"Pressure pushing down on me, pressing down on you..." the iconic line from Bowie and Queen’s anthem feels prophetic for South Africa’s financial sector in 2025. With regulatory heat intensifying from the Financial Sector Conduct Authority (FSCA) and Prudential Authority (PA), heightened global expectations post-greylisting, and new compliance frontiers such as crypto and environmental, social, and governance (ESG) factors, the stakes for financial institutions have never been higher.
We explore key regulatory trends shaping South Africa’s legal and compliance landscape in 2025 and offer practical guidelines on how businesses can navigate them.
1. Enhanced executive accountability
Trend overview: There is increasing global pressure, driven by the International Monetary Fund (IMF), Financial Action Task Force (FATF), and international investors, for South African regulators to mirror enforcement regimes like the United Kingdom's (UK) Senior Managers & Certification Regime (SMCR), where executives are routinely held liable for misconduct.
The FSCA has called on boards and executives to take personal responsibility for regulatory compliance. Both the FSCA and the PA have intensified enforcement efforts, particularly against members of governing bodies for failures related to governance, market abuse, misleading disclosures, and anti-money laundering (AML) and counter-terrorism financing (CFT) controls. This shift aims to ensure that leadership plays an active role in maintaining regulatory standards.
In the 2023/24 financial year, the FSCA imposed administrative penalties totalling approximately ZAR 943 million on 31 individuals, a notable rise from previous years. Significant sanctions were levied under the Financial Markets Act and against individuals involved in investment scams.1
🛡️ Client playbook:
-
Define and document executive oversight: Outline compliance roles and keep thorough decision records.
-
Conduct regular “top-down” compliance reviews: Regularly audit senior leaders and test leaderships' understanding of key risk areas such as AML/CFT, whistleblowing, market abuse, and Decentralised Finance (DeFi).
-
Strengthen your “tone at the top”: Align leadership messaging with compliance standards and practically support compliance teams.
-
Implement crisis protocols: Ensure executives know how to handle direct regulator engagement.
-
Review fit and proper compliance: Frequently review key executives' qualifications and ethics and proactively address any risk.
2. Regulatory response to FATF greylisting
Trend overview: The FSCA, Financial Intelligence Centre (FIC), South African Reserve Bank (SARB), and PA are now co-ordinating to monitor, enforce, and strengthen AML/CFT compliance across all licensed financial institutions and designated non-financial businesses and professions (DNFBPs). Financial institutions that fall short may face concurrent scrutiny from the FIC, FSCA, South African Revenue Service (SARS), and the PA, if AML/CFT controls are found lacking.
In 2024, enforcement escalated materially. The FSCA imposed ZAR 16 million administrative penalty on Ashburton Fund Managers. The PA sanctioned Sasfin Bank ZAR 209.7 million (ZAR 160.6 million effectively payable) for historical breaches in its now-defunct foreign exchange division. Smaller financial services providers (FSPs) were also targeted—for example,
Mika Finansiële Dienste was fined ZAR 1.1 million. These actions reflect the regulators’ uncompromising stance: AML/CTF compliance is non-negotiable, and enforcement will be rigorous regardless of institution size.
Common triggers for regulatory scrutiny include the absence of a tailored and operational RMCP; failure to submit Suspicious Transaction Reports (STRs) and other required reports to the FIC; poor identification or monitoring of politically exposed persons (PEPs) and high-risk clients; and lack of automated systems for sanctions screening and transaction monitoring. A recurring red flag for regulators is “tick-box” compliance—where policies exist on paper but are not substantively applied—suggesting that institutions are treating AML obligations as a procedural requirement, rather than a critical governance priority.
🛡️ Client playbook:
-
Update your RMCPs: Regularly revise RMCPs to reflect specific business risks and FIC compliance and avoid generic templates.
-
Automate where possible: Implement real-time transactions PEP screening systems as well as review alerts promptly.
-
Enterprise-wide training: Provide comprehensive AML training across all levels and train front-line, compliance, and leadership staff on identifying red flags and responding appropriately.
-
Conduct internal AML audits: Regularly audit internally to proactively identify gaps that align with FATF and FIC standards.
-
Document, document, document: Maintain thorough documentation of compliance decisions, and escalations.
-
Engage with the FIC early: Report suspicious activities promptly and effectively to the FIC and ensure
section 29 reports are submitted accurately and effectively.
3. Regulation of crypto assets
Trend overview: Following their formal designation as a 'financial product' under the Financial Advisory and Intermediary Services Act, 2002 (FAIS Act), crypto asset service providers (CASPs) are now subject to licensing, AML/CFT compliance, and consumer protection obligations. The regulatory objective is clear: treat crypto like any other high-risk financial instrument and impose structure to a fast-growing market.
The FSCA opened the licensing process for CASPs on 1 June 2023. By December 2024, the FSCA had received 420 applications, of which 248 were approved, nine declined, and 106 withdrawn following consultations. Directive 9, which comes into effect on 30 April 2025, introduces enhanced AML compliance on CASPs. Central to this directive is the "travel rule," which requires that client information accompanies domestic and cross-border crypto transfers. This is intended to promote transparency and deter the use of crypto illicit activity.
For new and existing players, the message is clear: operate within the law or risk enforcement action.
🛡️ Client playbook:
-
Licensing compliance: CASPs must ensure they meet all licensing conditions and adhere to AML/CFT obligations.
-
Risk management: Develop and implement comprehensive risk management frameworks that address the unique risks posed by crypto assets and decentralised finance platforms.
-
Continuous monitoring: Maintain regular oversight of regulatory developments and ensure ongoing alignment with FSCA requirements in this rapidly evolving market.
-
Train staff: Ensure staff understand FICA and sanctions rules.
-
Consumer communication: Review all marketing and risk disclosures to ensure they align with the FSCA’s financial product advertising standards and avoid misleading or incomplete information.
4. Decentralised Finance (DeFi): The next frontier
Trend overview: Decentralised finance (DeFi) has seen explosive global growth and is gaining traction in South Africa. Built on blockchain-based smart contracts, DeFi platforms enable services such as lending, trading, and yield farming, without the need for centralised intermediaries. This decentralisation however presents a regulatory conundrum: who bears responsibility when things go wrong? DeFi remains largely unregulated in South Africa, but it has not escaped regulatory attention.
DeFi protocols currently fall outside the formal licensing framework of FSCA, largely due to the absence of an identifiable legal entity behind these platforms. Nonetheless, the FSCA and National Treasury have begun examining how best to regulate the sector, especially where it gives rise to AML, consumer protection, or market conduct risks.
🛡️ Client playbook
-
Identify exposure: Map all exposure, direct and indirect, regarding DeFi involvement.
-
Evaluate legal risk: Assess if platforms could be seen as 'unlicensed' financial services.
-
Strengthen on-ramps: Keep AML controls strong when bridging DeFi.
-
Engage with regulators: Proactively consult the FSCA, PA, and other relevant regulators to pre-empt future enforcement issues.
-
Watch the horizon: DeFi regulation is coming – it’s a matter of 'when' not 'if'.
5. Integration of Environmental, Social, and Governance (ESG) factors
There is a growing regulatory focus on integrating ESG considerations into financial services, driven by both investor expectations and evolving regulatory initiatives.
While formal enforcement actions in South Africa are still emerging, the FSCA has signalled that sustainable finance and ESG considerations will be priority areas in its future regulatory framework. As a result, litigation and reputational risks are increasing, particularly for corporates accused of greenwashing or failing to disclose material climate or social-related risks.
🛡️ Client playbook:
-
ESG policy development: Formulate clear ESG policies that align with regulatory expectations and global best practices.
-
Transparent reporting: Share accurate and transparent ESG data.
-
Stakeholder engagement: Engage with stakeholders' ESG concerns and incorporate into corporate strategies.
-
Integrate ESG into risk appetite statements: Boards should state what ESG risks are acceptable to guide decisions and align teams.
In a regulatory environment defined by heightened scrutiny, and increasing expectations, financial institutions in South Africa can no longer adopt a reactive compliance posture. Whether navigating personal liability in enforcement actions, adapting to crypto regulation, strengthening AML/CFT frameworks post-greylisting, or aligning with ESG disclosures with global benchmarks—compliance has become a strategic differentiator. The institutions that will thrive in 2025 and beyond are those that see regulation not as a constraint, but as an opportunity to build resilience, bolster credibility, and drive long-term value.