Policy Document Supporting the Declaration of Crypto Assets as Financial Products under the FAIS Act

POLICY DOCUMENT SUPPORTING THE DECLARATION OF A CRYPTO ASSET AS A FINANCIAL PRODUCT UNDER THE FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT DATE OF ISSUE: 19 OCTOBER 2022

1.1 This document relates to the publication of the Declaration of a Crypto Asset as a Financial Product (Declaration) under the Financial Advisory and Intermediary Services Act, 2002 (Act No. 37 of 2002) (FAIS Act). The Declaration was published on 19 October 2022 in the Government Gazette as well as the Financial Sector Conduct Authority’s (FSCA) website and was made in terms paragraph (h) of the definition of “financial product” as defined in section 1 of the FAIS Act. 1.2 The purpose of this document is to provide – • background to and contextualise the Declaration; • an overview of the consultation process that was followed when making the Declaration; • clarity on the effect of the Declaration, including transitional provisions, and the approach the FSCA is taking in establishing a regulatory and licensing framework under the FAIS Act that would be applicable to Financial Services Providers (FSP) that render financial services in relation to crypto assets. 2.1 On 20 November 2020, the FSCA published the draft Declaration of a Crypto Asset as a Financial Product under the Financial Advisory and Intermediary Services Act, 2002 (Draft Declaration). The draft Declaration was informed by policy developments pertaining to the regulation of crypto assets - further detail on these developments and rationale informing the draft Declaration was communicated in the document titled “Statement in support of the draft Declaration of a Crypto Asset as a Financial Product under the Financial Advisory and Intermediary Services Act” (“Supporting Statement”) which was published alongside the draft Declaration. 2.2 As was explained in the Supporting Statement, there was mounting risk in the crypto asset environment due to an exponential increase in the provision of crypto assets in South Africa and, coinciding with that, the rapid growth in interest in the use of crypto assets for investment purposes. These risks were further exacerbated by a significant increase in scams and fraudulent activities positioned as providing crypto asset related investment opportunities. 2.3 Declaring crypto assets as a financial product under the FAIS Act was therefore viewed as a critical interim step towards protecting customers in the crypto asset environment, pending the conclusion of broader developments surrounding crypto assets through, for example, the Conduct of Financial Institutions (COFI) Bill. 2.4 Subsequent to the publication of the draft Declaration, various developments surrounding crypto assets, both locally and internationally, unfolded. Internationally, various regulators across the world took steps to start regulating crypto assets and international standard-setting bodies released a range of literature pertaining to the regulation of crypto assets. 2.5 Locally, on 20 September 2020 the second version of the COFI Bill was published and flagged that crypto assets are under consideration for inclusion in the Bill.1 On 11 June 2021, the Crypto Asset Regulatory Working Group, published a Position Paper on Crypto Assets (“Position Paper”). The Position Paper was in support of 1 See National Treasury’s “Response document supporting the revised Conduct of Financial Institutions Bill September 2020”. 1 PURPOSE 2. BACKGROUND

the FSCA proceeding to finalise the Declaration (see Recommendation 9.1 in this regard). In addition, the Position Paper also confirmed that the Declaration is viewed as an interim measure; once the Conduct of Financial Institutions (COFI) Bill has been enacted, the FAIS Act will be repealed and crypto asset-related financial services will be addressed under the COFI Act. 2.6 After publishing the draft Declaration, the FSCA undertook further work and progressed three concurrent processes: 2.6.1 The FSCA considered all the comments received on the draft Declaration and made the necessary changes to it based on the comments received; 2.6.2 As flagged in paragraph 6 of the Supporting Statement that was published alongside the draft Declaration, the FSCA undertook an assessment of the current regulatory and licencing framework contained in the FAIS Act, to identify the extent to which the existing requirements in the FAIS Act can be applied to Crypto Asset FSPs, whether specific exemptions might be necessary and whether it is necessary to develop a specific code of conduct for Crypto Asset FSPs; and 2.6.3 The FSCA conducted an industry survey through a Request for Information on crypto asset related activities performed by FSPs (published on 12 April 2022). The intention of the survey was to obtain a better understanding of the extent to which currently licensed FSPs operate in the crypto asset environment. Financial Action Task Force Mutual Evaluation Report 2.7 South Africa is a member of the Financial Action Task Force (FATF), an inter-governmental global anti money laundering and terrorist financing body, that sets international standards aiming to prevent these illegal activities and the harm such cause to society. As a member of FATF, South Africa must adhere to the FATF Recommendations. 2.8 During 2019, the FATF conducted a country review of South Africa in the context of the FATF Recommendations and made findings and accompanying recommendations to be remediated in its Mutual Evaluation Report (MER). Recommendations not fully remediated or significantly progressed by October 2022 can lead South Africa to be placed on the FATF grey-list, which could have materially negative consequences for the country as a whole. 2.9 The FATF MER states that: “There are no requirements for VASPs (Virtual Asset Service Providers) to be licensed or registered and they are not subject to AML/CFT supervision.”. One of the key findings in the MER related thereto that (emphasis added): “Regarding VAs and VASPs South Africa has taken its first steps in setting up a risk mapping exercise, but is not adequately identifying, assessing, and understanding risks yet. Therefore, no risk-based measures are taken, VASPs are not required to take AML/CFT measures beyond the reporting obligation (which is addressed to all businesses), and are not subject to licensing or registration, nor supervised. These are major deficiencies.” 2.10 When the Declaration as it relates to crypto asset providers be made final, this will put in place a regulatory and licensing regime for Crypto Asset FSPs, having the effect that these FSPs will be required to be licensed and consequently be subject to regulatory oversight and supervision. This substantially addresses the FATF MER finding referred to above. 3. CONSULTATION PROCESS

3.1 A total of 94 individual comments were received on the draft Declaration that was published for comments on 20 November 2020, comprising 22 different commentators. 3.2 The FSCA processed all the comments received and a general account of the issues raised during the consultation process is set out below. In addition, Annexure A attached to this document contains a detailed response matrix, which reflects all the individual comments received as well as the FSCA’s responses to such comments. General account of issues raised during the consultation process No Issue FSCA response 1 Definition of “crypto assets” Commentators expressed views that the definition of crypto assets as contained in the draft Declaration may be too vague or broad and this may lead to unintended consequences. Various questions were asked regarding specific products or activities and whether those are included or excluded from the definition. A concern was also raised that the definition could perhaps lead to the capturing of loyalty credits and/or rewards programs. It was also stated that there should be full alignment between how the FSCA defines crypto assets and how other forums or frameworks in the South African context define the term such as the CAR WG definition in its consultation paper and position paper, and especially the definition contained in the proposed amendments to the Financial Intelligence Centre Act, No. 38 of 2001. The definition that was included in the Draft Declaration was intended to align with the definition of virtual assets contained in the Financial Action Task Force Recommendations.2 At the stage of publishing the draft Declaration, the Crypto Asset Regulatory Working Group (CAR WG) was still in the process of developing and agreeing on a definition of crypto assets for the South African context. In the CAR WG’s Position Paper of 11 June 2021, a definition of crypto assets was proposed for adoption across all regulatory authorities and bodies in South Africa. All regulatory authorities (including the FSCA) provided inputs and agreed to the definition contained in the CAR WG Position Paper. This is the definition that is included in the final Declaration. The FSCA believes that this definition will to a large extent resolve most of the concerns raised on this matter. 2 Distinction between types of crypto assets Some commentators stated that the draft Declaration paints all crypto assets with the same brush, which may result in unintended consequences. For example, it was mentioned that crypto assets can represent currencies, utility tokens, securities, vouchers, property, gold, non￾fungible tokens (NFTs) like art and effectively any tokenized assets in the world. The FSCA aims to remain technology-neutral with the objective of enabling responsible innovation in the crypto asset ecosystem while ensuring a level playing field between both incumbent and new role players while providing protection to financial customers. It is therefore the intent to regulate in a manner that is technology-neutral and principle-based, as far as possible. It is acknowledged that the definition used in the draft Declaration and even the narrower definition contained in the CAR WG’s Position Paper of 11 June 2021 will still capture for instance NFTs or collectibles like digital art. These granular categorisations will be considered in the future framework. The FSCA is empowered in terms of the Financial Sector Regulation Act (Act 9 of 2017) (FSR Act) to exempt a person from requirements within the regulatory framework, should sufficient grounds exist to exempt a specific type of Crypto Asset FSP. However, we acknowledge that the inclusion of financial services related to NFT’s is not 2 The FATF Recommendations defines virtual asset as follows: A virtual asset is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities and other financial assets that are already covered elsewhere in the FATF Recommendations.

General account of issues raised during the consultation process No Issue FSCA response appropriate at this stage. In this regard please refer to paragraph 4.6 below. As such, persons rendering financial services in relation to non-fungible tokens (and other types of crypto assets) as defined are exempted from section 7(1) of the FAIS Act. 3 Legality of Declaration Various commentators questioned the legality of the draft Declaration on the basis that crypto assets are not “similar in nature to any financial product” as is required for a declaration.3 Some commentators suggested that crypto assets should rather be designated as a financial product in terms of section 2(2) of the FSR Act. The FSCA had interrogated this issue in detail prior to the publishing of the draft Declaration and identified numerous similarities between crypto assets and traditional financial products. Different crypto assets have different features, behaviours, and uses. While some behave as a commodity or a form of payment, others behave more akin to securities and/or foreign currency-denominated investment instruments. Some crypto assets may have a combination of elements of different types of financial products currently regulated under the FAIS Act. Further to the above, the way in which certain crypto assets are used (i.e., the purpose for which it is used) mimics the way in which certain traditional financial products are used. These crypto assets are also marketed or provided to customers in the same manner as traditional financial products. In other words, certain crypto assets are used and marketed as a substitute for traditional financial products. Based on the FSCA’s analysis, the FSCA remains of the view that sufficient similarities exist and strong arguments proving the contrary have not been made. As such, we are not in agreement with the assertions made regarding the legality of the Declaration. Although the FSCA also has the regulatory authority to designate crypto assets as a financial product in terms of the FSR Act, the Authority is of the view that in this instance it would be more appropriate to make the declaration under the FAIS Act as proposed. As a long￾term more holistic approach, the activities relating to crypto assets that need to be regulated will be captured under the licensing activities of the COFI Bill. 4 Uncertainty regarding the approach to licensing: Various commentators raised questions in respect of the licensing of Crypto Asset FSPs, for example, what the licensing and competency requirements will be for Crypto Asset FSPs, whether the Code of Conduct for Administrative FSPs will be amended to cater for Crypto Asset FSPs, under which category of FSP will Crypto Asset FSPs falls and whether there will be a grace period for As explained in this document in more detail, the FSCA undertook an assessment of the current regulatory and licensing framework contained in the FAIS Act to identify the extent to which the existing requirements in the FAIS Act can be applied to Crypto Asset FSPs. The findings and recommendations flowing from the assessment are discussed in detail below. The FSCA believes that this will address concerns surrounding the licensing and regulatory framework that will apply to Crypto Asset FSPs. 3 Paragraph (h) of the definition of ‘financial product provides: any other product similar in nature to any financial product referred to in paragraphs (a) to (g), inclusive, declared by the Authority by notice in the Gazette to be a financial product for the purposes of this Act.

General account of issues raised during the consultation process No Issue FSCA response applicants whose applications are declined to re￾apply. Furthermore, commentators raised issues regarding foreign cryptocurrency exchanges (such as Binance, based in China) and whether they would need to comply with South African requirements in terms of this Declaration if they are not listed or incorporated in South-Africa. 5 Transitional arrangements: Commentators’ opinions on whether the proposed transitional periods are appropriate varied, although very few indicated that the 4-month period within which a licence application must be submitted would not be sufficient. One commentator suggested a 6-month period, one an 8-month period and one a 2-year period. The FSCA reiterates that the proposed 4-month period is the period within which a licence application must be submitted to the Authority. In this context, the FSCA believes that an extended period for submitting a licence application, such as the proposed two years, is not necessary and cannot be justified. Notwithstanding, the FSCA has decided to extend the period to submit a licence application from four months to six months in order to afford applicants additional time to complete the relevant licence application. In addition, the period for submitting a licence application will only commence next year, meaning that a person has an additional time period (i.e. between the effect date of the Declaration and the opening of the licensing process) to start preparing its licence application. As per the Exemption published together with the Declaration, once an application has been submitted, the applicant may continue rendering financial services while the application is under consideration by the FSCA. 6 Anticipated impact of the draft declaration Some of the commentators expressed concerns regarding the possible complexity and costs of compliance and also the proportionality of the compliance burden when it comes to larger versus smaller exchanges. The FSCA notes the concerns regarding complexity and cost implications. The FSCA acknowledges that it is inevitable that the Declaration will have a cost implication on Crypto Asset FSPs. However, the FSCA is of the view that the risks that will be mitigated by bringing Crypto Asset FSPs within the regulatory net and the outcomes that the Declaration, read with the FAIS Act, are intending to achieve to the benefit of the financial services industry outweighs the potential cost implications. The comment regarding proportionality is also noted. However, this is not an issue that is peculiar to the Crypto Asset FSP environment. The FSCA has taken demonstratable steps to facilitate a proportional approach to financial sector regulation, both from the perspective of the regulatory framework by moving to a more outcome- and principles-based approach and through the FSCA supervisory approach. The FSCA will continue giving effect to a proportionate approach through the COFI Bill, once enacted, will further support the FSCA in giving effect to the principle of proportionality.

POLICY DOCUMENT SUPPORTING THE DECLARATION OF A CRYPTO ASSET AS A FINANCIAL PRODUCT UNDER THE FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 7 4.1 The FSCA remains of the view that crypto asset related activities pose significant risks to financial customers, as was elaborated on in the draft Declaration Supporting Statement. Local and international developments have also highlighted the need to urgently start regulating crypto asset activities, further exacerbated by the FATF MER. 4.2 As a result, the final Declaration was published in the Government Gazette as well as on the FSCA’s website on 19 October 2022 (the Declaration). The Declaration has the effect that any person who, as a regular feature of the business of such person, renders financial services (as defined in section 1 of the FAIS Act) in relation to crypto assets, as defined in the Declaration, must – • either be authorised under section 8 of the FAIS Act as an FSP or be appointed as a representative of an authorised FSP under section 13 of the FAIS Act; and • comply with the requirements of the FAIS Act and its subordinate legislation. 4.3 Any person who, as a regular feature of the business of such person, renders financial services in relation to crypto assets without a licence will be in contravention of section 7(1) of the FAIS Act, unless exempted. In addition, in terms of section 36(a) of the FAIS Act, a contravention of section 7(1) of the FAIS Act constitutes an offence and a person found guilty of such an offence is, on conviction, liable to a fine not exceeding R10 million or imprisonment for a period not exceeding 10 years, or both such fine and such imprisonment. 4.4 The FSCA acknowledges that there are currently various persons who, as a regular feature of their business, conduct crypto asset related activities that fall within the definition of “financial services” as defined in the FAIS Act. As such, appropriate transitional provisions must be provided, so that the business activities of such persons are not unduly disrupted, and that they have appropriate time to compile and submit a licence application under section 8 of the FAIS Act. 4.5 To facilitate transition, the FSCA also published a general exemption from section 7(1) of the FAIS Act alongside the Declaration. The exemption is a temporary exemption that exempts any person from section 7(1) of the FAIS Act (i.e. the requirement to be licensed), on the condition that such person must – • apply for a licence under section 8 of the FAIS between 1 June 2023 and 30 November 2023. This means that a person rendering financial services in relation to crypto assets at the time that the Declaration takes effect can continue to do so without contravening the FAIS Act, provided that a licence application is submitted within the stipulated period. The exemption will remain valid until the person’s licence application has been approved or rejected. If a person does not submit a licence application within the stipulated period, the exemption lapses; • immediately comply with Chapter 2 of the Determination of Fit and Proper Requirements for Financial Services Providers, 2017, published by Board Notice 194 of 2017 in Government Gazette No. 41321 on 15 December 2017, as amended from time to time (Determination). Chapter 2 sets out the Honesty, Integrity and Good Standing requirements that apply to all FSPs, 4. FINAL DECLARATION - EFFECT, SCOPE, LICENSING AND TRANSITIONAL PROVISIONS

POLICY DOCUMENT SUPPORTING THE DECLARATION OF A CRYPTO ASSET AS A FINANCIAL PRODUCT UNDER THE FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 8 key individuals and representatives; • immediately comply with section 2 of the General Code of Conduct for Authorised Financial Services Providers and Representatives, 2003 (General Code) as if it is a licensed FSP. Section 2 of the General Code provides that an FSP must at all times render financial services honestly, fairly, with due skill, care and diligence, and in the interests of clients and the integrity of the financial services industry; • comply with the rest of the General Code by 1 December 2023; and • provide the FSCA with any information the FSCA requests that is in the possession of, or under the control of, the person, that is relevant to the financial services and/or similar activities rendered by such person. Exemption of persons rendering certain types of crypto asset financial services 4.6 As explained in the Table under paragraph 3.,2 above, the FSCA acknowledges that in the case of specific types of crypto asset financial services rendered, these should not at this stage be subject to the oversight of the FSCA. These specific types of activities are discussed in more detail below: Mining nodes and node operators Considering the wide definition of intermediary services under the FAIS Act, which includes services relating to dealing, managing, administering, servicing and maintaining financial products, the net is cast very wide in respect of participants in the crypto asset eco system. Node operators that are not mining nodes as well as those who are mining nodes will according to our analysis be captured under the definition and therefore under the declaration. These participants perform crucial services in respect of the integrity and trustworthiness of the system including batching transactions, verifying and recording transactions and providing infrastructure. In the FSCA’s view, mining nodes and node operators pose a low consumer risk. Mining nodes and node operators’ activities do not truly fall within the ambit of "crypto asset services" provided to customers, as their services are provided in the context of supporting the network and not necessarily to service clients or a product provider. The activities of these nodes do not directly impact the customers and further protection is offered as the activities are accepted and verified by other participants. New participants are constantly joining the crypto asset eco system, and their activities are constantly evolving. We must therefore be selective in the persons and activities that we address and prioritise in this interim step under the FAIS Declaration. To apply the FAIS licensing and other requirements to these particular persons and activities would be disproportionate to the risk posed by other crypto asset service providers, for instance the exchanges. Internationally, the focus on mining nodes have been more focused on the climate and energy implications of the mining activity as the computing power required to solve the mathematical puzzles is energy intensive. From a consumer protection

POLICY DOCUMENT SUPPORTING THE DECLARATION OF A CRYPTO ASSET AS A FINANCIAL PRODUCT UNDER THE FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 9 perspective, the mining of cryptocurrencies does not typically fall within the regulatory perimeter of financial sector regulators. For example, the existing United Kingdom financial sector regulatory perimeter does not include the mining of Bitcoin, 4 and in Singapore, the Monetary Authority of Singapore (MAS) also do not have regulations specifically dealing with crypto miners. As such, it is the FSCA’s view that mining nodes and node operators should not, at this stage, be subject to FSCA oversight. Non-fungible tokens Non-fungible tokens (NFTs) are cryptographic assets on a blockchain with unique identification codes and metadata that distinguish them from each other. Unlike cryptocurrencies, they cannot be traded or exchanged at equivalency. This differs from fungible tokens like cryptocurrencies, which are identical to each other and, therefore, can serve as a medium for commercial transactions. One example of NFTs is digital art (where value is determined by the beholder, and unique identifiers, e.g., title deeds etc.). Considering the definition of crypto assets, NFTs regardless of whether they are used as unique identifier or for digital art would be captured by the definition, requiring providers to be regulated. While there has been an increased demand in global online NFT marketplaces, this has not yet been noted in the South-African landscape and is still in its infancy.5 NFTs are currently in the main associated with digital art, and the research available on the views from other regulatory authorities suggests that whether and how NFTs are regulated will depend on exactly how an NFT is used. NFTs as digital art are not similar to and are not traded in a similar manner as other crypto assets, and as such not a use case in the recommendations in the CARWG Position Paper. NFTs are vehicles used for representing unique assets and valuable because they represent valuable assets (art) and are made scarce due to their non-fungible properties. This is very different from for instance Bitcoin where prices increase through widespread adoption. Currently, there are no laws or regulations that apply to NFTs in the majority of international jurisdictions. For instance, in the United States, and the United Kingdom, there are no specific NFT regulations, but certain NFT crypto-asset types may fall under existing federal laws in the United Stated due to the wide treatment of crypto assets as securities. Under the securities laws in the United States, for example, the Securities and Exchange Commission (SEC) may treat certain types of NFT as security. In Germany, the German government stated that no changes to the legal system were anticipated as a result of the development of NFT last year. In Singapore, NFTs are not considered as legal tender in Singapore and not regulated by MAS. As such, it is the FSCA’s view that services related to NFT’s should not, at this stage, be subject to FSCA oversight. 4 https://thelawreviews.co.uk/title/the-virtual-currency-regulation-review/united-kingdom 5 https://www.itweb.co.za/content/Olx4zMknOYB756km

POLICY DOCUMENT SUPPORTING THE DECLARATION OF A CRYPTO ASSET AS A FINANCIAL PRODUCT UNDER THE FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 10 4.7 Consequently, the general exemption referred to in paragraph 4.5 further seeks to exempt the following crypto asset ecosystem participants from the requirements of the FAIS Act: • Crypto asset miners that, alone or in a mining pool, use computers or specialized hardware to participate in blockchain processing by verifying and adding new transactions to the blockchain; • Node operators that run software that keep a complete or pruned version of the blockchain and broadcasts transactions across the network; and • Persons rendering financial services in respect of crypto assets recorded on a blockchain with unique identification, that distinguish them from each other and can be associated with real-world objects i.e., non-fungible tokens. Crypto asset derivative instruments 4.8 The Financial Markets Act, 2012 (Act No. 19 of 2012) (FMA) defines a “derivative instrument” as a financial instrument or contract that creates rights and obligations and whose value depends on or is derived from the value of one or more underlying asset, rate or index, on a measure of economic value or on a default event. 4.9 A contract that creates rights and obligations and whose value depends on or is derived from the value of one or more crypto asset (crypto asset derivative) is therefore a derivative instrument as defined in the FMA. 4.10 In turn, the FMA defines “securities” as including a derivative instrument and the FAIS Act defines a financial product as including “securities” as defined in the FMA. 4.11 As such, financial services rendered in relation to crypto asset derivatives have always been subject to the FAIS Act. 4.12 It is therefore important to note that the Declaration does not apply to or affect financial services rendered in relation to crypto asset derivatives; FSPs providing financial services in relation to crypto asset derivatives are already subject to the requirements of the FAIS Act and are not subject to the general exemption discussed above. Further, providers of crypto asset derivatives remain subject to the FMA. 5.1 As discussed above, an assessment of the current regulatory framework was undertaken to identify the extent to which the existing requirements in the FAIS Act can be applied to FSPs rendering financial services in relation to crypto assets (Crypto Asset FSPs). The FSCA has finalised this assessment and thereby its view on how, and the extent to which, the FAIS Act can and will apply to Crypto Asset FSPs. 5.2 The majority of requirements under the FAIS Act is contained in the FAIS Act itself, the General Code of Conduct for Authorised Financial Services Providers and Representatives, 2003 (the General Code) and the Determination of Fit and Proper Requirements for Financial Services Providers, 2017 (Fit and Proper Requirements). The extent to which the FAIS Act, licence application forms, General Code, Fit and Proper Requirements can and will apply to Crypto Asset FSPs are discussed, respectively, below. 5.3 FAIS Act 5.3.1 The FAIS Act (i.e. excluding subordinate legislation etc. made under the FAIS Act) is to 5. A REGULATORY FRAMEWORK FOR CRYPTO ASSET FSPs

POLICY DOCUMENT SUPPORTING THE DECLARATION OF A CRYPTO ASSET AS A FINANCIAL PRODUCT UNDER THE FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 11 a large extent enabling in the sense that it provides for various administrative matters,6 and does not impose significant requirements that apply directly to FSPs. 5.3.2 The only requirements in the FAIS Act that apply to FSPs directly are: Chapter I that addresses the authorisation/licensing framework for FSPs; Chapter III dealing with representatives; and Chapter V setting out the duties of authorised FSPs (including requirements relating to compliance officers and arrangements, maintenance of records and accounting and audit requirements). 5.3.3 In considering the above, the FSCA holds the view that all of the requirements referred to in paragraph 5.3 are appropriate in the context of Crypto Asset FSPs.7 Therefore, the FSCA submits that no specific exemptions from the FAIS Act in the context of Crypto Asset FSPs are necessary. 5.4 Licensing framework / application forms 5.4.1 In terms of section 8(1) of the FAIS Act, an application for authorisation as an FSP must be submitted to the FSCA in the form and manner determined by the FSCA by notice on its website. 5.4.2 On 15 May 2009, the then Registrar of FSPs published the form and manner of FSP licence applications in Board Notice 60 in Government Gazette 32227 (BN 60), which has subsequently been amended from time to time. 5.4.2 Section 8(3) of the FAIS Act states that after consideration of a licence application, the FSCA must grant the application if it is satisfied that the applicant and its key individuals comply with the requirements of the FAIS Act, or not approve the application if the FSCA is not satisfied that the applicant and its key individuals comply with the requirements of the FAIS Act. 5.4.3 The licence application forms, as determined in BN 60, contain the information that – • an FSP must submit as part of a licence application, and which • the FSCA will consider when assessing whether or not an FSP complies with the FAIS Act and whether or not a licence must be granted. 5.4.4 The licence application forms (Forms FSP 1 – FSP 13) were assessed in order to determine the extent to which the information requested through the forms is appropriate in the context of Crypto Asset FSPs, and/or whether any other information might be necessary for purposes of a Crypto Asset FSP licence application. The findings of the assessment were that most of the information contained in the licence application forms (Forms FSP 1 – FSP 13) are generic in nature and do not make a distinction between types of financial products. Also, the information requested in the forms (e.g., information relating to the business and business activities, directors, shareholders, fitness and propriety, operational ability, financial soundness, external auditors and the like) are all very relevant in the context of a Crypto Asset FSP. 5.4.6 Some forms, including Forms FSP 2, FSP 4C, FSP 4D and FSP 5, request information per specific product categories and do not make provision for a crypto asset category. 5.4.7 Therefore, most of the licence application forms are appropriate as is, with the exception of Forms FSP 2, FSP 4C, FSP 4D and FSP 5, that have to be amended to make provision for a crypto asset product category. 6 E.g. it provides the FSCA with enforcement powers, deals with Ombud related matters, creates empowering provisions for the FSCA to make certain regulatory instruments such as codes of conduct, determinations etc. 7 With regards to section 19(3) of the FAIS Act, please see discussion in paragraphs 5.15 and 5.16 below.

POLICY DOCUMENT SUPPORTING THE DECLARATION OF A CRYPTO ASSET AS A FINANCIAL PRODUCT UNDER THE FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 12 5.5 General Code 5.5.1 Although detailed, most of the requirements in the General Code are “product agnostic”, meaning that the requirements do not apply in the context of a specific financial product, but apply to the institution in respect of specific areas of business conduct and can be applied regardless of the financial products concerned. For example: (a) General: The general duty of rendering financial services honestly, fairly, with due skill, care and diligence, and in the interests of clients and the integrity of the financial services industry (as contained in section 2 of the General Code of Conduct) should apply to any FSP, including a Crypto Asset FSP; (b) Conflicts of interest: The relevance of conflicts of interest when rendering financial services in relation to crypto assets is similar to rendering financial services in relation to any other financial product. The conflicts of interest provisions are general in nature (see sections 3(1)(b) and 3A of the General Code) and can be applied to Crypto Asset FSPs. (c) Disclosure requirements: The disclosure requirements (provider and product disclosures) are general in nature and merely require that specific information regarding the provider, financial service, product and so on, must be provided. The requirements are sufficiently principles-based to ensure that they can be applied to financial services rendered in respect of any financial product, including in a Crypto Asset FSP environment. (d) Advice requirements: The principles informing the advice process requirements remain the same regardless of the financial product on which the FSP is advising. For example, whether an FSP is advising a client to invest in securities, collective investment schemes or crypto assets, the FSP will have to acquire sufficient information regarding the client's needs and objectives, financial situation, risk profile, financial product knowledge and experience etc., conduct a suitability analysis and base the advice on such suitability analysis. (e) Advertising requirements: The advertising requirements contained in the General Code of Conduct are, again, general in nature and apply regardless of the financial product concerned. There is no justification for excluding any of the advertising requirements in the Crypto Asset FSP context. On the contrary, advertising in the crypto environment is especially problematic and the FSCA has seen various examples of misleading advertising taking place where, for example, unrealistic returns are guaranteed. (f) Complaints management process: Principles requiring an appropriate complaints management process are universal and can therefore be applied in a crypto environment. Therefore, the complaint management requirements in the General Code of Conduct are appropriate in the context of Crypto Asset FSPs. (g) Termination of agreement or business: In any situation it is critical that where a provider-client agreement is terminated for whichever reason, such termination and conclusion of business is done in an orderly manner, including giving a client appropriate notice of the termination. Section 20 of the General Code of Conduct sets general high-level requirements in this regard, and these requirements are therefore applicable in a Crypto Asset FSP environment, similar to applicability in the context of any other FSP. (h) Waiver of rights: Section 21 of the General Code of Conduct contains a prohibition on inducing a client to waive any right afforded to such client under the General Code of Conduct or accepting any such waiver. Again, this requirement applies universally and is therefore relevant in the context of Crypto Asset FSPs. (i) Risk management and a system of internal control: Proper risk management and a system of internal control is a critical component of any business. Therefore, section 21 of the General Code of Conduct which sets high-level requirements relating to the implementation of risk management procedures and internal

POLICY DOCUMENT SUPPORTING THE DECLARATION OF A CRYPTO ASSET AS A FINANCIAL PRODUCT UNDER THE FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 13 controls, is equally critical in a Crypto Asset FSP environment and can apply in its current form. Guarantees or professional indemnity or fidelity insurance cover 5.5.2 Section 13 of the General Code of Conduct, read with Board Notice 123 of 2009, requires that FSPs must maintain in force suitable guarantees or professional indemnity or fidelity insurance cover. Note that certain FSPs are already exempted from this requirement.8 5.5.3 Applying this requirement to a Crypto Asset FSP might pose a challenge, considering that crypto assets are inherently risky in nature and widespread uncertainty and apprehensions surrounding the viability and appropriateness of crypto assets exist. This creates uncertainty whether there would be capacity and/or willingness in the insurance market to provide professional indemnity insurance to Crypto Asset FSPs. The same argument applies in respect of the issuing of guarantees. If there is indeed a lack of capacity and/or willingness as explained above, it will become difficult and impractical for Crypto Asset FSPs to comply with this requirement. 5.5.4 Therefore, and similar to how certain other FSPs have been exempted, the FSCA is considering exempting Crypto Asset FSPs from the requirements in section 13 of the General Code of Conduct and Board Notice 123 of 2009, pending further investigation regarding the extent to which there is capacity and willingness in the market to provide professional indemnity insurance and/or guarantees to Crypto Asset FSPs. Custody of financial products and funds 5.5.5 There may be some ambiguity as to how the various custody requirements must be applied in the context of Crypto Asset FSPs. 5.5.6 Section 10 of the General Code of Conduct sets requirements for FSPs who receive or hold financial products or funds of or on behalf of a client. In some instances, a Crypto Asset FSP would receive and hold funds (money) from clients before purchasing crypto assets with such funds. In those instances, the majority of section 10 applies to the holding of such funds. 5.5.7 In other instances, a Crypto Asset FSP does not hold or control the client’s funds, but rather the client’s assets (crypto assets). Section 10 of the General Code of Conduct, in addition to the requirements prescribed for FSPs who receives or holds financial products or funds for on behalf of a client, also prescribes requirements for FSPs who hold or control assets on behalf of clients. These requirements will then apply to Crypto Asset FSPs, insofar as these Crypto Asset FSPs hold and/or control crypto assets on behalf of the client. Examples include: (a) Section 10(1), which states that an FSP that holds financial products on behalf of a client must account for such products properly and promptly; (b) Section 10(1)(c), which states that where an FSP (or a third party on behalf of an FSP) is in control of financial products, it must take reasonable steps to ensure that they are adequately safeguarded; and (c) Section 10(1)(e), which states that an FSP that holds financial products on behalf of a client must take reasonable steps to ensure that –

• at all times such financial products are dealt with strictly in accordance with the mandate given to the provider; and 8 See FAIS Notice 50 of 2015 and amended by FSCA FAIS Notice 68 of 2020; FAIS Notice 122 of 2017 and amended by FSCA Notice 69 of 2020; and FAIS Notice 110 of 2017.

POLICY DOCUMENT SUPPORTING THE DECLARATION OF A CRYPTO ASSET AS A FINANCIAL PRODUCT UNDER THE FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 14

• client financial products are readily discernible from private assets or funds of the provider. 5.5.8 In addition, the Financial Institutions (Protection of Funds) Act, 2001 (Act No. 28 of 2001) (FI Act) defines “trust property” as “any corporeal or incorporeal, movable or immovable asset invested, held, kept in safe custody, controlled, administered or alienated by any person, partnership, company or trust for, or on behalf of, another person, partnership, company or trust, and such other person, partnership, company or trust is hereinafter referred to as the principal”. In the FSCA’s opinion, the holding or keeping of a crypto asset in safe custody or administering a crypto asset on behalf of a client, will result in such crypto asset constituting trust property as defined in the FI Act. 5.5.9 To the extent that crypto assets constitute trust property as defined, various provisions of the FI Act will apply to a Crypto Asset FSP. For example: (a) Section 4(1) of the FI Act: “A financial institution, or director, member, partner, official, employee or agent of a financial institution which administers trust property under any instrument or agreement may not cause such trust property to be invested otherwise than in a manner directed in, or required by, such instrument or agreement.” (b) Section 4(4) of the FI Act: “A financial institution must keep trust property separate from assets belonging to that institution and must in its books of account clearly indicate the trust property as being property belonging to a specified principal.” (c) Section 4(5) of the FI Act: “Despite anything to the contrary in any law or the common law, trust property invested, held, kept in safe custody, controlled or administered by a financial institution or a nominee company under no circumstances forms part of the assets or funds of the financial institution or such nominee company.” 5.5.10 Lastly, section 19(3) of the FAIS Act states that an FSP must maintain records in respect of money and assets held on behalf of clients, and must submit to the FSCA a report, by the auditor who performed the audit, which confirms - (a) the amount of money and financial products at year end held by the FSP on behalf of clients; (b) that such money and financial products were throughout the financial year kept separate from those of the business of the FSP and report any instance of non￾compliance identified in the course of the audit and the extent thereof. 5.5.11 In line with what is discussed above, in the FSCA’s opinion, section 19(3) will apply to Crypto Asset FSPs to the extent that they -- (a) hold money (earmarked for the purchase of crypto assets) on behalf of clients; and (b) hold assets (which would include crypto assets) on behalf of clients (e.g. by providing and controlling a custodial wallet). 5.5.12 The requirements relating to custody of financial products and funds are especially critical in the crypto asset environment, as many of the abuses identified in this environment relate to how funds and crypto assets were treated and not safeguarded. 5.6 Fit and Proper requirements 5.6.1 The Determination is mostly general in nature and product agnostic and can therefore apply to Crypto Asset FSPs. However, some requirements differentiate between or apply to specific financial products, in particular the Competence and Continuous Professional Development (“CPD”) requirements, which create complications in the context of Crypto Asset FSPs.

POLICY DOCUMENT SUPPORTING THE DECLARATION OF A CRYPTO ASSET AS A FINANCIAL PRODUCT UNDER THE FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 15 5.6.2 The requirements that are general in nature and product agonistic, can therefore apply to Crypto Asset FSPs as is, including, for example, requirements relating to - (a) honesty, integrity and good standing, which provides that an FSP (including its key individuals and representatives) must be honest, have integrity and be of good standing (see Chapter 2 of the Determination); (b) operational ability, which include requirements dealing with governance, outsourcing, representatives, key individuals and the like (see Chapter 5 of the Determination); and (c) financial soundness (see Chapter 6 of the Determination). 5.6.3 The applicability of the Competence and CPD requirements to Crypto Asset FSPs are set out in the Table below: REQUIREMENT CHAPTER NOTES Competence Minimum experience 3 (Part 2) The minimum experience requirements (sections 17 - 21 of the Determination) set out very specific minimum experience requirements per financial product listed in Annexure One of the Determination. As there is currently no crypto asset product category listed in Annexure One, these specific experience requirements will not apply to Crypto Asset FSPs, their key individuals and representatives. However, section 15 sets a general requirement for experience which is not linked to the financial products listed in Annexure One and can therefore apply to Crypto Asset FSPs, their key individuals and representatives. The Notice on Exemption of Services under Supervision, No. 2 of 2018, published by FSCA FAIS Notice 86 of 2018 on 3 December 2018 (“Supervision Exemption”), insofar it relates to the experience requirements, is only applicable to sections 17-21 of the Determination and not to the general experience requirement contemplated in section 15. As was mentioned above, sections 17-21 are not applicable to Crypto Asset FSPs, their key individuals and representatives and as such, the Supervision Exemption does not apply to the representatives of a Crypto Asset FSP. However, the FSCA is proposing to exempt a representative of a Crypto Asset FSP who does not comply with section 15 of the Determination from such requirements, on condition that the representative must work under supervision until such a time as the required experience has been gained. The FSCA will also consider whether it is necessary to issue a Guidance Notice to further clarify what experience the FSCA would regard as “adequate and appropriate experience” in the context of rendering a financial service in respect of crypto assets. Minimum qualifications 3 (Part 3) The minimum qualification requirements (sections 22 - 23 of the Determination) are based on the principle that an FSP, a key individual and a representative must have a qualification recognised by the FSCA in terms of section 24 of the Determination. To date, qualifications recognised in terms of section 24 have not focussed on crypto related criteria and it would therefore be difficult to, in the short-term, identify crypto related qualifications.

POLICY DOCUMENT SUPPORTING THE DECLARATION OF A CRYPTO ASSET AS A FINANCIAL PRODUCT UNDER THE FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 16 REQUIREMENT CHAPTER NOTES As such, the FSCA is proposing to grant a general exemption to Crypto Asset FSPs, their key individuals and representatives from Part 3 of Chapter 3, subject to a condition stating that a Crypto Asset FSP, their key individuals and representatives must have adequate and appropriate academic credentials that focus or specialise in crypto assets to such an extent that is necessary for the person to discharge his or her responsibilities under the FAIS Act. A further condition of the above exemption is that a representative of a Crypto Asset FSP that does not comply with the academic credential requirements referred above, must work under supervision until complying with the academic credential requirements. The FSCA will also consider whether it is necessary to issue a Guidance Notice to further clarify what academic credentials the FSCA would regard as “adequate and appropriate” in the context of rendering a financial service in respect of crypto assets. Regulatory examinations 3 (Part 4) The regulatory examination requirements (Part 4 of Chapter 3) can apply to Crypto Asset FSPs, their key individuals and representatives in its current form because of the general nature thereof and the fact that it does not differentiate between types of financial products. However, the FSCA acknowledge that may Crypto Asset FSPs may be new to financial services industry regulation and would not have completed regulatory examinations previously. The FSCA is of the view that applying the regulatory examination requirements immediately may cause significant disruption to existing Crypto Asset FSPs and representatives, and as such the FSCA is proposing to grant a temporary 18-month exemption to Crypto Asset FSPs and their representatives from the regulatory examination requirements. This will allow existing Crypto Asset FSPs and representatives to continue rendering financial services in relation to crypto assets, whilst they take steps to complete the regulatory examinations. Similar to the Supervision Exemption, the FSCA also proposes to exempt crypto asset representatives under supervision from the regulatory examination requirement for a period of 2 years from the date of appointment. Class of business training and product specific training 3 (Part 5) Class of business training The Determination define “class of business” as the respective classes of business as set out in Table 1 of Annexure Four. Annexure Four sets out very specific financial product categories which do not include a crypto asset product category. The class of business requirements are therefore not applicable to Crypto Asset FSPs and no short-term proposals are considered at this stage. The Supervision Exemption, insofar it relates to class of business training requirements, is therefore also not applicable to a representative of a Crypto Asset FSP.

POLICY DOCUMENT SUPPORTING THE DECLARATION OF A CRYPTO ASSET AS A FINANCIAL PRODUCT UNDER THE FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 17 REQUIREMENT CHAPTER NOTES Product specific training The Determination define “product specific training” as the training referred to in section 29(5) in respect of a particular financial product and which training is assessed, including any amendments to that particular financial product. Section 29(5) provides that product specific training must include training on a variety of general matters such as the specific characteristics, terms and features of the product, including any specific complexities or material differentiation from the general characteristics, terms and features of products in the class of business concerned, the nature and complexity of the financial product and any underlying components of that product, the risks associated with investing, purchasing or transacting in the product and any underlying components of the product, etc. As the product specific requirements refer generally to financial products, it can include crypto assets. The product specific training requirements can therefore apply to Crypto Asset FSPs, their key individuals and representatives. The Supervision Exemption does not apply to a representative insofar it relates to product specific training requirements. It will, similarly, not apply to a representative of a Crypto Asset FSP, the Representative will need to undergo the training before financial services can be provided to a customer. Continuous professional development (“CPD”) 4 The specific minimum CPD requirements (section 33(1) of the Determination) are calculated in relation to the subclasses of the classes of business in Table 1 of Annexure Four. As was indicated above, Table 1 of Annexure Four sets out very specific financial product categories which do not include crypto assets, and the CPD requirements are therefore not applicable to Crypto Asset FSPs. The general requirements (section 32(1)(a) and (c) and (2) of the Determination) can be applied to Crypto Asset FSPs. As such, the FSCA is proposing to grant an exemption to Crypto Asset FSPs, their key individuals and representatives from section 33(1) of the Determination, subject to a condition that they must comply with the specific CPD requirements as set out in the Exemption. In terms of the Supervision Exemption, a representative that does not comply with the CPD requirements (Chapter 4 of the Determination) is exempted from the CPD requirements provided that the representative must comply with the applicable CPD requirements from the date on which the representative meets the class of business training requirements (as defined), regulatory examination requirements and qualification requirements (as defined) or after six years from date of first appointment, whichever occurs first. Due to fact that the class of business training requirements in the Determination do not apply to a representative of a Crypto Asset FSP (as discussed above), the FSCA is proposing that a representative of a Crypto

POLICY DOCUMENT SUPPORTING THE DECLARATION OF A CRYPTO ASSET AS A FINANCIAL PRODUCT UNDER THE FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 18 REQUIREMENT CHAPTER NOTES Asset FSP that does not comply with the specific CPD requirements set out in the Exemption, be exempted from the requirements provided that the representative must comply with the specific CPD requirements from the date on which the representative meets the regulatory examination requirements and the qualification requirements or after six years from the date on which the representative was first appointed as a representative. 6 SUMMARY OF REGULATORY FRAMEWORK AND DRAFT EXEMPTIONS 6.1 In summary, it is proposed that the following will apply to Crypto Asset FSPs: 6.1.1 The FAIS Act itself will apply to a Crypto Asset FSP as is. 6.1.2 The existing FSP licence forms will apply to a Crypto Asset FSP, but Forms FSP 2, FSP 4C, FSP 4D and FSP 5 will be amended to make provision for a crypto asset product category. 6.1.3 The General Code will apply to Crypto Asset FSPs, with the exception of section 13 of the General Code (Guarantees or professional indemnity or fidelity insurance cover). Board Notice 123 of 2009, which deals with guarantees or professional indemnity, or fidelity insurance cover will also not apply. It is proposed that a general exemption from section 13 of the General Code and Board Notice 123 of 2009 be issued. 6.1.4 The Fit and Proper Requirements will apply to Crypto Asset FSPs, with the exception of the following (noting that certain e.g., exemptions will be temporary): Section Requirement Comment FSPs, Key Individuals and Representatives: Sections 17 - 21 Minimum experience per Category of FSPs Not applicable as requirements are set out per financial product, and crypto assets are not listed in these sections. Sections 23 Minimum qualification requirements To be exempted, subject to condition that FSP etc have adequate and appropriate academic credentials pertaining to crypto assets. Sections 25 - 26 [Part 4 of Chapter 3] Regulatory examinations Temporary exemption of FSPs etc from the regulatory examinations (i.e., 18 months). Sections 28 - 309 [Part 5 of Chapter 3] Class of business training Class of business training requirements not applicable as requirements are set out per class of business as defined, and the definition does not include crypto assets. Section 33(1) Minimum Continuous Professional Development Hours To be exempted, subject to condition that FSP complete a minimum of 6 hours of CPD activities relating to crypto assets per CPD cycle. Representatives under supervision: 9 The non-applicability of sections 28 – 30 only applies insofar as it relates to Class of business training.

POLICY DOCUMENT SUPPORTING THE DECLARATION OF A CRYPTO ASSET AS A FINANCIAL PRODUCT UNDER THE FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 19 Competency and CPD requirements Similar to the approach adopted for representatives under supervision as set out in Notice on Exemption of Services under Supervision, 2018, provision will also be made, through an exemption, for representatives to act under supervision in relation to crypto assets until the necessary competency and CPD requirements are met. 6.2 As explained above, to give effect to the above proposal, various exemptions will be necessary. Accordingly, alongside the final Declaration the FSCA published a draft exemption notice giving effect to the above for comment. Comments on the draft exemption are due by 1 December 2022. Commentators are also welcome to submit comments on the proposed framework explained in paragraphs 5 and 6 of this Document. 6.3 Once the comments on the draft exemption have been considered, the FSCA will refine the exemption if necessary, and proceed to publish the final exemption notice. It is envisaged that the final exemption will be published early in 2023. 6.4 It might also be noted that the FSCA will not develop a fit for purpose code of conduct for Crypto Asset FSPs at this point in time. Fit for purpose requirements applicable to the crypto asset environment will be developed in due course, but this is only likely to occur some time after the COFI Bill has been promulgated. For any queries relating to the information contained in this document please contact the Regulatory Frameworks Department of the FSCA at karien.nel@fsca.co.za or johannvanderlith@fsca.co.za. 7. ENQUIRES