“Pressure pushing down on me, pressing down on you…” the iconic line from David Bowie and Queen’s anthem feels prophetic for South Africa’s financial sector in 2025. With the regulatory heat intensifying from the Financial Sector Conduct Authority and the Prudential Authority, heightened global expectations post-greylisting, and new compliance frontiers such as crypto and environmental, social, and governance (ESG) factors, the stakes for financial institutions have never been higher.
We explore key regulatory trends shaping South Africa’s legal and compliance landscape in 2025 and offer practical guidelines on how businesses can navigate them.
Enhanced executive accountability
There is increasing global pressure, driven by the International Monetary Fund, the Financial Action Task Force (FATF), and international investors for South African regulators to mirror enforcement regimes such as the United Kingdom’s Senior Managers & Certification Regime, where executives are routinely held liable for misconduct.
The FSCA has called on boards and executives to take personal responsibility for regulatory compliance.
Both the FSCA and the PA have intensified enforcement efforts, particularly against members of governing bodies for failures related to governance, market abuse, misleading disclosures, and anti-money laundering (AML) and counter-terrorism financing (CFT) controls. This shift aims to ensure that leadership plays an active role in maintaining regulatory standards.
In the 2023/24 financial year, the FSCA imposed administrative penalties totalling some R943 million on 31 individuals, a notable rise from previous years. Significant sanctions were levied under the Financial Markets Act and against individuals involved in investment scams.
Client playbook:
- Define and document executive oversight: Outline compliance roles and keep thorough records of decisions.
- Conduct “top-down” compliance reviews: Regularly audit senior leaders and test leadership’s understanding of key risk areas such as AML/CFT, whistleblowing, market abuse, and Decentralised Finance (DeFi).
- Strengthen your “tone at the top”: Align leadership messaging with compliance standards and practically support compliance teams.
- Implement crisis protocols: Ensure executives know how to handle direct regulator engagement.
- Review fit and proper compliance: Frequently review key executives’ qualifications and ethics and proactively address any risk.
Regulatory response to greylisting
The FSCA, Financial Intelligence Centre (FIC), South African Reserve Bank, and the PA are co-ordinating to monitor, enforce, and strengthen AML/CFT compliance across all licensed financial institutions and designated non-financial businesses and professions. Financial institutions that fall short may face concurrent scrutiny from the FIC, FSCA, South African Revenue Service, and the PA.
In 2024, enforcement escalated materially. The FSCA imposed a R16m administrative penalty on Ashburton Fund Managers. The PA sanctioned Sasfin Bank R209.7m (R160.6m effectively payable) for historical breaches in its now-defunct foreign exchange division. Smaller financial services providers were also targeted – for example, Mika Finansiële Dienste was fined R1.1m. These actions reflect the regulators’ uncompromising stance: AML/CTF compliance is non-negotiable, and enforcement will be rigorous regardless of the size of the institution.
Common triggers for regulatory scrutiny include the absence of a tailored and operational Risk Management and Compliance Programme (RMCP); failure to submit Suspicious Transaction Reports and other required reports to the FIC; poor identification or monitoring of politically exposed persons (PEPs) and high-risk clients; and a lack of automated systems for sanctions screening and transaction monitoring.
A recurring red flag for the regulators is “tick-box” compliance – where policies exist on paper but are not substantively applied – suggesting that institutions are treating their AML obligations as a procedural requirement rather than a critical governance priority.
Client playbook:
- Update your RMCP: Regularly revise the RMCP to reflect specific business risks and FIC compliance and avoid generic templates.
- Automate where possible: Implement real-time transaction and PEP screening systems, and review alerts promptly.
- Enterprise-wide training: Provide comprehensive AML training across all levels and train front-line, compliance, and leadership staff on identifying red flags and responding appropriately.
- Conduct internal AML audits: Regularly audit internally to proactively identify gaps that align with the standards set by the FATF and the FIC.
- Document, document, document: Maintain thorough documentation of compliance decisions and escalations.
- Engage with the FIC early: Report suspicious activities promptly to the FIC and ensure that section 29 reports are submitted accurately and effectively.
Regulation of crypto assets
Following the formal designation of crypto assets as a “financial product” under the Financial Advisory and Intermediary Services Act, crypto asset service providers (CASPs) are now subject to licensing, AML/CFT compliance, and consumer protection obligations. The regulatory objective is clear: treat crypto like any other high-risk financial instrument and impose structure to a fast-growing market.
The FSCA opened the licensing process for CASPs on 1 June 2023. By December 2024, the FSCA had received 420 applications, of which 248 were approved, nine declined, and 106 withdrawn following consultations.
Directive 9, which comes into effect on 30 April 2025, introduces enhanced AML compliance on CASPs. Central to this directive is the “travel rule”, which requires that client information accompanies domestic and cross-border crypto transfers. This is intended to promote transparency and deter the use of crypto illicit activity.
For new and existing players, the message is clear: operate within the law or risk enforcement action.
Client playbook:
- Licensing compliance: CASPs must ensure they meet all licensing conditions and adhere to AML/CFT obligations.
- Risk management: Develop and implement comprehensive risk management frameworks that address the unique risks posed by crypto assets and decentralised finance platforms.
- Continuous monitoring: Maintain regular oversight of regulatory developments and ensure ongoing alignment with FSCA requirements in this rapidly evolving market.
- Train staff: Ensure staff understand the Financial Intelligence Centre Act and sanctions rules.
- Consumer communication: Review all marketing and risk disclosures to ensure they align with the FSCA’s financial product advertising standards and avoid misleading or incomplete information.
DeFi: the next frontier
DeFi has seen explosive global growth and is gaining traction in South Africa. Built on blockchain-based smart contracts, DeFi platforms enable services such as lending, trading, and yield farming without the need for centralised intermediaries. This decentralisation, however, presents a regulatory conundrum: who bears responsibility when things go wrong? DeFi remains largely unregulated in South Africa, but it has not escaped regulatory attention.
DeFi protocols currently fall outside the formal licensing framework of the FSCA, largely because of the absence of an identifiable legal entity behind these platforms. Nonetheless, the FSCA and National Treasury have begun examining how best to regulate the sector, particularly where it gives rise to AML, consumer protection, or market conduct risks.
Client playbook
- Identify exposure: Map all exposure, direct and indirect, regarding DeFi involvement.
- Evaluate legal risk: Assess whether platforms could be seen as “unlicensed” financial services.
- Strengthen on-ramps: Keep AML controls strong when bridging DeFi.
- Engage with regulators: Proactively consult the FSCA, PA, and other relevant regulators to pre-empt future enforcement issues.
- Watch the horizon: DeFi regulation is coming – it’s a matter of “when”, not “if”.
Integration of ESG factors
There is a growing regulatory focus on integrating ESG considerations into financial services, driven by both investor expectations and evolving regulatory initiatives.
Although formal enforcement actions in South Africa are still emerging, the FSCA has signalled that sustainable finance and ESG considerations will be priority areas in its future regulatory framework. As a result, litigation and reputational risks are increasing, particularly for corporates accused of greenwashing or failing to disclose material climate or social-related risks.
Client playbook:
- ESG policy development: Formulate clear ESG policies that align with regulatory expectations and global best practices.
- Transparent reporting: Share accurate and transparent ESG data.
- Stakeholder engagement: Engage with stakeholders’ ESG concerns and incorporate them into corporate strategies.
- Integrate ESG into risk appetite statements: Boards should state what ESG risks are acceptable to guide decisions and align teams.
In summary
In a regulatory environment defined by heightened scrutiny, and increasing expectations, financial institutions in South Africa can no longer adopt a reactive compliance posture. Whether navigating personal liability in enforcement actions, adapting to crypto regulation, strengthening AML/CFT frameworks post-greylisting, or aligning with ESG disclosures with global benchmarks, compliance has become a strategic differentiator.
The institutions that will thrive in 2025 and beyond are those that see regulation not as a constraint, but as an opportunity to build resilience, bolster credibility, and drive long-term value.
This article was written by Anél de Meyer and Lerato Lamola, who are partners at Webber Wentzel.
Disclaimer: The views expressed in this article are those of the writers and are not necessarily shared by Moonstone Information Refinery or its sister companies. The information in this article is a general guide and should not be used as a substitute for professional legal advice.
