SARB Guidance Note Approves Bank’s Risk-Based Approach to Crypto Asset Service Providers
On 15 August 2022, the South African Reserve Bank (“SARB”) released a Guidance Note
(G10/2022) to all South African banks, branches of foreign institutions, controlling
companies, eligible institutions and auditors of banks and controlling companies.
The notice refers to the recommendations of the Financial Action Task Force (“FATF”),
Basel Committee on Banking Supervision Guidelines (“BCBS guidelines”), together with the
authority of the Financial Intelligence Centre Act, No. 28 of 2001 (“FIC Act”) in which it
determines guidelines for banks to conduct business with Crypto Asset Service Providers
(“CASP/s”) or Crypto Assets (“CA/s”) related clients. The banking sector is indeed tasked
with thorough implementation of risk assessment policies such as anti-money laundering
and counter-proliferation financing (“AML/CPF”). In utilising a thorough risk-based approach, and not merely de-risking (i.e. avoiding the risk entirely) – banks must consider that de-risking eliminates the chances to treat potential money laundering/terrorist-
financing/proliferation financing (“ML/TF/PF”) threats.
Accordingly, banks ought not avoid clients that are CASP/CA-related, but must instead
extend its ML/TF/PF risk assessment policies to these clients in the onboarding process; as
well as conduct a further due diligence should some risks present themselves at this stage.
Should the risks of any particular client pose too great a threat to the bank, discretion is
available for the bank to elect de-risking upon careful consideration, together with a due
diligence exercise. The FIC Act requirements naturally find application and include, amongst
others, the reporting of suspicious or unusual activity.
The Prudential Authority is well-aware of the decisions of certain banks in South Africa that
have elected to terminate its client’s accounts or discontinue its banking services insofar as
these relate to CASPs. The notice highlights the greater need for a risk-based approach
instead, even if this requires the banks to strengthen its internal control systems and risk
management policies and procedures.