CASPs as accountable institutions
The December 2022 Schedule 1 rewrite added crypto asset service providers alongside credit providers and high-value goods dealers. A CASP carries the same stack as a bank: registration on goAML, a documented and implemented RMCP, identity established and verified before trading, ongoing due diligence, sanctions screening, cash threshold reports and suspicious transaction reports. (FSCA licensing of CASPs as financial services providers is a separate, parallel regime.)
Directive 9: the Travel Rule
Directive 9 implements the FATF’s Recommendation 16 “travel rule” for crypto: when crypto moves between institutions, identifying information about the sender and recipient must travel with it. Key features of the South African implementation, effective 30 April 2025: it applies to all transfers regardless of amount; verification obligations deepen at R5 000 and above; and the FIC granted no exemptions. For CASPs this is plumbing — collecting, transmitting and screening counterparty data; for users it surfaces as new questions on every send.
Why your exchange asks so many questions
“Who are you sending this to?”, “Which platform is the receiving wallet on?”, “What is your relationship to the recipient?” — each maps to a Directive 9 data field, not to curiosity. The same applies on the way in: full verification at onboarding is the section 21 duty, and limits or holds pending verification follow the same section 21E logic as a bank account. The general verification rules — including why fully digital, biometric onboarding is lawful — are covered in the verification guide.
External wallets and approved CASPs
The Travel Rule assumes an institution on each end of a transfer. A self-hosted (external) wallet has no institution to supply or receive the beneficiary data — so South African platforms responded by restricting sends to networks of approved counterpart CASPs and adding wallet-ownership verification for self-hosted withdrawals. The practical effect users notice: transfers that once took an address paste now take questionnaires, or are unavailable to unverified destinations. The mechanics differ by platform (each implements its own RMCP); the underlying driver is the directive, not platform whim.
Frequently asked questions
Crypto asset service providers became Schedule 1 accountable institutions on 19 December 2022 — the same customer due diligence duties as a bank. Account opening creates a business relationship, so identity is established and verified per the CASP’s RMCP before you trade.
The Travel Rule (FIC Directive 9, effective 30 April 2025) requires CASPs to collect and transmit originator and beneficiary information with crypto transfers — for all transfers, with fuller verification at R5 000 and above. The questions are the directive at work, not the exchange being curious.
Because the Travel Rule requires beneficiary information that a self-hosted wallet does not supply through a counterparty institution, South African CASPs have largely restricted transfers to networks of approved counterpart CASPs and added extra verification for self-hosted wallet withdrawals. The friction is the compliance architecture, and it varies by platform policy.