Crypto asset service providers and their role in combating money laundering and terrorist financing
Crypto asset transactions can present both advantages and vulnerabilities to the South African economy. The attributes that make them attractive for legitimate use, are at times exploited to mask illicit activities.
Traded, transferred and stored electronically, crypto assets offer a degree of anonymity and enable quick cross-border transactions. These features heighten the risk of crypto assets being abused for money laundering, terrorist financing and proliferation financing (ML, TF and PF).
Adding another layer of risk, crypto assets are not governed by a central authority like a bank or government, making it difficult to monitor transactions and regulate the sector.
To mitigate these risks, crypto asset service providers (CASPs) have been brought into the South African regulatory fold as accountable institutions in terms of the Financial Intelligence Centre Act (FIC Act).
A person who performs the business activities of a CASP, regardless of the technology platform used or the specific type of crypto asset being used for the transaction is, according to the Act, an accountable institution and must register with the Financial Intelligence Centre (FIC).
How is a crypto asset service provider at risk for money laundering?
A recent draft sector risk assessment by the Financial Intelligence Centre (FIC) found that CASPs can knowingly or unwittingly facilitate criminal activities such as money laundering and the financing of terrorist activities.
The FIC classified the inherent risks of ML and TF in the CASPs sector in South Africa as being high due to its various vulnerabilities.
Crypto assets can, for example, provide added anonymity for cyber criminals while most crypto exchanges and CASPs currently operate under significantly less regulatory scrutiny.
In addition, crypto assets are easily traded across international geographies. For the FIC’s guidance on CASPs, refer to public compliance communication (PCC) 57.
As accountable institutions, CASPs must meet certain compliance obligations. These include developing a risk management and compliance programme (RMCP), applying a risk-based approach, conducting customer due diligence, screening customers for targeted financial sanctions, keeping records, and monitoring transactions.
The FIC Act also requires accountable institutions to register with the FIC before they can begin to submit regulatory reports.
Registration with the FIC
Registration with the FIC is free and is completed electronically on the registration and reporting platform called goAML, which is accessible via www.fic.gov.za.
All registrations must be accompanied by supporting documentation including the certified identity documents and an authorisation letter on the CASP’s letterhead. Refer to the goAML registration guide for accountable institutions as well as PCC 5D for guidance on how to register.
Reporting to the FIC
The FIC Act requires any person who carries on a business or is employed by a business or who knows or suspects that the business has received unlawful proceeds, or the business has been used for money laundering purposes must submit a section 29 report.
A suspicious and unusual transaction report (STR) is filed where a transaction is completed while a suspicious activity report (SAR) relates to a transaction that is incomplete or abandoned.
These reports should be submitted to the FIC as soon as possible but no later than 15 days from when a person becomes aware of facts which give rise to the suspicion. For guidance in terms of suspicious and unusual reporting, please refer to Guidance Note 4B.
Targeted financial sanctions
The FIC publishes and maintains a targeted financial sanctions (TFS) list of all persons and entities designated for the purposes of sanctions regimes implemented in terms of the FIC Act. TFS impose restrictions on activities that relate to particular countries, goods and services, or persons and entities.
No person may transact with or process transactions for a sanctioned person or entity.
Consequently, if an accountable institution knows that it possesses or controls property of a sanctioned person or entity, the institution should submit a terrorist property report (TPR) to the FIC. The accountable institution is required to freeze the client’s accounts and services provided.
As accountable institutions, CASPs are obligated to screen existing and potential clients against the TFS list at onboarding, on an ongoing basis and when the TFS list is updated. For further guidance, please refer to the FIC’s PCC44A and the targeted financial sanctions manual.
Beneficial ownership
As accountable institutions, CASPs must establish and verify the identity of a client or any other person who is acting on behalf of the client in the process of establishing a business relationship or entering a single transaction.
It is important for accountable institutions to identify the natural person who owns or controls clients that are legal persons, trusts and partnerships. In doing so, the accountable institution gains an understanding of the natural person(s) that ultimately owns or exercises effective control over the client, who is the beneficial owner.
Determining the ML, TF and PF risks the client presents to the CASP is dependent on the review of the beneficial ownership of the client as well. For further guidance in relation to beneficial ownership refer to PCC 59.
Directive 9
The FIC issued Directive 9 – which comes into effect on 30 April 2025 – on the implementation of the ‘travel rule’ relating to the records CASPs must collect and share with a recipient institution when transferring crypto assets.
CASPs must include certain information regarding the originators and beneficiaries when processing crypto asset transactions and keep this information for record-keeping purposes. Refer to Directive 9 for more information.
For compliance information and guidance offered to accountable institutions, refer to the FIC website (www.fic.gov.za). The FIC’s compliance contact centre can be reached on +27 12 641 6000 or log an online compliance query by clicking on: https://www.fic.gov.za/compliance-queries/
Loading ...
