Date: 2026-05-24 Type: Research Status: Tier-D deep analysis of SA fintech regulatory environment from 2024 through early 2026, covering 13 regulatory domains with 21 cited sources Sources: south-african-fintech-regulation-post-2024-2026-05-24.sources.json
South Africa's fintech regulatory environment has undergone a seismic shift since 2024. The country exited the FATF grey list in October 2025, licensed 248 crypto-asset service providers by December 2024, and the FSCA published its most ambitious regulatory strategy to date (2025–2028). The centrepiece — the Conduct of Financial Institutions (COFI) Bill — remains in legislative limbo but is reshaping compliance expectations regardless. The SARB has created a new "technology-enabled financial innovation" risk category, the FSCA published its first AI in Financial Sector report, and a draft Open Finance position paper is under consultation. Six rand-backed stablecoin arrangements are operating in South Africa as of 2025, prompting a new inter-agency regulatory response.
This report covers 13 regulatory domains: (1) the overarching FSCA strategy, (2) the COFI Bill, (3) the IFWG and regulatory sandbox, (4) crypto-asset regulation, (5) stablecoin regulation, (6) payments and digital payments roadmap, (7) open finance, (8) AML/CFT post-FATF grey list exit, (9) AI in financial services, (10) credit and lending regulation, (11) insurtech, (12) cross-border payments and forex, and (13) data protection (POPIA).
The FSCA's Regulatory Strategy for 2025–2028, published July 2025, is the defining regulatory document of the post-2024 era. It replaces the 2021–2025 cycle and establishes three overarching strategic focus areas:
Strengthening Market Conduct Supervision — Moving from reactive enforcement to proactive, intrusive supervision. This includes ongoing risk-based assessments, thematic reviews, enhanced off-site surveillance and on-site inspections, and real-time monitoring of high-risk practices.
Enhancing Financial Market Integrity and Efficiency — Strengthening transparency in trading platforms, enhancing regulatory reporting frameworks with RegTech tools, and sharper supervision of market infrastructures (clearing houses, settlement systems, CCPs).
Responding to Cross-Cutting Trends — The fintech-relevant pillar, covering:
The FSCA has acquired a new suptech platform — the Integrated Regulatory Solution (IRS) — to modernise licensing, enforcement, and supervision. This shifts the regulator from spreadsheets and PDFs to dashboards and APIs, enabling real-time data-driven supervision.
The FSCA reports achieving over 80% of its strategic targets from the 2021–2025 cycle, including thematic reviews of bank account termination practices, insurance broker fee structures, and enhanced enforcement actions.
Implication for fintechs: The FSCA is no longer catching up — it is trying to outpace the industry. The strategy signals new licensing regimes, more data demands, crypto and open finance frameworks moving from draft to hard rules, ESG pressure, and greater inter-agency coordination.
Sources: LaunchBase Africa (May 2025); Masthead (Jun 2025); Novia One (Oct 2025)
The Conduct of Financial Institutions (COFI) Bill is the single most consequential piece of financial legislation pending in South Africa. It will:
| Milestone | Status |
|---|---|
| Draft Bill published | ✓ Completed |
| Public consultation | ✓ Completed |
| With Chief State Law Adviser for certification | ✓ Current (as of March 2025) |
| Cabinet approval for tabling | Pending — National Treasury says "soon" |
| Parliamentary process | Not yet started |
| Presidential assent / promulgation | Unknown |
FSCA Commissioner Unathi Kamlana stated: "COFI Bill has taken a bit of a while to get to where it is, but COFI Bill is the reality of how the financial sector in South Africa will be regulated, certainly from a conduct perspective, so it is not going away."
Recognising the delays, the FSCA announced a contingency plan at its March 2025 Industry Conference: if COFI faces further delays, the regulator will introduce elements of its subordinate legislative framework in phases through formal consultations.
Implication for fintechs: Do not wait for COFI to pass. The FSCA is actively preparing — building systems, drafting subordinate legislation, and developing new supervisory frameworks.
Sources: Moonstone — Contingency Plan (Mar 2025); Moonstone — COFI Progress (Jul 2024)
The Intergovernmental Fintech Working Group (IFWG) is the coordination body through which South African financial sector regulators (SARB, FSCA, Prudential Authority, FIC, National Treasury, NCR, SARS, and the Competition Commission) work together. Established in 2016, it provides:
The IFWG has been particularly active on: - Stablecoin regulation — In 2025, there are six rand-backed and rand-pegged stablecoin arrangements in South Africa, prompting the IFWG to take a "risk-based, phased and functional" approach - Tokenisation — Project Khokha to DFMI path - Crypto asset framework — The CAR WG position paper laid the groundwork for the FSCA's declaration of crypto as financial products
Sources: IFWG Website; AIR — Stablecoin Regulation (2025); IFWG — Tokenisation
In October 2022, the FSCA declared crypto assets as financial products under the Financial Advisory and Intermediary Services (FAIS) Act. This brought crypto within the formal regulatory perimeter, with practical implications kicking in through 2023–2025.
| Date | Milestone |
|---|---|
| 1 June 2023 | CASP licensing process opens |
| 30 November 2023 | Deadline for existing crypto businesses to apply |
| March 2024 | 59 CASP licenses approved |
| April 2024 | 75 licensed |
| June 2024 | 138 licensed |
| December 2024 | 248 CASP licenses approved |
As of December 2024: 383 total applications, 248 approved, 5 declined, 80 voluntarily withdrawn.
The FSCA's licensing covers CASPs rendering financial services related to crypto assets: advice, intermediary services, and investment management. This does not recognise crypto as legal tender.
South Africa is implementing the FATF Travel Rule for crypto-asset transfers, requiring CASPs to collect and share originator and beneficiary information for transactions above certain thresholds.
Implication for fintechs: The licensing window is effectively open but the compliance bar is high. Fintechs offering crypto-related services without a CASP license face enforcement action.
Sources: Moonstone — Licensed CASPs (Jul 2024); Web3Africa — Crypto License Guide (2024); ENS Africa — Crypto as Financial Products; Notabene — Travel Rule
In November 2025, the SARB added crypto assets and stablecoins to a new financial-stability risk category called "technology-enabled financial innovation" in its Financial Stability Review. Custody balances at South Africa's three largest licensed CASPs (Luno, VALR, and Ovex) have risen to more than R25 billion.
As of 2025, there are six rand-backed and rand-pegged stablecoin arrangements in South Africa, with several others being planned. This rapid growth has prompted the IFWG to shift from a cautious "wait and see" approach to active regulatory development.
The IFWG describes its approach as "risk-based, phased and functional" — meaning it aims to support proportionate regulation focused on the underlying activity, cognizant of new risk sets that the underlying technology creates.
The SARB and National Treasury are preparing a framework for overseeing cross-border crypto-asset transactions and updating exchange-control rules to address gaps exposed by digital-asset growth.
Sources: Moonstone — SARB Stablecoin Risk (Nov 2025); AIR — Stablecoin Regulation (2025)
PayShap has seen exponential growth. Standard Bank reported a tenfold increase in PayShap ID transactions. The system is positioned as the backbone of real-time digital payments.
In April 2024, the SARB published its Digital Payments Roadmap, a 17-action plan addressing:
Key barriers: Low bank account usage, high cash usage, transaction costs, infrastructure gaps (internet, mobile, electricity), lack of interoperability, limited access points, financial/digital illiteracy, consumer trust.
Selected action items: 1. Education — digital payment literacy for consumers, MSMEs, SASSA beneficiaries 2. Internet coverage — stable connectivity for rural and underserved areas 3. Offline payments — enable offline payment for low-value transactions 4. Interoperability — connect closed-loop wallets, mobile money, bank accounts 5. Digital identity — public-private digital financial identity solutions 6. Alternate merchant options — promote PayShap 7. SARB acquires 50% of BankservAfrica — modernising payment infrastructure
Project Khokha (Phases 1 and 2) demonstrated DLT-based interbank wholesale settlement using tokenised money (WCBDC and commercial bank stablecoins). While not production-ready, it lays groundwork for a future Decentralised Financial Markets Infrastructure (DFMI).
Sources: Afriwise — SARB Roadmap; ITWeb — SARB Blockchain; TechFinancials — Khokha to DFMI
The FSCA has published a draft position paper on Open Finance along with a formal Consultation and Research Paper titled "Regulating Open Finance." This represents the first concrete regulatory instrument on open finance in South Africa, moving from abstract strategic priority to actionable policy development.
The FSCA is actively consulting on: - Scope of open finance — which financial data products and services are covered - Customer consent mechanisms — how consumers authorise data sharing - API standards — technical requirements for data access - Obligations on data holders — banks and other financial institutions - Rights of data recipients — fintechs and third-party providers
Implication for fintechs: Invest in API-first architectures, data portability, and customer consent mechanisms now. The direction of travel is clear even if the specific rules are not yet final.
Sources: Webber Wentzel — Open Finance Position Paper; FSCA — Open Finance Consultation Paper
| Date | Event |
|---|---|
| February 2023 | SA placed on FATF grey list — 8 areas of strategic deficiency |
| October 2024 | SA making progress — 9 of 22 action items upgraded |
| 24 October 2025 | South Africa officially removed from FATF grey list |
Grey list removal has not meant regulatory relaxation. The FSCA and FIC have intensified supervisory focus:
Implication for fintechs: If you are an "accountable institution" under FICA, you face the same AML/CFT obligations as banks. Post-grey-list means more inspections, less tolerance for gaps.
Sources: YouVerify — FSCA AML 2026; Citizen — FATF Progress (Oct 2024)
In November 2025, the FSCA and Prudential Authority (PA) published South Africa's first comprehensive report on AI in the financial sector, based on 2,100 survey responses across banking, insurance, investments, payments, and lending.
| Metric | Finding |
|---|---|
| Banks using AI | 52% |
| Payment providers using AI | 50% |
| Retirement funds using AI | 14% |
| Insurers using AI | 8% |
| Lenders using AI | 8% |
| Overall sector AI adoption | 10.6% of respondents |
| Banks investing >R30M in AI (2024) | 45% of bank AI users |
| Other institutions investing <R1M | Majority |
The FSCA and PA have committed to: - Developing a discussion paper building on the AI report - Engaging stakeholders on key regulatory and supervisory questions - Addressing ethical issues: privacy, fairness, accuracy, transparency - Examining consumer protection implications of AI-driven decisions - Assessing prudential risks associated with AI
Implication for fintechs: AI governance is becoming a regulatory expectation. Fintechs using AI for credit scoring, fraud detection, or customer service should document their models, ensure algorithmic fairness, and prepare for disclosure requirements. The discussion paper will likely set the direction for binding rules.
Sources: Masthead — AI in SA Financial Sector (Feb 2026); Moonstone — FSCA/PA AI Study (Nov 2025); SARB/PA — AI Report PDF
In August 2025, the dtic published draft NCA amendment regulations that would have allowed educational institutions to submit student debt information to credit bureaus. This triggered:
Minister Tau committed to a revised process focusing on protecting students and improving MSME access to finance.
Sources: SABC News — NCA Amendment (Sep 2025)
Insurtech operates under existing insurance regulatory frameworks (Insurance Act 18 of 2017, FAIS Act). Key developments:
Sources: LaunchBase Africa — Naked Insurance (Jan 2025); IMARC — SA Insurtech Market
Cross-border payments remain governed by SARB Exchange Control Regulations, the Banks Act, and FICA. Key developments:
Implication: Fintechs must partner with authorised dealers or obtain their own licences. Liberalisation is gradual.
Sources: Nilos — Cross-Border Africa Guide; Afriwise — SARB Roadmap
POPIA (fully enforced since July 2021) creates comprehensive data protection obligations enforced by the Information Regulator. Key fintech-relevant requirements:
The FSCA and Information Regulator are coordinating more closely, creating a dual regulatory burden — both financial regulation and data protection.
| Body | Role | Fintech Relevance |
|---|---|---|
| FSCA | Market conduct regulator | Licensing, supervision, enforcement, crypto, COFI |
| SARB | Central bank, prudential oversight | Payments, exchange control, financial stability, Project Khokha |
| Prudential Authority | Prudential regulation | Bank/insurer solvency, fintech prudential requirements |
| FIC | AML/CFT | FICA compliance, STR filing, risk assessments |
| NCR | Credit regulation | NCA compliance, credit provider licensing |
| Information Regulator | Data protection | POPIA enforcement, breach notifications |
| National Treasury | Policy and legislation | COFI Bill sponsor, IFWG coordination |
| IFWG | Fintech coordination | Sandbox, guidance, innovation accelerator, stablecoins |
| Competition Commission | Competition law | Market structure, anti-competitive behaviour |
| Date | Event |
|---|---|
| Apr 2024 | SARB publishes Digital Payments Roadmap (17 actions) |
| Jun 2024 | FSCA Regulation Plan 2024–2027 published; 138 CASPs licensed |
| Sep 2024 | Two-pot retirement system comes into effect (delayed COFI) |
| Oct 2024 | SA makes 9/22 FATF upgrades (still on grey list) |
| Dec 2024 | 248 CASPs licensed by FSCA |
| Jan 2025 | Naked Insurance raises $38M (largest African insurtech round) |
| Mar 2025 | FSCA Industry Conference: COFI contingency plan announced |
| May 2025 | FSCA publishes Regulatory Strategy 2025–2028 |
| Jul 2025 | FSCA publishes detailed 2025 Regulation Plan |
| Aug 2025 | NCA amendment draft published (student debt → credit bureaus) |
| Sep 2025 | NCA amendment withdrawn after 20,000+ opposing submissions |
| Oct 2025 | ⭐ South Africa removed from FATF grey list |
| Nov 2025 | SARB adds crypto/stablecoins to "technology-enabled innovation" risk category |
| Nov 2025 | FSCA and PA publish first comprehensive AI in financial sector report |
| 2025 | FSCA publishes draft Open Finance position paper and consultation paper |
| 2025 | 6 rand-backed/pegged stablecoin arrangements operating in SA |
| 2026 (proj) | COFI Bill expected in Parliament |
| 2026 (proj) | FSCA AI discussion paper expected |
| 2026–2028 | Full COFI implementation expected |
| Priority | Action | Why |
|---|---|---|
| COFI readiness | Conduct gap analysis against COFI principles | FSCA preparing even before Bill passes |
| AML/CFT upgrade | Strengthen CDD, transaction monitoring, STR filing | Post-grey-list inspections intensifying |
| Data compliance | Audit POPIA compliance, especially AI decisions | Dual FSCA + Information Regulator scrutiny |
| Payments strategy | Integrate with PayShap and real-time payment rails | SARB mandating interoperability |
| Crypto licensing | Apply for CASP licence if offering crypto services | 248 already licensed; enforcement against unlicensed |
| AI governance | Document AI models, ensure fairness, prepare for disclosure | FSCA/PA discussion paper coming |
| Stablecoin awareness | Monitor IFWG stablecoin regulatory development | 6 arrangements already operating; rules coming |
| Priority | Action | Why |
|---|---|---|
| Open finance preparation | Build API-first, consent-based data sharing | FSCA consultation paper published |
| ESG readiness | Develop sustainability reporting capability | FSCA Sustainable Finance Roadmap |
| Operational resilience | Strengthen cybersecurity, third-party risk management | New FSCA requirements |
| COFI re-licensing | Prepare for activity-based licensing | COFI will require re-registration |
| IRS integration | Prepare for FSCA's digital regulatory reporting | Real-time supervision coming |
gaps: 1. ~~Open finance consultation timeline~~ — Resolved: FSCA has published draft position paper and formal consultation/research paper on "Regulating Open Finance" 2. ~~Stablecoin regulatory treatment~~ — Resolved: SARB created new risk category; IFWG has 6 arrangements under study; risk-based phased approach confirmed 3. ~~AI regulatory guidance~~ — Resolved: FSCA/PA published comprehensive AI report (Nov 2025); discussion paper forthcoming 4. Specific SARB CBDC timeline beyond Project Khokha — Whether SA will issue a retail CBDC remains undecided (no new public information) 5. Precise timeline for COFI Bill's Parliamentary process and promulgation — Still uncertain, dependent on Chief State Law Adviser certification and Cabinet approval
threads: 1. The IFWG's Innovation Accelerator work on tokenisation and DFMI could signal major regulatory changes for blockchain-based financial infrastructure 2. The SARB's 50% acquisition of BankservAfrica could fundamentally restructure SA's payment infrastructure ownership 3. The political dynamics around credit regulation (NCA amendment backlash) could influence future fintech lending regulation 4. Cross-border stablecoin payments are emerging faster than regulation — opportunity and risk 5. The FSCA/PA AI discussion paper could set binding AI governance requirements for fintechs
contradictions: 1. COFI Bill timing — sources suggest "soon" to Cabinet while timelines are "outside the control of the FSCA" — genuinely uncertain 2. Some sources describe SA's open finance progress as notable, but the formal regulatory framework is still in consultation phase with enforcement likely years away
Targeted gaps 1 (open finance), 2 (stablecoins), and 4 (AI guidance). All three resolved with substantial new sources found: - Open Finance: FSCA draft position paper and consultation paper confirmed - Stablecoins: SARB new risk category, 6 rand-backed arrangements, IFWG risk-based approach - AI: FSCA/PA comprehensive report with 2,100 responses; discussion paper forthcoming
Skeptical Practitioner: - Challenge: Is the report overstating the pace of regulatory change? The COFI Bill has been "coming soon" for years. The actual binding impact on fintechs may be more limited than the strategic language suggests until COFI is actually promulgated. - Challenge: The report may underweight the capacity constraints of SA regulators — ambitious strategies don't always translate to enforcement capacity.
Adversarial Reviewer: - Challenge: The FATF grey list exit narrative ("intensified scrutiny") could be contradicted by enforcement data — are inspections actually increasing, or is this aspirational language? - Challenge: The stablecoin section describes 6 arrangements but doesn't quantify the systemic risk. R25 billion in custody across 3 CASPs is significant but small relative to SA's banking sector.
Implementation Engineer: - Challenge: For a fintech founder reading this, the practical "what do I do on Monday?" guidance could be sharper. The action tables are good but don't address the sequencing problem — which compliance investments come first when resources are limited? - Challenge: The report doesn't quantify compliance costs. What does CASP licensing actually cost? What are typical AML/CFT setup costs for a Series A fintech?
Checking load-bearing claims for source backing:
⚠ low-confidence: only 1 source for "6 rand-backed stablecoin arrangements in South Africa in 2025" — this comes from the AIR blog quoting SARB/IFWG officials directly, which is authoritative but single-source.
No further loop-back round needed — only one claim below the 3-source threshold and it is directly attributed to the IFWG Chair and SARB officials in a published interview.
Regulatory overreach risk: South Africa's ambitious regulatory agenda could stifle fintech innovation, particularly for early-stage startups that lack compliance resources. The FSCA's "intrusive supervision" mandate may inadvertently create barriers to entry that entrench incumbents. The failed NCA amendment shows that regulatory overreach can face significant public pushback.
Capacity constraints: The FSCA and SARB are expanding their mandates (crypto, AI, open finance, stablecoins, ESG) without proportional increases in staffing and technical capability. This could lead to slow licensing decisions, inconsistent enforcement, and regulatory uncertainty — potentially worse for fintechs than clear but strict rules.
Regulatory arbitrage: South Africa's relatively heavy regulation may drive fintech activity to less regulated jurisdictions or into informal channels. The gap between formal regulation and enforcement on the ground remains significant, particularly for smaller fintechs and in underserved markets.
Global divergence: SA is building its own regulatory approach rather than simply adopting EU/UK models. While this may be appropriate for local conditions, it creates complexity for fintechs operating across multiple African jurisdictions with different regulatory frameworks.
No credible counterpoints surfaced suggesting the described regulatory developments are not occurring — the direction is well-documented across multiple independent sources.
Research conducted 2026-05-24. 21 sources consulted across DuckDuckGo searches, direct web scraping, and FSCA/SARB official publications. CLI research tools (Gemini, Codex, Kimi) were unavailable during this session; all findings derived from Claude WebSearch and direct source retrieval.