Articles

Is South Africa’s Exchange Control Regulations Fit for the Digital Age of Cryptocurrency?

Posted on by Mikayla Jacobs and Daniel Castling-Bolt

The recent judgment in Standard Bank of South Africa v South African Reserve Bank and Others [2025] ZAGPPHC 481 raised an urgent and timely question: Can South Africa’s age-old Exchange Control Regulations (“Excon Regulations”) adequately govern the complexities of modern digital finance, specifically related to cryptocurrency and decentralized technology?

At the center of the Court’s determination were Regulations 3(1)(c) and 10(1)(c) of the Excon Regulations. Regulation 3 broadly places certain restrictions on “the export of currency, gold, securities etc….” and Regulation 3(1)(c) specifically provides that no payments may be made to persons outside of the country without the Treasury’s permission. Regulation 10(1)(c) places a similar restriction on the export of capital.  Despite minor amendments, the Excon Regulations remain largely unchanged and were being applied to a blockchain technology, which was not in existence when it was first drafted.

The applicant argued that Regulation 3(1)(c) could not be applied to cross border cryptocurrency transactions since cryptocurrency was neither currency, gold, nor a security. They further argued that the transfer of cryptocurrency was not payment since cryptocurrency is not recognized as money or legal tender in South Africa. Regarding Regulation 10(1)(c), the applicant contended that cryptocurrency does not fit into the definition of “capital”, which definition the Court was to restrictively interpret in line with the prevailing precedent. They elaborated that to include cryptocurrency within the meaning of “capital” would require legislative amendment, which goes beyond the Court’s authority.

While the Reserve Bank attempted to counterargue that cryptocurrency fell within the definition of “currency” and that cryptocurrency was a form of payment, the Court agreed with the applicant’s submissions, finding that cryptocurrency does not constitute currency/money or capital and fell beyond the scope of application of the Excon Regulations. In this regard, the Court noted that “a regulatory framework addressing cryptocurrency is long overdue”.

This decision is currently subject to an appeal initiated by the Reserve Bank.

A Legal System at a Crossroads

This case highlights a critical disconnect between financial regulations and the realities of the digital age. While the Excon Regulations were designed to control capital outflows and preserve economic stability, it was never intended to address decentralized digital assets that have become the norm of today’s financial market.

The judgment has called for the development of a clear, fit-for-purpose regulatory framework to govern cryptocurrencies in South Africa. Without legal certainty, financial institutions, regulators, and courts are left to navigate a legal vacuum ill-suited to the global, intangible, and fast-evolving nature of digital finance. With South Africa’s growing interest in digital assets, this case underscores the urgent need for comprehensive and modernized legislation to ensure regulatory clarity, legal certainty, and economic integrity in the age of cryptocurrency.

About the author

Mikayla Jacobs

Mikayla joined Dunsters as a candidate attorney in 2020 and is currently in her second year of articles. She is an alumni of Stellenbosch University where she obtained her BA(Law), LLB and LLM degrees. While completing her LLM she obtained practical experience in the legal field and gained valuable insight into the plight of disadvantaged communities by working as a paralegal at the Stellenbosch University Law Clinic.

Mikayla enjoys general civil litigation and has a keen interest in Company and Tax Law. She particularly enjoys drafting civil pleadings as well as tailoring commercial contracts to suit each client’s unique goals.

In her time off, Mikayla enjoys taking long drives and frequenting outdoor markets.

Daniel Castling-Bolt
We use cookies to analyse website usage and other technical information to improve the functionality of our website   View more
Cookies settings
Accept
Privacy & Cookie policy
Privacy & Cookies policy
Cookies list
Cookie name Active
This policy informs you how we will use your personal information, by using our services and/or website you consent to our use of your personal information for the purposes described herein.
  1. DEFINITIONS
  •  “PERSONAL INFORMATION”
    • Personal Information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to, name and surname; identification number; physical address; contact information such as an email address and telephone number.
  • “DATA SUBJECT”
    • Data Subject means the person to whom personal information relates.
  • “RESPONSIBLE PARTY”
    • Responsible Party means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.
  • “IDENTIFICATION INFORMATION”
    • Identification Information means information that can be used to identify the data subject.
  • “COMPLIANCE INFORMATION”
    • Compliance Information means information that is needed by Dunsters Attorneys for us to be compliant with relevant laws including the Financial Intelligence Centre Act “FICA” and regulatory standards and government orders such as Anti-Money Laundering (AML), Know-Your-Client (KYC) and Counter-Terrorist Financing (CTF).
  •  “COMMUNICATION INFORMATION”
    • Communication Information includes all correspondence such as emails and messages.
  • “FINANCIAL INFORMATION”
    • Financial information means any information relating to payment of invoices, including but not limited to banking information and account details
  1. PERSONAL INFORMATION COLLECTED
  • We may collect website usage and other technical information such as details of your visits to our website through cookies and other tracking technologies. Cookies are small data files stored by your computer to help improve functionality or tailor information to provide visitors with more relevant pages.
  • The information we collect may include information provided to us through your initial correspondence, possibly including:
    • Name and Surname
    • Email address
    • Contact numbers; and/or
  • This may also include information that we may have requested, and you subsequently provided, including, but not limited to:
    • Compliance Information
    • Identification Information
    • Communication Information
    • Financial Information
    • Other Personal Information
  • Reasons for collection of your personal information will be explained to you when we collect/request the information. We may request certain personal information to comply with global industry regulatory standards, local regulatory standards or government orders.
  • You, the data subject, consent to our use of your information in line with this privacy policy and/or any terms of engagement you may sign with us. If you wish to revoke your consent, please email enquiries@dunster.co.za .
  1. ACQUISITION OF PERSONAL INFORMATION
  • We acquire information from you directly, save where accessible from publicly available sources.
  • Information may be collected through various platforms, including:
    • Our onboarding process with you
    • Email engagement
    • Telephonic engagement
    • In-person engagement
    • Cookies
  1. PURPOSE OF COLLECTION OF PERSONAL INFORMATION
    • Your personal information may be collected and saved on our system for the following purposes:
      • To enable us to provide legal services.
      • To send news, updates and marketing information.
      • To review job applications.
      • To comply with legal requirements
    • Your personal information will not be used for the following purposes:
      • We will never use your personal information for direct marketing purposes without your consent (you may opt-out of our newsletter at any time)
      • We will never disclose your personal information to another third party without permission from yourself, unless it is required for fulfilment of our legal services or as mandated by law.
  1. RIGHTS OF DATA SUBJECTS
  • Right of the data subject under the POPI Act include, but are not limited to:
    • Having access to their recorded personal information
    • Requesting correction or amendment to their personal information and to have information corrected or amended
    • Requesting deletion or destruction of personal information from the responsible party’s system
    • Objecting to the processing of personal information
    • Submitting a complaint to the Regulator regarding the alleged interference with the protection of the personal information of any data subject or submitting a complaint to the Regulator (POPIAComplaints@inforegulator.org.za)
    • Instituting civil proceedings regarding the alleged interference with the protection of their personal information.
  1. RETENTION OF RECORDS
  • We will retain your information for the period required by law.
  • Where we retain your contact information for any period other than may be prescribed by law, we retain this information to keep you updated of our various offerings and news. By not unsubscribing from newsletter, you consent to us retaining your personal information on our records indefinitely, for the purposes explained above, including, to keep you informed about news and updates pertaining to Dunsters Attorneys Inc.
  1. SECURITY AND DATA PROTECTION
  • We take reasonable technical and organisational measures to secure the integrity of your personal information and use accepted technological standards to prevent unauthorised access to or disclosure of your personal information, and protect your personal information from misuse, loss, alteration and destruction.
  • The measures that are taken in order to protect your personal information include:
    • Physical measures: access to physical copies of your information is controlled using strict protocol.
    • Electronic measures: firewalls and password protection
  1. DISCLAIMER AND USER OBLIGATIONS
  • While we will take all reasonable steps to ensure the security of your data and personal information according to industry standards, it is not possible to guarantee the complete security of all information provided at all times.
  • We will notify you as soon as reasonably practicable of any breach of security, loss of or damage to your personal information.
  • Data subjects are responsible for taking reasonable precautions to safeguard their personal information.
  • Although we endeavour to ensure your information is as correct as possible, you are responsible for notifying us of any changes to your data or personal information in respect of the services provided and/or your account with us.
  • We will not be held liable for losses of any nature which are due to incorrect data or personal information provided by users in respect of the service provided.
  • We will not be held liable for any loss or damage arising from a security breach or disclosure of your personal information or data, to the maximum extent permitted by law.
  • We shall not be liable for any damage or interruptions caused by any computer viruses or other malicious code that may affect your computer or other equipment, or any phishing, spoofing or other attack.
  • If you suspect that your personal information has been compromised, or that there has been unauthorised use of your email address by any person, or any other violations to the security of the website, please contact us.
Save settings
Cookies settings