The South African Reserve Bank owns the national payment system end to end. Around it sits a Twin Peaks structure — a prudential regulator and a conduct regulator — plus a national payments utility that is being reshaped beneath it. Here is the map, and where you sit on it.
Four bodies do almost all the work. Knowing which one owns which question saves you a lot of misdirected correspondence.
Payments in South Africa run under one statute and one overseer. The National Payment System Act 78 of 1998 (the “NPS Act”) gives the South African Reserve Bank (SARB) the mandate to license, oversee and direct the national payment system. Everything else — the schemes, the clearing house, the participants — operates inside that mandate.
Layered on top is the Twin Peaks model, introduced by the Financial Sector Regulation Act 9 of 2017. It split financial regulation into two: a prudential peak (is the institution safe and solvent?) and a market-conduct peak (does it treat customers fairly?). For a payments business, that means you can answer to SARB for the rail, the Prudential Authority for your soundness, and the FSCA for how you behave — sometimes all three at once.
SARB owns the plumbing. The PA and FSCA are the two Twin Peaks. The FIC is the financial-crime overlay that sits across all of them.
| Body | Peak / role | What it owns | You deal with it when… |
|---|---|---|---|
| SARB (National Payment System Department) | System overseer | The NPS Act, payment-system licensing, oversight of the PCH and operators, settlement in SAMOS | You touch clearing or settlement, or seek access to a payment stream |
| Prudential Authority (PA) | Prudential peak (inside SARB) | Safety and soundness of banks, insurers and, increasingly, payment institutions | You hold client funds or e-money float and must prove you can be trusted with them |
| FSCA | Conduct peak | Market conduct, fair treatment, disclosure, complaints | You face customers — fees, terms, advertising, dispute handling |
| FIC | Financial-crime peak | AML/CFT under the FIC Act | You are an accountable institution (see the FIC & AML leaf) |
Before 2018, a single regulator looked at both safety and conduct, and conduct usually lost. Twin Peaks deliberately separated them so that neither question gets buried. For payments that has a concrete consequence: your prudential supervisor and your conduct supervisor are different institutions with different incentives, and they will not coordinate their requests for you.
The PA cares whether your e-money float is ring-fenced and whether you can meet obligations as they fall due. The FSCA cares whether your pricing is transparent and your customer can get their money out and complain when they cannot. Build your compliance function to feed both, not one.
SARB Vision 2025 set the direction; the 2025 drafts put flesh on it. The headline: a non-bank can, for the first time, hold a payments authorisation in its own name.
Historically the NPS was bank-gated: to clear in a payment stream you effectively had to be a registered bank, and non-banks rode in as System Operators or Third-Party Payment Providers (TPPPs) behind a sponsoring bank. That is now being dismantled.
In March 2025 SARB published a draft activity-based authorisation framework — a draft Directive plus a draft Exemption Notice from the Prudential Authority — that defines payment activities a non-bank may perform without being a bank: e-money issuance, payment-instrument issuance, acquiring, third-party services, remittances, and clearing and settlement. The trade-off is real prudential discipline.
You will be authorised for what you do (issue e-money, acquire, remit), not for what you are. Map your business to the activity list.
Client funds and e-money float go into segregated trust accounts at approved banks, with a 100% liquidity buffer. No lending or investing customer balances.
Non-banks will be able to apply to SARB for designation as clearing participants — ending the mandatory sponsor-bank dependency for the activities covered.
Drafts closed for comment in April 2025; final rules and first licences were targeted for late 2025 into early 2026. Treat dates as moving until gazetted.
Reference content is open. This part — where to spend and what it costs to get wrong — is for members.
Start with the activity map, not the entity question. Decide which of the listed activities you perform, then read the draft Directive’s prudential conditions for each. If you hold customer money for any length of time, assume the PA will want segregation, a liquidity buffer and a no-lending undertaking — budget for trust-account banking and audited float reporting from day one.
Your exposure is the opening of streams you used to gate. New authorised non-banks may clear alongside you or sponsor themselves out from under you. The defensible position is to become the rail others build on, not the toll-gate they route around.
Treating a conduct question as a prudential one (or vice versa) wastes weeks and signals to both regulators that you do not understand the structure you are entering. Address the right peak.
Building your SA entry on a sponsor-bank arrangement that the activity-based framework is designed to replace risks a re-architecture within a year. Design for direct authorisation.