The Crypto Travel Rule Is Live — Is Your Practice Ready?
This article will count 0.25 units (15 minutes) of unverifiable CPD. Remember to log these units under your membership profile.
Your client runs a crypto asset service. They've been registered with the FIC since 2022. They've filed their RCR. They think they're compliant. But there's a new layer, and it's been active since April 2025.
The Financial Intelligence Centre (FIC) has just published Public Compliance Communication 61 of 2026 (PCC 61), providing practical guidance on how Crypto Asset Service Providers (CASPs) must implement the so-called "travel rule", a requirement introduced under Directive 9 of 2024, which came into full force on 30 April 2025.
If you advise any CASP clients, or if your clients hold crypto assets and use CASP platforms, this matters to you now.
What is the travel rule — and why does it exist?
The travel rule gets its name from international anti-money laundering standards, specifically FATF Recommendation 16. In plain terms: when a crypto asset is transferred from one party to another, key information about both the originator and the beneficiary must travel with that transaction. Just like a wire transfer carries sender and recipient details, crypto transfers must now do the same.
South Africa introduced this requirement through Directive 9 of 2024, transposing it into the local FIC Act framework. As we covered when the travel rule was first announced, the directive applies to all CASPs registered as accountable institutions under item 22 of Schedule 1 to the FIC Act, and to those CASPs who are also licensed as financial services providers under the FAIS Act (item 12).
PCC 61 now tells CASPs exactly how to comply. It's not a new obligation, it's the instruction manual for one that's already in effect.
What does PCC 61 cover?
PCC 61 provides operational guidance for CASPs on:
The information that must accompany each crypto asset transfer
How to handle transfers involving unhosted wallets
What to do when a counterparty CASP cannot be identified
How to manage the timing of transfers relative to information verification
Record-keeping obligations.
The risk sitting in your client's business
The FIC's 2025 Sector Risk Assessment for CASPs was unambiguous: the crypto sector carries high money laundering and terrorist financing risk. Regulators are watching, and enforcement is real. Failure to comply with Directive 9 can result in administrative sanctions under section 45C of the FIC Act, including significant financial penalties.
Non-compliance isn't theoretical. The FIC has already moved against institutions with low compliance rates in other reporting areas, as seen with the RMCP submission enforcement drive. CASPs who haven't implemented the travel rule — or haven't implemented it correctly — are exposed.
What you should do now
If you advise CASP clients, or if any of your business clients operate in the crypto space, here's where to start:
Read PCC 61, it is the definitive implementation guide.
Check your client's transfer processes, confirm that originator and beneficiary details being captured, verified, and transmitted with each transaction.
Review counterparty CASP relationships — can your client identify the CASPs on the other side of transactions? What protocols are in place when they can't?
Check their goAML message board — the FIC uses it to communicate directly with accountable institutions.
If you're uncertain whether a client qualifies as an accountable institution under Schedule 1, CIBA's guide to accountants as accountable institutions is a solid starting point.
The travel rule isn't new — but the guidance on how to implement it is. Clients who think they've sorted their FIC compliance may have missed this final piece.
👉 Join CIBA and we'll show you how to turn compliance complexity into a service your clients will pay for.
