Exchange Controls: Navigating South Africa's Draft New Capital Flow Management Regime

Executive Summary

The regulatory landscape for cross-border capital flows in South Africa is undergoing its most significant restructuring in decades. With the proposed 2026 Capital Flow Management (CFM) framework – which was open for public comment until 18 May 2026 - the South African Reserve Bank (SARB) and National Treasury are transitioning from the historical "negative framework" of exchange control to a "positive bias" regime, in which transactions are generally permitted unless explicitly restricted.

On the surface, this signals the regulatory liberalisation the market has long anticipated. However, for market practitioners, corporate treasurers, and foreign exchange market participants, our industry analysis reveals a more complex reality. For banks (Authorised Dealers), the shift to a “positive bias” framework means internal treasury, reporting and compliance functions will bear greater responsibility after transactions, necessitating robust monitoring systems and increased staff preparedness. For corporate CFOs and treasurers, it implies more autonomy to execute cross-border transactions with fewer upfront delays but also heightened accountability to maintain thorough records and meet any post-transaction regulatory scrutiny.

The proposed framework aims to streamline legitimate transactions and modernise the system in line with global standards, thus creating opportunities for innovation or efficiency, such as digitising compliance processes and improving treasury system implementations. However, the nature of regulatory risk is shifting rather than disappearing. If implemented as proposed, organisations should pro-actively transition their operational focus from securing upfront regulatory permission to ensuring rigorous, post-transaction defensibility.

The new regulations will work in tandem with anti-money laundering controls (FIC rules) and tax regulations. The exchange control reforms align with wider regulatory trends and should be embedded into the overall compliance framework.

This article outlines the key changes under the CFM and their potential implications, as relevant to:

• CFOs, corporate treasurers and compliance functions of multinational corporations: Any large company with cross-border financing or other flows, cross-border inter-company loans, or international expansions will be affected by the new rules.
• Cryptocurrency exchanges, fintechs and payment service providers, given the inclusion of crypto assets and potential new licensing requirements for authorised crypto asset service providers.

The draft CFM regulations are open for public comment until 18 May 2026, with final regulations expected later in 2026. Existing exchange control rules remain in force until the new regulations are promulgated, and transitional arrangements are expected to facilitate a smooth changeover.

The Persistent Power of the 1933 Act

To understand the practical implications of the CFM framework, we must examine the legal architecture that underpins it. While the draft regulations will formally repeal and replace the 1961 Exchange Control Regulations, they do not repeal the legislative anchor, namely the Currency and Exchanges Act 9 of 1933.

We believe this distinction is important. Because the 1933 Act remains the foundation, the Minister of Finance retains the ultimate statutory power to restrict the movement of currency, gold, and assets to protect the domestic economy. If implemented, the 2026 draft CFM Regulations would serve as an updated, modernised framework, but 1933 Act’s capital-control powers remain intact. For all market participants, this means a shift in approach: fewer upfront transaction hurdles, but closer post-transaction monitoring and oversight by regulators.

The CFM is intended to streamline routine transactions and reduce unnecessary bureaucracy for compliant businesses. By focusing on post-transaction monitoring and macroeconomic risk instead of micromanaging every transaction, regulators aim to foster a more open financial environment that still protects the economy.

There are a number of areas that remain unchanged under the draft CFM. For example, under 1933 Act, many day-to-day foreign exchange transactions were already delegated to Authorised Dealers under the old system, and prudential limits for institutional investors remain in place. As such, compliance obligations are not entirely new – some are continuations (e.g., requirement to report foreign assets, existing tax clearance process via SARS for large personal transfers, etc.), albeit now under a new framework.

The Shifting Friction Point for Banks: From Gatekeeper to Auditor

Under the legacy Exchange Control system, the operational friction was wholly front-loaded. Authorised Dealers (banks) acted as pre-transaction gatekeepers, requiring extensive manual documentation before a trade payment or capital transfer could be executed.

The proposed CFM regime shifts the Authorised Dealer's role from a proactive gatekeeper to a post-transaction auditor, which may likely lead to increased internal surveillance by banks. While this reduces the initial friction in executing standard trade transactions, it introduces a new, important element: Administrative Sanctions. These are penalties that regulators could impose without going through the courts, such as fines or censures, as opposed to the older system’s sole reliance on criminal prosecution.

Instead of treating every breach as an immediate criminal forfeiture matter, the SARB is looking to empowering its Financial Surveillance Department (FinSurv) to impose significant administrative fines, issue public reprimands, and even suspend an institution’s operations for serious non-compliance. Note that regulatory enforcement still applies to all parties in a transaction, not only banks.

Facing the threat of significant financial penalties if the draft regulations are implemented as currently proposed, banks are likely to strengthen their internal monitoring and require more detailed reporting from their corporate clients. Consequently, while initial transaction friction is reduced, the compliance, legal, and reporting burden within the organisation shifts until after the transaction:

• For risk and compliance teams at banks, this shift calls for a thorough review of internal controls and staff training to ensure the organisation can meet its new audit-focused obligations. Banks will be more reliant on SARS, FSCA and FIC when conducting post audits and approving transactions. Obtaining the Manual Letters of Compliance for payment of dividends to non-resident shareholders who are not registered with SARS, has not always been a smooth process. In respect of some approvals, the applicant’s management must confirm compliance with Transfer Pricing (TP) requirements as stipulated by SARS. This means that the only way that the bank can confirm compliance with TP requirements is to enquire from SARS and for SARS to conduct an audit on the applicant, which is a laborious, time-consuming and complicated audit process.
• On the corporate side, finance and treasury departments should anticipate more engagement with their banks after transactions and be prepared to demonstrate robust record-keeping and compliance when called upon under the new regime.

The ability to pre-emptively report on non-compliance risk indicators and timeously report actual instances of non-compliance will be critical. Efficient and effective compliance teams, enabled by cost effective operating model design and implementation will be necessary – a tough ask for teams which are typically under pressure to reduce cost.

The Crypto Catch-Up

A notable modernisation within the 2026 draft is the explicit inclusion and regulation of crypto assets. Previously navigating a regulatory grey area, these digital assets are now formally recognised under the purview of "Authorised Crypto Service Providers”.

This is not merely an acknowledgement of financial innovation; its inclusion is a reinforcement of the SARB’s core mandate by bringing emerging financial assets into the regulatory fold. By explicitly covering crypto transactions, the SARB is signalling that, under the proposed framework, any cross-border transfer of value—whether in fiat currency or digital assets—would fall under regulatory surveillance and rigorous reporting, with potential restrictions on illicit flows.

For banks, crypto exchanges and payment providers, any involvement in cross-border crypto transactions would require the same diligence and oversight as conventional foreign currency flows. Such firms may need to seek authorisation as licensed Crypto Asset Service Providers (CASPs) and integrate crypto holdings into their exchange control reporting. Corporate finance teams considering cryptocurrency for cross-border payments should similarly apply rigorous compliance checks and assume these transactions will be subject to the full scope of regulatory surveillance and reporting.

Although the intention of the CFM includes reporting obligations and permission deemed necessary to close regulatory gaps and counter illicit financial flows, the crypto-related proposals have drawn some of the strongest reactions from industry observers and digital asset advocates. This includes concerns that restrictions are excessive and may stifle innovation, and that the draft CFM may unduly restrain legitimate crypto activity as well as privacy and property rights. Importantly, the crypto provisions remain subject to public consultation, and as such these rules could still be adapted to address stakeholder concerns before final implementation.

For Multinational Corporations, Retailers, Private Wealth and Authorised Dealers in foreign exchange with Limited Authority (ADLAs)

While the corporate sector grapples with high-volume trade friction, the draft CFM will also fundamentally reshape the landscape for private capital, high-net-worth investors, and the substantial cross-border remittance industry.

For Private Individuals and Investors:

If the CFM proposals are adopted, they will mark the end of the old “exchange control” approach to personal offshore transfers, introducing a strict tax-compliance focus instead. The historical mechanisms—such as the R1 million Single Discretionary Allowance (SDA) and the R10 million Foreign Investment Allowance (FIA)—are transitioning from "hard limits" to "surveillance thresholds".

Under the new regime, the primary point of friction shifts from the SARB to the South African Revenue Service (SARS). The "positive bias" permits capital outflows, provided the individual can pass a stringent, digitised tax verification (such as the Approval International Transfer PIN: a digital tax clearance confirmation required by SARS for larger international transfers). For private wealth, regulatory approval will thus in practice depend on full tax compliance.

For commercial banks – including private banks that serve high-net-worth clients – these changes make it critical to integrate SARS tax clearance verification seamlessly into their processes for overseas transfers. Ensuring that a customer’s tax affairs are in order before execution will allow banks to process individual offshore payments efficiently while staying fully compliant with the new regime.

For Money Transfer Operators (MTOs):

Aside from the crypto market, the shift in regulatory risk is perhaps most acutely felt by remittance companies that operate as ADLAs.

Currently, MTOs manage regulatory compliance by acting as strict operational gatekeepers. They enforce FICA (KYC) rigorously during onboarding and strictly cap senders' transaction sizes to ensure they do not breach individual SDA limits. The focus is on preventing the breach of a pre-set quota.

Under a "positive bias" system, the speed of remittance execution may improve, but the MTO’s regulatory risk profile significantly increases. Because the new framework punishes reporting failures with stiff administrative penalties, remittance providers will need to enhance their transaction monitoring systems to detect patterns like smurfing (breaking up large illicit transfers into micro-payments). Failure to do so could result in substantial fines or even suspension of their authorised dealer licences.

Consequently, remittance providers should evolve beyond basic limit-checking and become real-time monitors of transaction patterns to meet the heightened regulatory post-transaction oversight requirements. Such entities should consider investing in advanced data analytics - potentially also AI-driven tools - to monitor transactions in real time, e.g. to implement anomaly detection in transaction patterns, automated reporting systems, etc.

The Global Peer Context: How South Africa Compares

When analysing South Africa’s approach to capital mobility, it is highly informative to compare the CFM framework with those of other major emerging markets. The overarching goal—protecting against volatile "hot money" and currency shocks—is identical, but the mechanisms differ drastically.

• India (The Defensive Moat): India relies on hard limits and quotas. The Reserve Bank of India (RBI) operates a highly interventionist model, requiring strict, pre-approved quotas for foreign portfolio investors and outward Foreign Direct Investment (FDI). The corporate friction point is securing regulatory permission before any deal can be executed.
• Brazil (Price-Based Controls): Brazil favours taxation as its primary control mechanism. Through the IOF (Tax on Financial Operations), the central bank can aggressively dial up the cost of specific FX transactions to stem capital flight. Here, the corporate friction point is factoring unpredictable tax variables into the cost of capital.
• Malaysia (Macroprudential Surveillance): Following the 1998 Asian Financial Crisis, Malaysia modernized its approach, managing capital flows indirectly by capping local banks' unhedged foreign currency exposures.

If adopted, South Africa’s new CFM regime would be similar to the Malaysian model, which employs monitoring and prudential limits rather than blanket prohibitions. By avoiding the strict quotas of India and the price-based taxes of Brazil, South Africa would rely on surveillance and bank-level liquidity limits to indirectly manage corporate flows. The draft CFM allows substantial offshore movement, provided the macroprudential limits of the banks are not breached and outward Foreign Direct Investment or “FDI” (such as the R1 billion threshold) undergo added scrutiny.”

For South African stakeholders, this international perspective offers insights and practical lessons. Banks can study how peers in markets like Malaysia adapted their compliance and risk management systems following similar reforms, while multinational companies and investors may welcome the alignment of South Africa’s approach with global norms, aiding consistency in how they plan cross-border transactions across different jurisdictions.

The Strategic Imperative: What Market Practitioners Should Do Next

The shift toward a surveillance-heavy CFM framework means that historical operational habits are no longer viable. To navigate this new landscape, market practitioners must proactively restructure their approach to cross-border flows.

Consolidate Corporate Payment Systems:

In many organisations, the ability to initiate cross-border payments is fragmented across various departments and legacy systems. Under the new regime, allowing multiple entry points could be a multiplier for regulatory risk. Every decentralised payment is a potential point of failure in a system where accurate categorisation is mandatory. Organisations should treat the lead-up to the final regulations as a window to assess and upgrade their cross-border payment processes. A single, unimpeachable source of truth for all cross-border payments is strongly recommended. This level of control cannot be managed through general finance functions or fragmented ERP modules; it demands specialised intervention.

Organisations should, where possible, consider elevating the role of Treasury Operations, centralising all FX and cross-border settlements through dedicated systems (such as a treasury system). By funnelling all activity through a single hub for payments, businesses ensure the process is well controlled under a single governance framework, providing the data integrity required to withstand regulatory scrutiny.

Prepare for the Post-Transaction Audit:

The era of relying on the bank to catch compliance errors before a transaction clears may end if the new regulations are implemented as proposed. Post-transaction audits are expected to become a central enforcement mechanism, with the burden of proof shifting to the corporate entity. Failing a future exchange control (CFM based) audit or misreporting flows would carry explicit threats of administrative sanctions under the new draft rules. As such, investing in internal controls and compliance technology, centralising treasury operations and staff training on the new rules would certainly be steps in the right direction.

The new strategy of post-transaction audits and surveillance implies that banks and corporates must have comprehensive, audit-ready documentation for cross-border transactions. Robust data retention policies, audit trails, and systems to quickly retrieve transaction records, approvals (e.g. tax clearance certificates), and supporting documents will all be critical. This is crucial for both banks (to respond to FinSurv inspections) and corporates (to support their banks and demonstrate compliance if scrutinized).

Conclusion: The High-Volume Challenge

The rebranding to Capital Flow Management is a necessary evolution for South Africa's financial markets, aligning the country with global best practices for emerging economies. However, while the FinSurv regime aims to introduce a more streamlined, modernised oversight mechanism at the macroeconomic level, the reality on the ground will be demanding.

End-users—especially organisations executing high-volume cross-border payments—may face significant operational challenges. The burden of maintaining pristine data, ensuring immediate categorisation accuracy, and defending complex hedging strategies during post-transaction audits will test the resilience of existing corporate infrastructures. Ultimately, success under the new CFM regime will not be determined by rule easing, but by the strength, centralisation, and technological sophistication of a company's treasury and payment operations.

As the CFM framework moves from draft to final form, banks and companies should use this time to prepare and engage. This includes conducting internal impact assessments, reassessing compliance operating models and reporting capabilities, and educating staff across finance, treasury, and compliance functions about the anticipated changes. Proactively engaging with regulators and industry forums to clarify outstanding issues will help organisations transition more smoothly once the new rules take effect, positioning them to capture the benefits of a more open – yet well-monitored – cross-border financial environment.

Establishing a dedicated implementation taskforce or project team is advised, as adapting to the proposed CFM is not just a minor policy tweak but a significant operating model change; requiring project management, stakeholder training, and possibly updates to internal governance frameworks.

Also refer to the article published by our Tax team: The modernisation of Exchange Control Regulations in South Africa