South Africa FSCA Crypto Licensing: 300 Approved and Counting

South Africa's crypto licensing regime is no longer new. The FSCA has been processing applications since mid-2023, and the numbers tell a story of a regulator that set a high bar and stuck to it. With over 300 licenses approved and enforcement ramping up against unlicensed operators, Africa's most developed financial market now has a mature, operational framework for digital asset oversight.

The licensing picture today

The Financial Sector Conduct Authority (FSCA) has been issuing crypto asset service provider (CASP) licenses since 2023, following a declaration on 19 October 2022 that classified crypto assets as a financial product under the Financial Advisory and Intermediary Services Act 37 of 2002 (FAIS Act). This was not an amendment to the FAIS Act itself but a regulatory declaration under the FSCA's existing powers, bringing crypto asset services within the same legal framework that has governed financial advisers, brokers, and fund managers since the Act became fully operational on 30 September 2004.

As of December 2025, the FSCA had received 512 licence applications. Of these, 300 have been approved, 14 declined, and 121 voluntarily withdrawn after discussions with the regulator. The approved firms include established domestic exchanges such as Luno South Africa, VALR, AltCoinTrader, and OVEX, alongside advisory firms and custody providers serving institutional clients. The approval rate of roughly 59% reflects the FSCA's willingness to defer or decline rather than approve borderline applicants. Deferred applications are not rejections; they can be resubmitted once deficiencies are remedied. But the numbers make clear that the FSCA is maintaining a consistent standard.

What the license requires

CASP licensing under the FAIS Act declaration treats crypto asset services as a financial service, which means licensed CASPs are subject to the same conduct, disclosure, and fiduciary obligations as traditional financial services providers. Key requirements include appointing at least one key individual who meets the FSCA's fit and proper standards (minimum qualifications, experience, and clean regulatory record), maintaining professional indemnity insurance or a fidelity guarantee, implementing a compliance function that reports directly to the board, and segregating client assets from operational funds.

The FAIS framework also imposes ongoing conduct obligations. CASPs must provide clients with clear, accurate, and not misleading information about crypto assets. Suitability assessments are required before recommending specific products to retail clients. Complaints handling procedures must conform to the FAIS General Code of Conduct. These are not crypto-specific inventions; they are the same rules that apply to every financial services provider in South Africa, now extended to cover digital assets.

Capital adequacy requirements are determined on a case-by-case basis depending on the nature and scale of the CASP's operations, but the FSCA has indicated minimum thresholds in the range of ZAR 5 million to ZAR 50 million depending on whether the firm operates as an exchange, custodian, or advisory service.

Why the FAIS route matters

Some jurisdictions (Nigeria, for instance) have created bespoke crypto regulatory frameworks from scratch. South Africa chose a different approach: it brought crypto into an existing, well-tested regulatory framework. The FAIS Act was enacted in 2002 and has been fully operational since 30 September 2004. The FSCA (and its predecessor, the Financial Services Board) has two decades of experience supervising financial services providers under this framework, including conducting inspections, processing complaints, and taking enforcement action.

This matters because it means the FSCA is not building enforcement capacity from zero. The same inspection teams, the same enforcement processes, and the same legal precedents that apply to traditional financial services providers now apply to CASPs. A crypto exchange licensed under FAIS can be inspected, fined, or deregistered using the same tools the FSCA uses for insurance brokers, financial advisers, and fund managers. No new legislation is needed; no new institutional capacity must be created.

The trade-off is that the FAIS framework was designed for traditional financial products, and some of its requirements fit awkwardly with crypto operations. The suitability assessment requirement, for example, makes sense for a financial adviser recommending a specific investment. It is less clear how it applies to a crypto exchange where users self-select which tokens to trade. The FSCA has issued guidance addressing some of these gaps, but grey areas remain.

Africa's regulatory landscape in context

South Africa is now the first major African economy with operational, enforceable crypto licensing. Nigeria's SEC framework is newer and has not yet completed its first licensing cycle. Kenya's Capital Markets Authority sandbox approach is still in pilot phase. Mauritius has licensed a small number of crypto custodians under its Financial Services Commission, but the scale is limited.

For international crypto firms looking at African market entry, a South African CASP license now offers something that did not previously exist: a credible, enforceable regulatory credential in the continent's most developed financial market. South Africa's financial infrastructure (the JSE, sophisticated banking sector, established fund management industry) gives a CASP license weight that licensing in smaller jurisdictions cannot match.

The domestic implications are equally significant. South Africa has an estimated 6 to 8 million crypto users, with adoption driven by rand volatility, cross-border remittance needs, and a young, tech-savvy population. The collapse of Mirror Trading International in December 2020 (a South African crypto Ponzi scheme that defrauded investors of hundreds of millions of dollars) demonstrated what happens when crypto operates outside regulatory oversight. The FSCA's licensing regime is, in part, a direct response to that failure.

Enforcement and what comes next

The FSCA continues to process CASP applications on a rolling basis. Firms that were deferred can reapply once deficiencies are remedied. Providing crypto asset services without a CASP licence is a FAIS Act violation carrying potential administrative fines of up to ZAR 10 million and possible criminal penalties.

The FSCA has launched 81 investigations into potential unlicensed operators, with 56 still under investigation as of late 2025. Between January and March 2025, the regulator conducted its first round of 10 supervisory inspections of licensed CASPs, focusing on governance, risk management, and business risk assessments. A further 30 inspections were planned through March 2026, with 21 already completed. In August 2025, the FSCA established the Crypto Asset Supervisory Engagement Forum (CASEF) to strengthen dialogue with the industry. This is no longer a framework being tested; it is a regime being enforced. Current CASP application procedures and guidance notes are available on the FSCA's CASP page.