to 30 June 2025. The FSCA has confirmed that no further extensions will be granted. Failure to complete the applicable Regulatory Examinations exposes licensees to suspension or withdrawal of their FAIS licence under section 9 of the FAIS Act.
The Regulatory Examination requirement applies to key individuals (those exercising executive control over the FSP) and representatives (those rendering financial services on behalf of the FSP). Both categories must hold the relevant RE pass.
Travel Rule and FICA Compliance
The Financial Intelligence Centre's Directive 9 implemented the FATF Recommendation 16 Travel Rule for crypto asset transfers, with effective compliance from 30 April 2025. CASPs are required, when transferring crypto assets above the prescribed threshold, to obtain, hold, and where applicable transmit specified originator and beneficiary information.
The Travel Rule is operationally complex. Implementation requires compliant message standards (typically IVMS 101), counterparty due diligence on receiving institutions, sanctions screening on transfer parties, and recordkeeping aligned with FICA's broader transaction record requirements. Industry-standard solutions for Travel Rule message exchange have emerged, but CASPs must select and integrate a solution suited to their specific transaction patterns.
The Travel Rule operates alongside the broader FICA obligations applicable to CASPs as accountable institutions, including customer due diligence, suspicious transaction reporting, and the maintenance of a Risk Management and Compliance Programme.
Supervisory Inspection Programme
The FSCA conducted thirty CASP supervisory inspections during the financial year ending 31 March 2026, focusing on FICA compliance and the operational readiness of newly licensed CASPs to discharge their AML, CFT, and CFP obligations. The FSCA has signalled that thirty-five further inspections are planned for the 2026/2027 financial year.
Inspections typically cover governance arrangements, risk management programmes, business risk assessments, customer due diligence procedures, transaction monitoring, suspicious transaction reporting, and the operation of the Risk Management and Compliance Programme. Findings can trigger remediation requirements, supervisory action, and in serious cases administrative penalties under FICA.
Crypto Asset Supervisory Engagement Forum
The FSCA established the Crypto Asset Supervisory Engagement Forum (CASEF) in August 2025 as a structured mechanism for engagement between the regulator and the CASP industry. CASEF facilitates information sharing, education and outreach, and coordination across regulatory agencies on supervisory expectations. The third meeting of CASEF, held on 25 February 2026, focused on terrorist financing and proliferation financing risks within the crypto sector.
For CASPs, CASEF participation provides early visibility on emerging supervisory expectations and an opportunity to engage on practical implementation challenges before they crystallise into enforcement action.
Enforcement Against Unlicensed Activity
The FSCA has launched 81 investigations into entities suspected of providing crypto services without a licence. Twenty-five of these were closed without enforcement action where the entity had ceased trading or was dormant; fifty-six remained under active investigation. Conducting CASP-related activities without a licence exposes the operator to administrative fines of up to R10 million under the FAIS Act, alongside potential criminal exposure.
The Legal Status of Crypto in South Africa
The FSCA's licensing powers extend to the regulation of CASPs as financial services providers in respect of crypto assets defined under the FAIS Act. They do not extend to the recognition of crypto assets as currency. The South African Reserve Bank does not currently recognise crypto assets as legal tender. This distinction matters operationally: CASPs are regulated as financial intermediaries, not as currency issuers, and the broader monetary law framework remains unchanged by the FAIS-based licensing regime.
Practical Imperatives for CASPs and Aspirants
Operators and aspirants should focus on FAIS Regulatory Examination compliance for all key individuals and representatives, complete and tested FICA Risk Management and Compliance Programmes with documented annual review, Travel Rule infrastructure aligned with industry message standards and counterparty due diligence, supervisory inspection readiness with documentation supporting all material compliance positions, CASEF engagement for emerging policy visibility, and clear delineation between licensed activities and any complementary services that fall outside the FAIS regime.
How Mashiane Attorneys Can Assist
Our Digital Economy practice advises crypto asset service providers, aspirant CASPs, and crypto-adjacent businesses on FAIS licensing applications, FICA Risk Management and Compliance Programme design, Travel Rule implementation, supervisory inspection preparation, enforcement response, and licensing strategy. Contact our team for a CASP compliance review.