CARF and Revised CRS in South Africa from January 2026

South Africa will apply the Crypto Asset Reporting Framework and the Revised Common Reporting Standard from January 2026. Reporting Crypto Asset Service Providers with a South African nexus will need stronger data, controls, and governance to meet the new obligations.

Who is in scope:

Reporting Crypto Asset Service Providers that have a South African nexus
 (for example, exchanges, brokers, custodians, and related platforms serving SA customers or operating from SA).

What must be reported:

• Customer identity data including TINs where applicable.
• Transaction information grouped by asset and flow type:
  

1. Fiat buys and sells
2. Crypto to crypto transactions
3. Retail payments
4. Transfers, including to addresses not known to be with a VASP or financial institution.
5. Amounts reported in ZAR using one documented valuation policy.

Timelines: 

Go live: January 2026.

What this means:

• Reporting Crypto Asset Service Providers with a South African nexus will need clean customer data including TINs where applicable.
• Transactions must be classified by asset and flow type and reported in ZAR using a single, documented valuation policy.
• Build an audit ready reporting pipeline that aggregates correctly, reconciles to the ledger, and protects identity data with clear access, retention, and logging controls.
• Treat 2025 as the execution window so your first reports in 2026 are routine, not a scramble.

Why this matters:

Clear data, consistent ZAR valuation, and repeatable reporting build trust with banks and auditors and prevent 2026 fire drills.

Practical next steps:

1. Data model: build a field by field mapping from source to transform to target.
2. Classification: standardise flows for buy, sell, crypto to crypto, retail payment, and transfer.
3. Valuation: select one ZAR rate source, fix timestamp and rounding rules, and store the rate used per transaction.
4. Controls: tighten onboarding, sanctions screening, and wallet transfer approvals.
5. Reporting: keep event level records, aggregate by asset and flow per period, and reconcile to the ledger.
6. Governance: set owners, SLAs, access rules, retention, and a runbook for errors and regulator queries.
7. Dry run: produce a full test extract on recent data and resolve gaps.

Partner and audit expectations:

Banks and auditors will look for a clear data dictionary, a documented ZAR valuation policy, proven reconciliation from events to aggregates, and evidence that controls operate as designed.