Major shake-up to cryptocurrency rules in South Africa proposed
The Financial Intelligence Centre (FIC) has issued a draft directive requiring crypto platforms in South Africa to identify the parties of a cryptocurrency transaction.
This is part of an effort to get off the Financial Action Task Force (FATF) greylist by complying with its “Travel Rule” for virtual assets like cryptocurrency.
Signed by FIC acting director Pieter Smit, the proposed directive states that South African crypto asset service providers (CASPs) must transmit a significant amount of a sender’s personal data to recipient providers.
This includes the sender’s full name, ID or passport number, residential address, date and place of birth, and wallet address.
It also requires that CASPs verify the information they receive from other providers in line with the FIC Act (i.e. FICA).
For cross-border transfers, senders must provide full names, full details of the sending and receiving crypto wallets, and the beneficiary’s name.
These details need not be verified for accuracy for transactions less than R5,000 unless there is suspicion of money laundering or terrorist financing.
However, one of the more onerous requirements is in section 4.8 of the FIC’s proposed new rules.
Before transmitting this private data, CASPs must first identify the counterpart provider, conduct due diligence on the counterparty, and regularly update its due diligence when dealing with them.
According to the FIC, this is to:
- determine whether the counterpart can reasonably be expected to protect the confidentiality of information transmitted to it; and
- avoid dealing with an illicit actor or entity identified pursuant to a Resolution of the United Nations Security Council.
Additionally, intermediary CASPs must ensure that all originator and beneficiary information for cross-border and domestic crypto asset transfers is transmitted to the recipient CASP, or another intermediary in a transaction chain.
Intermediaries must take reasonable measures to identify cross-border crypto asset transfers that lack the required information.
Recipient CASPs must comply with FICA’s “know your customer” rules, with which most South Africans will be familiar.
Broadly, this requires that they obtain proof of identity and address when customers open an account with them.
They must also monitor incoming cross-border transfers, taking “reasonable measures”, including post-event monitoring or real-time monitoring where feasible to identify transactions lacking the required information.
For cross-border transactions less than R5,000 from high-risk or “other monitored jurisdictions” as listed by the FATF, a beneficiary CASP must verify the accuracy of the beneficiary information.
The proposal also deals with so-called “unhosted wallet transfers” — better known as self-custody in the crypto world.
It stipulates that CASPs must have a risk-based policy for obtaining further information on unhosted wallets if it determines there is a higher money laundering, terrorist financing or proliferation financing risk.
Interested parties have until 31 May 2024 to comment on the proposal.
The FATF greylisted South Africa on 24 February 2023 for falling short on its eleven measures of a country’s effectiveness in combating money laundering and the financing of terrorism.
Its Travel Rule requires financial institutions, including those who deal in virtual assets, to provide relevant originator and beneficiary information alongside transactions.
This helps to prevent criminal and terrorist misuse, the FATF states.
In 2022, only 29 jurisdictions had confirmed to the FATF that they had implemented regulations to enact the Travel Rule. Very few had started enforcing them.
By April 2023, this had increased to 35 jurisdictions, with 27 saying they were busy passing relevant legislation.
As of April 2024, a status page on the FATF website showed that most countries had passed or enacted legislation to implement the Travel Rule.
Only a handful were listed as not having any legislation in progress or already enacted. They were Australia, Iceland, Russia, South Africa, Ukraine, and Vietnam.
China, Egypt, and Saudi Arabia are listed as blocking virtual asset service providers entirely.