When crypto trading in South Africa, the laws and regulations aim to prevent money laundering, terrorist financing, and ensure general financial compliance. Here's a breakdown of the key laws, regulatory bodies, and compliance expectations — especially for businesses, exchanges, and compliance officers.
Crypto providers are now “accountable institutions” under FICA (as of 19 December 2022).
This means they must register with the FIC and comply with Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) obligations.
Key Compliance Requirements under FICA:
Know Your Customer (KYC): Must verify identity and monitor customer behavior.
Suspicious Transaction Reporting (STRs): Obliged to report any suspicious activities to the Financial Intelligence Centre (FIC).
Recordkeeping: Maintain transaction records for at least 5 years.
Risk-Based Approach: Assess risk of clients and apply controls accordingly.
Compliance Officer: Must appoint a dedicated officer to manage FICA compliance.
Training: Staff must be trained in AML/CTF measures.
The FSCA regulates financial services and conduct, including crypto asset service providers (CASPs).
In 2023, it introduced a licensing regime for crypto exchanges, brokers, and wallet providers under the Financial Advisory and Intermediary Services (FAIS) Act.
FSCA Requirements:
Must apply for a FAIS license (or a temporary exemption).
Must adhere to fit-and-proper requirements: including honesty, competence, operational ability, and solvency.
Must have robust risk and compliance systems in place.
While SARB does not yet classify crypto as legal tender, it plays a role in monitoring cross-border flows and foreign exchange compliance.
Crypto assets are treated as "financial products", and foreign transactions using crypto may still require Exchange Control approval.
Crypto is taxable in South Africa.
Traders and investors must declare:
Capital Gains Tax (CGT) for long-term holding
Income Tax for frequent traders
Failure to disclose can lead to audits, penalties, and prosecution.
Develop and enforce an AML/CTF program.
Conduct Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD).
Monitor for suspicious behavior and transactions.
Use blockchain analytics tools (e.g., Chainalysis, Elliptic) for tracing and risk assessment.
Submit reports to:
FIC (Suspicious Transactions, Terror Financing, Threshold Reports)
SARS (for tax reporting)
Ensure the firm is licensed by FSCA and registered with FIC.
Use automated KYC/AML tools (e.g., Sumsub, Jumio).
Regularly audit your compliance program.
Train staff in crypto-specific risks, including DeFi, mixers, and privacy coins.
Stay updated with global standards (FATF Travel Rule, GAFI recommendations).
FATF (Financial Action Task Force): SA follows its recommendations.
Travel Rule: Crypto firms must share sender/receiver data when transferring >$1000.
OECD & EU frameworks are also influencing crypto taxation and reporting expectations.
Area
Regulator / Law
Key Requirement
AML/CTF
FICA / FIC
KYC, STRs, risk-based controls
Conduct
FSCA / FAIS Act
Licensing, fit-and-proper, consumer protection
Currency Flows
SARB
Exchange Control compliance
Taxation
SARS
Declare CGT or Income; keep records
To register with the Financial Intelligence Centre (FIC) in South Africa as a Crypto Asset Service Provider (CASP)—now classified as an accountable institution under the Financial Intelligence Centre Act (FICA)—you must complete the process via the FIC’s online platform, goAML.citywire.com+4mybroadband.co.za+4cruxcompliance.co.za+4
1. Access the goAML Registration Portal
Visit the FIC’s official website: www.fic.gov.za
Navigate to the goAML registration system.mybroadband.co.za
2. Prepare Required Documentation
Ensure you have the following documents ready:
Certified identity document of the appointed compliance officer.
Authorization letter on your company’s letterhead, signed by a senior official, designating the compliance officer.
Company registration documents from the Companies and Intellectual Property Commission (CIPC).satorinews.com+1mybroadband.co.za+1
3. Complete the Online Registration
Fill in all required fields on the goAML portal, providing accurate company and contact information.
Upload the prepared documents as part of your application.cruxcompliance.co.za+1mybroadband.co.za+1
4. Submit the Application
Review all entered information and uploaded documents for accuracy.
Submit your application through the goAML system.fic.gov.za+3mybroadband.co.za+3cruxcompliance.co.za+3
5. Await Confirmation
The FIC will process your application and notify you upon successful registration.
After registering, CASPs must adhere to several ongoing compliance requirements under FICA:
Risk Management and Compliance Programme (RMCP):
Develop and implement an RMCP tailored to your business operations.
Submit the RMCP to the FIC by stipulated deadlines.citywire.com
Customer Due Diligence (CDD):
Conduct thorough KYC procedures for all clients.
Monitor transactions for suspicious activities.sumsub.com
Reporting Obligations:
Report any suspicious or unusual transactions to the FIC promptly.
File cash threshold reports for transactions exceeding R25,000.iflr.com+2mybroadband.co.za+2satorinews.com+2
Record-Keeping:
Maintain comprehensive records of all transactions and client information for at least five years.
Training and Awareness:
Ensure all relevant staff members are trained on FICA requirements and the company’s RMCP.
Compliance Officer:
Appoint a dedicated compliance officer responsible for overseeing adherence to FICA obligations.sumsub.com
Failure to register with the FIC or to comply with FICA obligations can result in administrative sanctions, including:
Financial penalties of up to R10 million for individuals and R50 million for entities.
Reputational damage and potential legal consequences.citywire.com
For detailed guidance, refer to the FIC’s official user guide: User Guide – How to register with the FIC as an accountable institution
If you need assistance with the registration process or developing your RMCP, consider consulting with a compliance professional experienced in FICA requirements.
Here is a comparative summary of Anti-Money Laundering (AML) obligations in South Africa versus Angola, focusing on key legal frameworks, regulators, and core compliance duties:
Financial Intelligence Centre Act (FICA), 2001
(Amended in 2022 to align with FATF recommendations)
Financial Intelligence Centre (FIC)
Oversees compliance, reporting, and enforcement of AML/CTF laws.
Accountable Institutions (e.g. banks, crypto providers, estate agents, attorneys, etc.)
Crypto service providers (CASPs) since Dec 2022
Obligation
Description
KYC & CDD
Know Your Customer (KYC) and Customer Due Diligence (CDD) based on risk
Recordkeeping
Keep identity & transaction records for 5 years
Reporting
Report Suspicious Transactions (STRs), Terror Financing (TFRs), and Cash Thresholds (CTRs > R25,000) to FIC
Risk-Based Approach
Assess client risk and tailor AML controls accordingly
Compliance Programme
Implement RMCP (Risk Management and Compliance Programme)
Training
Ongoing AML training for relevant staff
Compliance Officer
Mandatory appointment of a designated person
FIC can impose fines, inspections, and criminal charges
Penalties: Up to R10M for individuals, R50M for entities
Law No. 5/2020 (Prevention and Combat of Money Laundering, Terrorism Financing, and Proliferation of Weapons of Mass Destruction)
Compliant with FATF standards
Financial Intelligence Unit of Angola (FIU/ Unidade de Informação Financeira)
Banco Nacional de Angola (BNA) for financial institutions
Financial institutions, insurers, lawyers, real estate agents, casinos, crypto service providers, etc.
Obligation
Description
KYC & CDD
Required for all customers, especially politically exposed persons (PEPs)
Recordkeeping
Must keep transaction and identification data for 10 years
Reporting
STRs and large cash transactions must be reported to the FIU
Internal Controls
Institutions must develop AML policies and procedures
Training
Mandatory ongoing training for staff
Compliance Officer
Required to oversee internal AML controls
Sanctions include license revocation, criminal charges, and administrative fines
Non-compliance can lead to prison terms and severe penalties
Element
South Africa 🇿🇦
Angola 🇦🇴
Primary Law
FICA (2001, amended 2022)
Law No. 5/2020
Main Regulator
Financial Intelligence Centre (FIC)
Unidade de Informação Financeira (FIU) & BNA
Recordkeeping
5 years
10 years
Crypto Regulated?
Yes (since 2022)
Yes (through Law No. 5/2020)
Risk-Based Approach
Yes
Yes
Penalties
Up to R50M
Administrative fines + criminal charges
FATF Membership
Yes
Yes (but Angola was previously on FATF greylist; improved status)
Both South Africa and Angola have modern AML laws aligned with FATF standards, but South Africa’s system is more mature, especially in regulatory infrastructure and digitization (e.g. goAML platform). Angola has made recent improvements, but enforcement and institutional capacity still face challenges.
If you're operating across both jurisdictions (e.g., crypto or fintech), you'll need:
Localized compliance programs for each country
Separate KYC/CDD protocols
Separate STR reporting mechanisms (FIC vs. FIU Angola)
Would you like a sample AML policy template adapted to both South Africa and Angola?
Angola's Law No. 5/2020, enacted on 27 January 2020, establishes a comprehensive legal framework to prevent and combat money laundering, terrorist financing, and the proliferation of weapons of mass destruction. This legislation aligns Angola's financial regulations with international standards, particularly those set by the Financial Action Task Force (FATF).
1. Expanded Scope and Definitions
Inclusion of Proliferation Financing: The law explicitly addresses the financing of the proliferation of weapons of mass destruction, broadening its scope beyond previous legislation.
Ultimate Beneficial Owner (UBO): The definition encompasses individuals who directly or indirectly hold a controlling interest in a company, including through share capital, voting rights, or significant influence, with no minimum threshold specified.
Politically Exposed Persons (PEPs): Defined as individuals who hold or have held prominent public functions, both domestically and internationally, including in international organizations. mirandalawfirm.com
2. Customer Due Diligence (CDD) and Know Your Customer (KYC)
Mandatory Identification: Financial institutions must identify and verify the identity of clients and UBOs, including obtaining information on the source of funds and the client's reputation.
Enhanced Due Diligence: Required for high-risk clients, such as PEPs, private banking clients, and those from high-risk jurisdictions.
Prohibition of Anonymous Accounts: Opening or maintaining anonymous accounts or accounts under fictitious names is strictly prohibited. onelegal.pt
3. Transaction Monitoring and Reporting
Thresholds for Reporting:
Transactions equal to or exceeding USD 15,000 require detailed record-keeping.
Wire transfers of USD 1,000 or more necessitate identification and due diligence.
Suspicious Transaction Reports (STRs): Obligated entities must report any suspicious activities to the Financial Intelligence Unit (FIU) promptly. mirandalawfirm.com+3onelegal.pt+3verangola.net+3iclg.com+1mirandalawfirm.com+1
4. Risk Assessment and Management
Periodic Risk Assessments: Financial institutions are required to conduct risk assessments at least every 12 months, or every 24 months in certain cases, to identify and mitigate risks related to money laundering and terrorist financing.
Internal Controls: Institutions must establish internal policies, procedures, and controls to manage and mitigate identified risks effectively. onelegal.pt+1verangola.net+1
5. Regulatory Oversight and Compliance
Role of the National Bank of Angola (BNA): The BNA is responsible for supervising compliance with AML/CFT obligations, including conducting inspections and imposing sanctions for non-compliance.
Compliance Officers: Financial institutions must appoint dedicated compliance officers to oversee adherence to AML/CFT requirements.
Training and Awareness: Institutions are mandated to provide ongoing training to employees on AML/CFT policies and procedures. verangola.net+2cfi.co+2360angola.com+2mirandalawfirm.com
6. Sector-Specific Obligations
Non-Financial Businesses and Professions: Entities such as real estate agents, dealers in precious metals and stones, and non-profit organizations are subject to specific AML/CFT requirements tailored to their operations.
Virtual Assets: The law recognizes virtual assets and subjects cryptocurrency-related businesses to AML/CFT obligations, including registration and compliance with due diligence and reporting requirements. iclg.com
Sanctions: Non-compliance with the provisions of Law No. 5/2020 can result in administrative penalties, including fines, suspension of licenses, and criminal prosecution.
Asset Freezing and Seizure: Authorities are empowered to freeze and seize assets linked to money laundering, terrorist financing, or proliferation activities. cfi.co+1cifar.eu+1
Law No. 5/2020 represents a significant advancement in Angola's efforts to align its financial system with global AML/CFT standards. By expanding the scope of regulated entities, enhancing due diligence requirements, and strengthening regulatory oversight, the law aims to safeguard the integrity of Angola's financial system and combat illicit financial activities effectively.
If you require further details or assistance in understanding specific provisions of Law No. 5/2020, feel free to ask.
Here’s a clear overview of Sumsub, Jumio, and how KYC (Know Your Customer) processes work with these platforms:
KYC (Know Your Customer) is a regulatory process that businesses use to verify the identity of their clients to prevent fraud, money laundering, terrorist financing, and other financial crimes. It typically involves verifying government-issued IDs, facial recognition, and assessing customer risk.
A global identity verification and KYC/AML compliance platform.
Used by fintech, crypto, gaming, and other industries requiring robust identity checks.
Supports multi-jurisdiction compliance.
Document Verification: Users upload ID documents like passports, driver’s licenses, or national IDs.
Biometric Verification: Facial recognition compares a selfie or video with the ID photo to ensure the person is genuine.
Liveness Check: Detects if the user is real and not using a photo or video replay (anti-spoofing).
AML Screening: Checks user details against global sanctions lists, PEP lists, and adverse media.
Customizable Workflow: Businesses can tailor the verification steps depending on risk level or regulatory requirements.
API Integration: Easily integrates with apps, websites, and platforms for seamless user onboarding.
Real-time Results: Fast verification results (usually seconds to minutes).
High accuracy with AI-powered checks.
Multi-language and global document coverage.
Compliance with GDPR and other privacy laws.
Automated decision-making reduces manual workload.
A pioneer and leader in AI-based identity verification.
Used widely in banking, healthcare, crypto, and retail.
Offers solutions for KYC, AML, and age verification.
ID Verification: Users submit identity documents (passport, driver’s license, ID card).
Face Match: Compares a selfie or live video to the ID photo.
Liveness Detection: Ensures the user is a live person, not a spoof attack.
AML & Watchlist Screening: Checks against OFAC, UN sanctions, PEPs, and other watchlists.
Document Authenticity: Validates document structure, holograms, and security features.
Global Coverage: Supports over 200 countries and thousands of document types.
API and SDK: Integration options for mobile and web.
High compliance standards globally.
AI plus manual expert review for tricky cases.
Fast turnaround times.
Strong user experience with mobile-friendly flows.
User Onboarding:
The user starts the onboarding process on a platform integrated with Sumsub or Jumio.
Document Upload:
The user takes a photo or uploads a scan of a government-issued ID.
Selfie / Video:
The user takes a selfie or records a short video to verify liveness and match face to ID.
Automated Verification:
AI algorithms check:
Authenticity of the ID document.
Facial biometrics to confirm identity.
Liveness to prevent spoofing.
AML Screening:
The system screens the user against global sanctions, PEP, and watchlists.
Risk Assessment:
Depending on the results and the risk appetite, further checks or manual reviews may be triggered.
Decision:
The platform returns a decision (approve, reject, or manual review required) to the business.
Record Keeping:
The verified data is securely stored to comply with regulatory requirements.
Regulatory Compliance: Meets global AML/KYC regulations.
Fraud Prevention: Reduces onboarding of fraudulent or risky customers.
User Experience: Smooth and fast onboarding to reduce drop-offs.
Scalability: Automated verification suitable for high volumes.
Global Reach: Supports multiple document types and languages.