FICA, the Financial Intelligence Centre Act, is the legislation that requires South African financial institutions to verify who their clients are, understand where their money comes from, and report suspicious activity to the Financial Intelligence Centre. For Bitcoin investors, FICA appears as the onboarding process: you provide your ID, address, tax number and sometimes source of funds.
Most investors experience it as paperwork. The purpose is to prevent money laundering and the financing of terrorism.
For compliant investors with transparent sources of funds, FICA is not a barrier. It creates an auditable record that works in your favour if SARS ever queries your position. For investors with undeclared history or unclear sources of funds, FICA is the mechanism that forces transparency.
| What FICA requires | What this means for you |
|---|---|
| KYC identity verification | Government-issued ID, proof of address, tax number required at onboarding |
| Source of funds declaration | For larger amounts, documentation required: bank statements, inheritance letters, sale proceeds |
| Risk-based due diligence | Higher transaction volumes, unusual patterns or high-risk jurisdictions trigger enhanced checks |
| Suspicious transaction reporting | Activity inconsistent with your profile must be reported to the FIC within 1-5 business days |
| 5-year record retention | All account records, identity documents and correspondence kept for at least five years, available to SARS on request |
What FICA Requires of Licensed Providers
FICA imposes five core obligations on financial institutions, including FSCA-licensed Bitcoin providers.
Know Your Client (KYC): verify the identity of every client through government-issued ID, verify residential address through utility bills or bank statements, and obtain beneficial ownership information for entities. Customer Due Diligence (CDD): gather information about the customer’s occupation, source of funds, intended use of the account and expected transaction volume. Enhanced Due Diligence (EDD): for higher-risk clients or larger transactions, conduct more intensive investigation into source of funds and purpose.
Suspicious Transaction Reporting: if a transaction or pattern looks suspicious, report it to the FIC within a specified timeframe. Suspicious means transactions inconsistent with the customer’s profile, unusual amounts or frequencies, attempts to avoid reporting thresholds, or connections to high-risk jurisdictions.
Record-keeping: maintain all account activity, customer information and correspondence for at least five years, available to law enforcement, the FIC or SARS on request.
For Bitcoin providers, these requirements apply exactly as they apply to banks. SimplB collects your ID, verifies your identity through a face check, confirms your address, asks about your occupation and source of funds, and reports suspicious activity to the FIC. The process is identical to opening a bank account.
Why Compliant Investors Benefit from FICA
For investors who are transparent about the source of their funds, FICA creates an auditable record that works in their favour.
The provider’s FICA documentation becomes evidence of your legitimacy. If SARS queries your Bitcoin position, you can point to FICA records showing that you disclosed the source of funds and that a licensed, regulated institution accepted your account after due diligence. That is a defensible paper trail.
FICA compliance also protects you as an investor. The verification process means you know you are dealing with a licensed, regulated institution subject to FSCA oversight. You are not using an unlicensed offshore platform where you have no recourse if something goes wrong.
For institutional investors and family offices, the value is greater still. A trust holding Bitcoin on SimplB has a complete audit trail: FICA records confirming the trust was verified, CARF reports showing the transactions, custody documentation showing the Bitcoin is held securely. This trail holds up in a tax audit, an estate dispute or a legal challenge to the trust’s management. It is the kind of record that a trustee can point to with confidence.
The Source of Funds Question
When you open a Bitcoin account on a licensed provider, you declare the source of your funds.
For smaller amounts, typically below R1 million, the provider accepts your declaration without supporting documents. For larger amounts, the provider asks for evidence. A bank statement showing the salary transfer. A property sale agreement. An inheritance letter from an estate.
The provider is not interrogating you. It is satisfying its FICA obligation to confirm the source is legitimate. If you declare that the funds came from employment, and you provide a bank statement confirming it, the account opens. If you declare a source that is inconsistent with your documented history, the provider asks more questions or declines.
For investors with complex sources of funds, the right approach is to prepare documentation in advance. A large property sale. A business dividend. A trust distribution. These are all legitimate sources, and documentation confirms them. Arriving at onboarding unprepared and unable to explain the source creates friction that is easily avoided.
The Risk-Based Due Diligence Approach
Not all customers receive identical scrutiny. FICA operates on a risk-based approach.
A salaried employee opening an account to invest R100,000 of bonus income faces lighter due diligence than a business owner with high transaction volumes, a client from a high-risk jurisdiction, or a politically exposed person. The provider assesses risk based on your profile (profession, income, location), the transaction size relative to that profile, the intended use and your residential jurisdiction.
Neither approach is an accusation. The scrutiny level reflects the risk assessment.
The practical implication for investors is that transparency reduces friction. A clear declaration of who you are, what you do and what you intend to do with the Bitcoin moves the process forward. Vague or incomplete answers increase scrutiny and delay.
Suspicious Transaction Reporting
If a provider detects suspicious activity, it must report it to the FIC, typically within one to five business days.
Suspicious activity includes: transactions that deviate significantly from the customer’s declared profile, amounts structured to stay below reporting thresholds, activity connected to high-risk jurisdictions, and patterns that suggest money laundering or fraud.
For compliant investors, this is not a concern. Your activity aligns with your profile. The provider does not flag it.
The problem arises when there is a mismatch between your declared profile and your actual activity. If you declare that you are a pensioner with R5,000 monthly income and then deposit R5 million and buy Bitcoin, the transaction is inconsistent. The provider reports it. The FIC receives the report. The FIC can share relevant information with SARS.
The reporting is not an accusation. It is a flag for potential risk. SARS investigates based on the flags it receives. For investors with legitimate explanations, providing documentation resolves the question quickly. The issue arises for investors who have no explanation.
What Happens If You Provide False Information
Providing false information on FICA forms is a criminal offence.
If you declare a false source of funds, a false occupation or a false residential address, you have committed fraud. If the provider discovers the false information, it must report it. The consequences can include account closure, reporting to law enforcement and potential prosecution.
The FIC and law enforcement actively prosecute FICA fraud. The consequences are serious: criminal conviction, potential imprisonment, and possible confiscation of assets.
For Bitcoin investors with prior undeclared activity who want to bring their position into the regulated system, the correct route is the Voluntary Disclosure Programme, not false declarations at onboarding. Consult a tax advisor before opening a new account if your prior history is complex.
What Information the Provider Retains
When you open a Bitcoin account, the provider collects and stores: your full legal name, ID number, residential address, email, phone number, occupation, employer if applicable, tax file number, bank account details, anticipated transaction size and frequency, and the purpose of the account.
For entities, the provider collects: legal name, registration number, beneficial owners’ identities, the responsible trustee or director, and the entity’s source of income.
This information is retained for at least five years and can be provided to law enforcement, the FIC or SARS on demand. For compliant investors, this record is an asset. It documents your legitimacy in a format that holds up to regulatory scrutiny.
The Cross-Border Dimension
If you hold Bitcoin on a foreign exchange, the cross-border element adds a layer.
Licensed foreign exchanges comply with their own jurisdiction’s equivalent of FICA. The United States has FinCEN requirements. Europe has AML Directives. You may go through FICA-equivalent onboarding with any foreign licensed platform you use.
Beyond that, through AEOI (Automatic Exchange of Information), SARS receives data from other countries’ tax authorities about South African residents’ financial accounts. If you have Bitcoin on a foreign licensed exchange, that exchange may report your activity to its home country’s tax authority, which then passes the information to SARS. Moving Bitcoin offshore does not make it invisible. FICA compliance and AEOI data-sharing give SARS multiple channels to learn about offshore Bitcoin holdings.
Frequently Asked Questions
Does FICA compliance mean my Bitcoin is reported to SARS?
FICA and CARF are separate obligations. FICA requires the provider to verify your identity and retain records. CARF requires the provider to report your transaction history to SARS annually. Both apply to FSCA-licensed providers. FICA records are not automatically shared with SARS, but they can be provided to SARS on demand. The annual CARF transaction report is the main channel through which SARS sees your Bitcoin activity.
What documents do I need for FICA onboarding?
Typically: a valid South African ID or passport, proof of residential address (utility bill or bank statement dated within three months), your tax reference number, and details of your occupation and source of funds. For larger amounts, you may also need to provide bank statements or documentation confirming the source (a salary, property sale or inheritance). The exact requirements depend on the provider and the size of your account.
Will the provider report me to the FIC if I make a large purchase?
A large purchase alone is not sufficient to trigger suspicious transaction reporting. The trigger is a transaction that is inconsistent with your declared profile. A business owner making a large purchase consistent with their declared income and source of funds is not flagged. A salaried employee making a purchase inconsistent with their declared income may be. The provider assesses the transaction in the context of what you disclosed at onboarding.
What if I have undeclared Bitcoin from before I used a licensed provider?
The correct route is to address the prior-year tax position before attempting to bring the Bitcoin into a licensed structure. Opening a new account and declaring a false source of funds to cover undeclared Bitcoin is a criminal offence. The Voluntary Disclosure Programme provides a legal mechanism for correcting prior-year tax gaps. Consult a tax professional before taking any steps.
Does FICA apply differently to trusts and companies holding Bitcoin?
Yes. For entities, the provider must verify the entity’s legal existence, identify all beneficial owners above the relevant threshold, and identify the responsible trustee or director. The FICA requirements are more extensive for entities than for individuals, because there are more people in the ownership chain who must be verified. For trusts, this means all trustees and the trust deed are typically required at onboarding.
Sources
- Financial Intelligence Centre — FICA Legislation: Financial Intelligence Centre Act and associated regulations governing identity verification and source of funds requirements
- FSCA — Crypto Asset Regulatory Framework: FSCA licensing requirements for crypto asset service providers as accountable institutions under FICA
- Financial Intelligence Centre (FIC): FIC guidance on anti-money laundering obligations applicable to South African Bitcoin service providers
- SARS — Crypto Assets Tax Guidance: SARS position on Bitcoin transactions, complementary to FICA compliance obligations
Uncertain about your Bitcoin compliance position?
SimplB helps South African investors structure compliant Bitcoin records and self-custody. If your tax position is uncertain, a short call is a good place to start.
Book a Bitcoin Compliance CallWritten by James Caw, Founder of SimplB. James has helped South Africans understand, buy and secure Bitcoin since 2015. SimplB operates as a Juristic Representative of CAEP Asset Managers, FSP 33933. Last updated: May 2026.
This article is for general educational purposes only and does not constitute financial, legal, tax or exchange control advice. The information reflects the regulatory position as at the date of publication. Your individual circumstances may differ and you should seek qualified professional advice before making any decisions.
