Sign inStart verifying
VerifyNow.co.za
POPIAFICAB-BBEE Level 1

Trusted by thousands of South African businesses

Crypto / CASP

CASP-grade KYC under FICA Item 22 & FATF Travel Rule.

Home Affairs ID, face match + liveness, AML/PEP and document authentication — the verification stack a South African crypto exchange, custodial wallet or OTC desk needs to satisfy FICA Schedule 1 Item 22 and populate the originator side of a FATF Travel Rule message.

Start onboardingFICA guide
FICA Item 22 aligned
OFAC crypto designations
POPIA-compliant consent

In short: what VerifyNow does for a South African CASP

A defensible CASP onboarding workflow combines Home Affairs SA ID verification, face match + liveness, AML/PEP/sanctions screening (including OFAC crypto designations), document authentication for SA and foreign IDs, and bank account verification on the fiat on/off-ramp. The CASP remains the FICA accountable institution under Schedule 1 Item 22 and owns its RMCP, transaction monitoring and FATF Travel Rule counterparty messaging.

VerifyNow’s scope: Home Affairs SA ID verification, face match / liveness, AML/PEP/sanctions screening (190+ countries), document authentication, CIPC company & director verification, Africa / cross-border KYC, bank account verification (AVS), consumer trace and phone trace — all under POPIA-compliant consent. VerifyNow is not a blockchain-analytics / on-chain wallet-risk-scoring provider; is not a FATF Travel Rule messaging protocol; does not provide credit bureau reports; and does not run SAPS criminal record clearances. Those are sourced from specialist on-chain analytics vendors, a Travel Rule messaging solution, a registered credit bureau, and SAPS (or an authorised provider) respectively.

Verification primitives

The KYC stack for a CASP

Six services that map directly to Section 21 CDD, Section 21A EDD and the identity side of a FATF Travel Rule message.

Home Affairs SA ID Verification

Real-time verification of SA customers against Home Affairs HANIS — the source-of-truth identity anchor.

Source: VerifyNow
Explore service

Face Match & Liveness

Selfie-to-Home-Affairs-photo match. Blocks synthetic-identity and ID-reuse fraud common in crypto onboarding.

Source: VerifyNow
Explore service

AML / PEP / Sanctions Screening

Domestic + foreign PEPs and UN/OFAC/EU/UK/SA sanctions lists, including OFAC crypto-specific designations.

Source: VerifyNow
Explore service

Document Authentication

OCR + tamper detection on SA IDs, passports and foreign IDs submitted during onboarding.

Source: VerifyNow
Explore service

Africa / Cross-Border KYC

In-country ID verification for supported African jurisdictions — not every country is HANIS-equivalent; coverage varies.

Source: VerifyNow
Explore service

Bank Account Verification (AVS)

Verify the fiat on/off-ramp account belongs to the verified customer before a deposit or withdrawal.

Source: VerifyNow
Explore service

Not provided by VerifyNow

  • On-chain wallet risk scoring / blockchain analytics: obtained from specialist on-chain analytics providers. VerifyNow verifies off-chain identity; on-chain risk is a separate category.
  • FATF Travel Rule messaging: handled by a dedicated Travel Rule protocol between VASP counterparties. VerifyNow supplies the verified identity data that populates the originator payload.
  • Credit bureau data: obtained from a registered South African credit bureau where the CASP elects to layer it for margin/lending products.
  • SAPS criminal clearances for directors / key individuals: obtained from SAPS or an authorised provider.
Customer lifecycle

From sign-up to first fiat ramp

  1. 01

    Sign-up + POPIA consent

    Customer accepts POPIA consent, including FICA CDD screening disclosure. Consent reference is recorded against every subsequent verification.

  2. 02

    Home Affairs ID verification

    SA customer: live HANIS verification returns name, DOB, ID status, photograph. Non-SA customer: passport + document authentication.

  3. 03

    Liveness + face match

    Customer captures a live selfie. VerifyNow runs liveness detection and matches to the Home Affairs photo (or passport photo for non-SA).

  4. 04

    AML/PEP/sanctions

    Customer screened against PEP and sanctions lists. Any hit routes to the MLRO; clean results are recorded in the FIC file.

  5. 05

    Fiat on-ramp AVS

    First ZAR deposit: AVS confirms the bank account belongs to the verified customer. Prevents third-party ramping.

  6. 06

    Ongoing EDD + transaction monitoring

    Periodic re-screening per RMCP cadence. Transaction monitoring and on-chain analytics are handled by the CASP's own systems — not VerifyNow.

Compliance context

FICA, FSCA, FATF & POPIA

Crypto in South Africa is now a fully regulated activity. The FIC Act 2022 amendment added CASPs to Schedule 1 as Item 22, placing them inside the full FICA framework (registration, RMCP, CDD, EDD, record-keeping, reporting). Separately, the FSCA declared crypto assets a financial product, requiring CASPs to hold an FSP licence under FAIS. The SARB has also signalled its interest in stablecoin and payment-adjacent use cases.

At the international level, the FATF Recommendation 15 (the Travel Rule) requires VASPs to transmit originator and beneficiary information with crypto transfers above threshold. VerifyNow supplies the verified-identity primitives (Home Affairs ID, face match, document authentication, AML/PEP) that populate the originator fields of a Travel Rule payload. The messaging protocol itself is handled by a dedicated Travel Rule solution between VASPs, not by VerifyNow.

All customer personal information processed through VerifyNow is governed by POPIA. The CASP remains the responsible party and the FICA accountable institution. VerifyNow supplies the verification evidence your FIC and FSCA inspections depend on.

FAQ

CASP & crypto questions

Are Crypto Asset Service Providers accountable institutions under FICA?

Yes. In late 2022 the FIC Act was amended to add Crypto Asset Service Providers (CASPs) to Schedule 1 as Item 22. That makes CASPs — including crypto exchanges, custodial wallets, OTC desks, stablecoin issuers and virtual asset transfer providers — accountable institutions, with the same core obligations as banks: registration with the FIC, a board-approved RMCP (Section 42), CDD under Section 21, EDD under Section 21A, record keeping under Sections 22–23, and CTR/STR reporting under Sections 28 and 29. Separately, CASPs require an FSCA financial services licence under the declaration of crypto assets as a financial product.

Does VerifyNow support the FATF Travel Rule?

The FATF Travel Rule (Recommendation 15) requires VASPs to share originator and beneficiary information on transfers above threshold. VerifyNow supplies the customer-verification primitives (Home Affairs SA ID verification, face match, AML/PEP/sanctions screening, document authentication) that sit beneath a Travel Rule message — the verified identity and ID number that populate the originator fields. VerifyNow is not itself a Travel Rule messaging protocol; CASPs use a dedicated Travel Rule solution for the peer-to-peer transmission of payload between counterparties.

Does VerifyNow run credit checks, SAPS criminal record checks or on-chain risk scoring?

No. VerifyNow does not provide credit bureau reports or credit scores; does not run SAPS criminal record clearances; and does not do on-chain / blockchain-analytics risk scoring of wallet addresses. For a CASP onboarding flow, VerifyNow's scope is Home Affairs SA ID verification, face match / liveness, AML/PEP/sanctions screening (190+ countries, including OFAC crypto sanctions designations), document authentication for SA and foreign IDs, CIPC for corporate customers, and consumer trace. Blockchain-analytics and wallet-screening come from dedicated on-chain providers; SAPS clearances from SAPS or an authorised provider; credit data from a registered credit bureau.

Why is face match critical for crypto onboarding?

Crypto onboarding is a well-known target for synthetic identity fraud and ID-document reuse. Face match against the Home Affairs photograph binds the account to the physical person whose SA ID is being used — preventing a buyer of leaked ID data from opening an account in someone else's name. Combined with liveness detection, it defeats static-photo and replay attacks common in crypto sign-up fraud.

How does VerifyNow handle enhanced due diligence (EDD) on high-risk crypto customers?

Under FICA Section 21A and the FATF risk-based approach, CASPs must apply EDD to higher-risk customers (PEPs, customers from high-risk jurisdictions, anonymous-privacy-token users, high-value or unusual transaction patterns). VerifyNow supports the verification side of EDD: deeper AML/PEP adverse-media screening, document authentication on additional supporting documents, face match, and CIPC for corporate customers. Source-of-funds, source-of-wealth and transaction-monitoring remain the CASP's own responsibility; SAPS clearances on directors (where required) are sourced externally.

Can VerifyNow verify cross-border crypto customers?

Yes for identity-document authentication (OCR + tamper detection on non-SA IDs and passports) and AML/PEP/sanctions screening across 190+ countries. For in-country African KYC, VerifyNow's Africa / cross-border KYC service covers Home Affairs-equivalent ID checks in supported jurisdictions. However, only South African IDs are verified directly against Home Affairs HANIS; other jurisdictions are served via document authentication plus facial biometrics, as appropriate for the CASP's risk framework.

Item-22-ready KYC in a single API

Home Affairs ID, face match + liveness, AML/PEP (including OFAC crypto designations) and document authentication — purpose-built for SA CASPs.

Create Free AccountView pricing