Payment Regulation in South Africa: What Fintechs and Payment Businesses Need to Know

South Africa’s payments industry is entering a period of significant regulatory and structural change.

For fintechs, payment platforms, wallet providers, remittance businesses, payment facilitators, aggregators, and other payment service providers, the way payment activities are structured, governed and regulated is becoming increasingly important. National Treasury has described the South African Reserve Bank’s Payments Ecosystem Modernisation Programme (PEM) as:

The programme is aimed at supporting fast, affordable and inclusive digital payments, while improving efficiency, competition, interoperability, resilience and broader access to the National Payment System.

Recent PEM developments, including the SARB's acquisition of a 50% stake in PayInc, the development of the National Payments Utility, the QR+ Standard, the PayShap reset and ongoing work on the activity-based regulatory framework, all point to a more open, modernised and structured payments ecosystem. Importantly, the SARB has already published a draft Authorisation Framework and draft Exemption Notice setting out the proposed regulatory direction for payment activities within the National Payment System (NPS).

Following the recent PEM Industry Dialogue held on 9 and 10 April, the PEM team indicated that the next draft of the activity-based regulatory framework and exemption notice is expected to be released later this year, with further industry contributions anticipated. While the framework remains subject to consultation and possible amendment, the broader regulatory direction is becoming increasingly clear:

For businesses operating in the payments and fintech sector, this is not simply a regulatory development. It represents a fundamental shift in how payment activities may be structured, supervised and scaled within South Africa's evolving financial services landscape. 

Why this matters

For years, many payment activities operated within structures that relied heavily on traditional bank participation and legacy payment infrastructure. The regulatory and industry direction now points toward a more open, activity-based and modernised payments framework, with broader participation by appropriately authorised, registered, designated and/or sponsored non-bank participants.

Through the Payments Ecosystem Modernisation Programme (PEM), the SARB has consistently indicated its intention to support fast, affordable, inclusive and secure digital payments across South Africa. Recent developments relating to the National Payments Utility (NPU), the PayInc transition, the QR+ Standard and the PayShap reset further reinforce the direction toward a more interoperable, accessible and modernised payment ecosystem.

The SARB has also indicated that the NPU is intended to provide open digital payments infrastructure to a broader range of participants, including non-bank financial services providers, with the aim of expanding participation and enabling greater innovation across the payments landscape.

For businesses operating in the sector, that is the real headline. This is not simply a technology shift or infrastructure upgrade. It represents a broader structural and regulatory shift in how payment activities may be structured, accessed, supervised and scaled within South Africa’s evolving financial services ecosystem.

What is actually changing?

A key part of the reform programme is the development of a National Payments Utility (NPU). Treasury has indicated that this will be implemented through the transition of PayInc, formerly BankservAfrica, following the South African Reserve Bank’s acquisition of a majority stake in PayInc on 11 November 2025.

According to Treasury and recent PEM updates, the NPU is intended to provide open, shared digital payments infrastructure that supports interoperability, broader access, faster payments, and increased participation across the payments ecosystem. Recent developments relating to the QR+ Standard, the PayShap reset and the planned hybrid unified payments platform (H-UPP) further reinforce the direction toward a more modernised, interoperable and accessible National Payment System.

The SARB has similarly indicated that the NPU is intended to provide open digital payments infrastructure to a broader range of participants, including non-bank financial services providers, to enable greater participation and innovation across the payments landscape.

At the same time, the SARB has published draft regulatory material that gives a clearer indication of the proposed regulatory direction for payment activities within the National Payment System. The draft Payment Activities Exemption Notice states that certain specified payment activities may be subject to compliance with the applicable regulatory framework and exemption conditions, potentially falling outside activities constituting “the business of a bank” under the Banks Act. The draft notice and related framework identify activities such as issuing e-money, issuing payment instruments, acquiring payment instructions, third-party payment provision, money remittance, clearing and settlement.

That is important because businesses should not only ask, “Are we in fintech?” They should also ask, “What payment activity are we actually performing?”

This distinction matters because the proposed framework follows an activity-based regulatory model. In other words, the legal and regulatory position depends less on how a business markets itself and more on the specific payment activities, fund flows, client relationships, operational functions and settlement structures actually being performed.

Which businesses should be paying attention?

Depending on the business model, the proposed regulatory direction may be relevant to:

• fintechs offering e-money, wallets or stored-value products,

• payment facilitators and aggregators,

• third-party payment providers,

• remittance businesses,

• merchant acquiring and payment acceptance businesses,

• operators of closed-loop or open-loop payment solutions.

• payment initiation and payment processing service providers,

• businesses facilitating collections, disbursements or merchant settlement flows,

• and other businesses operating within or alongside the digital payments ecosystem.

Businesses should also carefully assess whether their activities fall within a proposed “closed-loop” or “open-loop” payment system structure, as the draft framework contemplates different regulatory treatment, participation, registration and sponsorship requirements depending on the nature, interoperability and scale of the payment activity being performed.

As the National Payments Utility, QR+ Standard, PayShap developments and broader interoperability initiatives continue to evolve, participation in the payments ecosystem is also expected to extend beyond traditional banking participants and legacy payment structures.

In practice, many businesses will fall somewhere between a “pure technology platform” and a regulated payments participant. That is exactly why early legal and regulatory review matters. A business can appear operationally straightforward on the surface, but still raise important questions around fund flows, safeguarding and segregation of client funds, sponsorship arrangements, customer money, payment instruments, outsourcing models, interoperability, settlement processes, and broader National Payment System participation requirements.

This is not merely a technical compliance issue. The legal classification of a payment model can materially impact how a business is structured, how funds may flow, what regulatory obligations may apply, and how the business engages with banks, sponsors, payment participants, customers and regulators.

What should businesses be doing now?

Even though parts of the framework remain in draft form, businesses do not need to wait to begin preparing. The broader regulatory and industry direction is already becoming increasingly clear, particularly in light of ongoing PEM developments, the National Payments Utility initiative, interoperability programmes, and the proposed activity-based regulatory framework.

A sensible starting point is to review:

• What payment activity your business is actually performing,

• Whether the business receives, pools, safeguards, controls, administers or transfers client funds, and whether those funds are held in a manner consistent with the proposed safeguarding and segregation requirements contemplated in the draft framework,

• Whether customer terms, operational processes and commercial agreements accurately reflect how the product and payment flow operate in practice,

• Whether outsourcing, agency, sponsorship or third-party relationships are appropriately structured and documented,

• Whether governance, operational, risk and compliance frameworks are sufficiently robust for a more regulated and interoperable payments environment.

• Whether the business model appropriately aligns with potential participation, settlement, sponsorship and interoperability requirements within the evolving National Payment System landscape

Importantly, the proposed safeguarding of client funds within a payment activity structure should not be confused with deposit-taking under the Banks Act, and businesses should carefully assess whether their operational, contractual and fund-flow arrangements align with the applicable regulatory framework, exemption conditions and broader National Payment System requirements.

The draft Authorisation Framework strongly suggests that the regulatory direction is not intended to be light-touch. It includes requirements relating to safeguarding and segregation of client funds, AML/CFT controls, governance structures, operational resilience, outsourcing arrangements, complaints handling and broader risk management measures.

Importantly, the draft framework also contemplates sponsorship arrangements in circumstances where a payment institution does not directly meet applicable clearing, settlement, participation or interoperability requirements. This means many non-bank participants may still need to operate through appropriately authorised, designated and/or sponsoring institutions, depending on the nature, scale and interoperability of the payment activity being performed.

That means legal readiness is not simply about an authorisation, registration, sponsorship or participation application. It is also about the contractual, operational, governance, safeguarding, AML/CFT, risk management and interoperability structures sitting behind the business model.

Where many payment businesses get caught out

A payment solution may be commercially attractive and technically sophisticated, but still have weak legal and regulatory foundations. For example, a business may not have properly mapped who legally receives, controls, administers, safeguards or has access to customer funds, who carries risk at each stage of the payment flow, how third-party providers and outsourcing arrangements are managed, whether customer-facing terms accurately reflect the operational reality of the service, or whether the broader structure appropriately aligns with sponsorship, settlement, participation or interoperability requirements within the National Payment System.

As the payments ecosystem becomes increasingly interconnected and interoperable, these issues are likely to become more important, not less. The SARB’s published draft framework strongly suggests a more structured and formalised approach to governance, safeguarding, operational resilience, outsourcing oversight, AML/CFT controls and broader payment ecosystem participation.

For many businesses, the real gap is not innovation or technology. It is legal, governance, safeguarding, operational and regulatory readiness. That is often where early legal and regulatory support adds the most value.

This is not merely a technical compliance issue. The legal and operational structuring of a payment model can materially affect how a business scales, engages with banks and payment participants, manages risk, safeguards customer funds, and positions itself within South Africa’s evolving payments landscape.

Final thought

South Africa’s payments reforms create significant opportunities for fintechs, payment businesses and non-bank participants, while also raising the bar for governance, safeguarding, operational resilience, legal structuring and broader regulatory readiness.

The draft regulatory framework strongly suggests that the SARB intends to adopt a more formalised and supervisory approach to payment activities and payment institutions, including ongoing governance, prudential, reporting, outsourcing, safeguarding, conduct risk, interoperability and compliance obligations.

At the same time, broader PEM developments relating to the National Payments Utility, QR+, PayShap and increased interoperability point toward a more modernised, accessible and participation-driven payments ecosystem. As participation within the National Payment System expands, businesses will likely face increased expectations around operational readiness, governance structures, safeguarding arrangements, risk management and broader payment ecosystem accountability.

Businesses that begin preparing early are likely to be in a stronger position to adapt as the framework evolves, engage more confidently with banks, sponsors, payment participants and regulators, and build on a foundation that supports sustainable growth and long-term scalability. Treasury has indicated that the reforms will be implemented over the next few years, while the SARB continues positioning PEM as a core component of South Africa’s future payments landscape.

If your business operates in payments, e-money, remittances, acquiring, digital wallets, payment facilitation or third-party payment services, now is the time to review your business model, fund flows, safeguarding arrangements, contractual structures, governance frameworks, sponsorship arrangements and broader regulatory readiness with Mahon Attorneys.

FAQs