Crypto Crosses The Border: What Crypto Asset Service Providers Need To Know For 2026

South Africa's 2026 Budget marks a significant step forward in the regulation of crypto assets, particularly in relation to cross-border capital flows. In his Budget Speech on 25 February 2026, the Minister of Finance, Enoch Godongwana, announced that draft regulations will soon be issued under the Currency and Exchanges Act 9 of 1933 to bring crypto assets into South Africa's capital flow management regime and that crypto assets will be governed within the cross-border movement of capital framework. This was framed as complementary to existing anti-money laundering and anti-fraud measures already applicable to crypto-related activity.

This is an important policy development, particularly in light of the High Court's decision in Standard Bank of South Africa Ltd v South African Reserve Bank and others, where the Court found that cryptocurrency fell outside the ambit of the Exchange Control regime on any construction (including on a restrictive interpretation) and that the relevant Bitcoin transactions therefore did not contravene the regulations. The Budget Speech announcement signals a clear shift from that position by indicating that the government intends expressly bring crypto assets within the capital flow management regime through draft regulations under the Currency and Exchanges Act.

Market participants should expect explicit rules on the reporting, administration and supervision of cross-border crypto transactions once the draft regulations are published, which is likely to affect Crypto Asset Service Providers ("CASPs"), FinTech businesses, treasury functions and any business using crypto rails for offshore settlement or transfers. The direction of travel is clear even if the details are yet to come.

The Budget commentary on stablecoins points in the same direction: regulated accommodation, but with caution. According to the Budget Review comments, National Treasury acknowledges that many G20 jurisdictions advanced stablecoin regulation in 2025, and confirms that South Africa's Intergovernmental Fintech Working Group ("IFWG") is continuing work on an appropriate framework for stablecoins, including a 2026 focus on whether existing frameworks apply to rand-pegged stablecoin arrangements and on the policy implications of foreign-currency-pegged stablecoins.

For businesses, the message is not that stablecoins are being endorsed as unrestricted payment instruments. Rather, regulators appear to be building a structured framework that distinguishes between innovation and risk, while paying close attention to cross-border implications, consumer exposure, AML/CTF controls and broader financial stability concerns.

From a compliance perspective, businesses operating in or around digital assets should start preparing now. Internal mapping of crypto-related cross-border flows, transaction reporting processes, customer disclosures, and governance frameworks will become increasingly important, particularly where business models span payments, remittances, custody, trading or token-based settlement mechanisms. The regulatory architecture is becoming more layered, and the cost of being reactive (both operationally and in terms of market confidence) is likely to rise. Businesses with exposure to digital assets should use this window to review cross-border structures, exchange control processes and governance frameworks before the draft regulations reshape the compliance landscape.

As mentioned in our earlier article, South Africa is also formally implementing the OECD's Crypto-Asset Reporting Framework ("CARF") as part of its broader automatic exchange of information agenda. The South African Revenue Service ("SARS") has published an External Business Requirement Specification ("BRS") setting out how Reporting Crypto-Asset Service Providers ("RCASPs") must collect, structure and submit crypto-asset data to SARS.

SARS has adopted the OECD CARF XML schema in full and is using it for both international exchange with other tax authorities and domestic reporting by RCASPs to SARS.

The schema includes a South African "wrapper" ("CARF_SARS"), enabling SARS to collect additional domestic third-party data while remaining compatible with the OECD standard. This approach minimises the risk of mismatches when data is exchanged cross-border and should reduce adjustment costs for businesses operating in multiple jurisdictions.

Based on the BRS, RCASPs and affected entities should take the following steps:

• Assess their data readiness by confirming that onboarding/KYC, transaction processing and wallet management systems capture all required user identity and residence data, TINs and alternative identifiers, as well as detailed transaction classifications (by type, token, counterparty status, retail payments and unhosted wallets).
• Upgrade technology and integration by implementing or adapting systems to generate CARF-compliant XML, including the CARF_SARS wrapper. Enforce identifier formats (MessageRefID / DocRefID) and uniqueness, and integrate with SARS eFiling, Connect Direct, or Secure Web channels.
• Design governance and internal controls for periodic CARF data extraction and validation, approval and sign-off of submissions, and management of corrections and status message follow-up.
• Plan to meet the timeline by working backwards from the first mandatory reporting period (commencing 1 March 2026) and the end-May 2027 deadline to ensure adequate time for development, testing, and parallel runs. Engage with SARS through existing industry platforms for clarifications and to stay abreast of evolving requirements.

The key timing milestones are:

• First reporting period: 1 March 2026 – 28 February 2027
• First submission deadline: End of May 2027 (for the 2026/27 period)
• Ongoing annual cycle: 1 March – end February each year, with submissions due by end May
• International exchanges between tax authorities: September 2027 onwards
• Monitor for updates as SARS has indicated that it will expand domestic third-party data requirements over time via additional fields in the CARF XML schema wrapper. These will be aligned with South African tax legislation and developed through existing engagement platforms with industry. Businesses should therefore expect progressive enhancement of required data fields and develop flexible, scalable data architecture capable of adapting to new fields without major rework.

Looking ahead

For crypto-asset service providers and related businesses, CARF is not merely a technical reporting change, it embeds crypto-assets into the global tax transparency infrastructure. Early planning, robust data architecture and strong governance will be critical to manage compliance risk and to operate seamlessly in a regime where tax authorities, both domestic and foreign, will have significantly greater visibility into crypto-asset activity.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.