The Financial Intelligence Centre (FIC) issued Directive 9 that comes into effect on the 1st of May 2025. The Directive outlines compliance requirements under the "Travel Rule" in alignment with the Financial Action Task Force (FATF) Recommendations.
It applies to those Accountable Institutions listed in items 12 (Financial Service Providers) and 22 (Crypto Asset Service Providers) of Schedule 1 to the FIC Act that facilitate or enable the origination or receipt of domestic, and cross-border transfers of crypto assets or act as an intermediary in receiving or transmitting the crypto assets for or on behalf of a client.
Below is a summary of key actions required for compliance:
Ordering Crypto Asset Service Providers (CASPs):
- The Ordering CASP must conduct due diligence on counterparty CASPs, including ensuring that confidential data will be protected and that they are not listed by a United National Security Council Resolution as per s26A(3) of the FIC Act.
- When processing crypto asset transfers, the ordering provider must transmit detailed originator information (name, identity, address, date and place of birth and originator and recipient wallet addresses) to the recipient provider. This information must be verified as per the FIC Act and the Risk Management and Compliance Programme.
- For single cross-border transactions under R5,000, the provider must send basic information (originator’s name, originator wallet details, beneficiary’s name and beneficiary’s wallet) but does not need to verify the information unless suspicious activity is detected.
- The provider must develop policies to manage transfers with missing information, including procedures for executing, rejecting, or suspending transactions and document these in the Risk Management and Compliance Programme.
Intermediary Crypto Asset Service Providers:
- The provider must ensure the originator and beneficiary information is transmitted correctly in the transfer chain.
- The provider must develop policies to manage transfers with missing information, including procedures for executing, rejecting, or suspending transactions and document these in the Risk Management and Compliance Programme.
Recipient Crypto Asset Service Providers:
- The Provider must ensure the beneficiary’s identity is verified as per the FIC Act.
- The Provider must develop policies to manage transfers with missing information, including procedures for executing, rejecting, or suspending transactions and document these in the Risk Management and Compliance Programme.
- For single cross-border transactions under R5,000 from a high-risk of FATF monitored country of FATF, the provider must verify the information received.
Security Measures:
- All providers must transmit the required information securely and simultaneously with the transfer and avoid post facto transmission.
- All providers must ensure secure storage and protection of the information against unauthorised access.
Unhosted Wallets:
- All providers must develop and implement procedures to assess and manage the risks associated with transfers involving unhosted wallets which must include the manner in which, and the processes by which further information on the unhosted wallet is obtained in the case where the CASP determines that there is a higher money laundering, terrorist financing or proliferation financing risk. These must be documented in the Risk Management and Compliance Programme.
How nCino KYC can help
In addition to customers identifying their clients using nCino KYC, they could also consider using it to identify their client beneficiaries and counterparty firms. To learn more or explore how our team can support you, please contact us.
