The State of Fintech 2025

Published: 11/12/2025

Banks are buying, regulators are watching

Article contents

1. The State of Fintech 2025
2. Banks are buying, regulators are watching
   1. Introduction
   2. In 2025, exits continued
   3. Regulatory clarity emerged
      1. Set in stone: CASPs new rules
      2. Making its way in: COFI Bill
      3. Top concerns for AI regulation in finance
   4. B-BBEE
      1. Mandatory compliance certificate for state contracts
      2. Small businesses exemption from Chapter III of the EE Act
      3. Numerical targets by sector
   5. Conclusion
   6. Annexures
      1. Subsequent amendments resulting from COFI Bill

Introduction

Business fundamentals in South Africa are shifting in ways that matter when you’re planning a major expansion or betting your company’s future on a new market.

In this article, we provide a specific outline of 2025; Starting off with the major acquisitions of the year, and on to the regulations that become heightened when financial technology and data consolidate to the major banks. And ending with transformation updates that will be key to those with a certain number of employees.

In 2025, exits continued

Lesaka Technologies acquired Bank Zero for R1.1 billion, which follows their acquisition of Adumo for R1.6 billion in 2024.

Optasia’s JSE listing raised R6.5 billion with FirstRand taking a 20.1% strategic stake. This is the largest fintech IPO ever on the JSE.

Other exits include iKhokha to Nedbank (R1.65 billion) and WalletDoc to Capitec (R400 million).

By acquiring these companies, banks secure the technology, data, and distribution channels that allow them to modernise faster than they could build internally. They’re buying customer acquisition engines, payments rails, SME onboarding funnels, behavioural data, and ready-made digital ecosystems. 

Lesaka might have another incentive; to boost the primary listing (Nasdaq)’s share price, which is down 21% year-on-year.

The banks also have another incentive, to compete with retailers who are increasingly deploying financial arms. These are Pepkor, Pickn’Pay, and Shoprite. They are now processing billions in deposits, withdrawals, QR payments, cryptocurrency settlements and buy-now-pay-later credit. Yet they do not operate under the same strict capital, liquidity and consumer-protection rules that apply to banks.

Regulatory clarity emerged

From fintech licensing to crypto frameworks to mandatory B-BBEE sectoral targets, the rules are becoming clearer. Compliance here can become your competitive moat.

Set in stone: CASPs new rules

Directive 9 from the Financial Intelligence Centre (FIC), which came into full effect on April 30, 2025 says Crypto Asset Service Providers (CASPs) are now legally required to securely transmit personal information of the originator and beneficiary alongside crypto asset transfers (both domestic and cross-border).

This data includes; Full name, Residential address, Distributed ledger address, and a crypto asset account number with the ordering CASP.

Making its way in: COFI Bill

As of August 2025, the COFI Bill (Conduct of Financial Institutions) is making its final way through the parliamentary process in the bid to essentially kill the sectoral “silo” approach (separate rules for insurers vs. banks) and moves to activity-based regulation.

This bill is significant in that it will effect extensive amendments to a lot of laws in the finance sector. See the full list here¹.

Financial institutions are advised to begin mapping their current activities to prepare for the activity-based licensing model, and to develop compliance frameworks aligned with this approach.

Top concerns for AI regulation in finance

South Africa’s AI regulatory trajectory converges with:

• EU AI Act: risk tiers, oversight, documentation
• UK FCA/BoE: model governance & accountability
• MAS FEAT / Veritas: fairness, ethics, transparency
• NIST AI RMF: lifecycle-based risk management.

Data from the FSCA (Financial Sector Conduct Authority) and Prudential Authority’s November-2025 published study on the use of Artificial Intelligence (AI) in the financial sector saw the following being primary regulatory concerns among financial service providers: 

N=220

• Data protection and privacy laws (82%), 
• Joint Standard – Cyber security and cyber resilience (54%), 
• Market conduct legislation (48%), 
• The Consumer Protection Act (47%),
• Intellectual property rights laws (39%)

B-BBEE

On the BEE side, on April 15, 2025, the Department of Employment and Labour released the official Employment Equity Regulations and Sector-Specific Numerical Targets, following the commencement of the Employment Equity Amendment Act on January 01, 2025.

Mandatory compliance certificate for state contracts

In terms of Section 53 of the amended EE Act, designated employers must secure a Certificate of Compliance from the Department of Employment and Labour in order to be eligible for participation in state tenders and contracts. 

‘Designated employers’ are those companies with 50+ staff. Municipalities, state organs, and those in collective agreements are also included. Previously, those fewer than 50 staff but with turnover above Schedule 4 thresholds were classified as designated employers. But not anymore.

Small businesses exemption from Chapter III of the EE Act

Employers with fewer than 50 employees are now exempt from Chapter III of the EE Act, regardless of their turnover. This exemption aims to ease administrative burdens and encourage job creation within small and emerging enterprises.

These are the thresholds per sector, which may now be considered null and void:

Numerical targets by sector

Final 5-year numerical targets for 18 economic sectors:

Conclusion

Incumbents like Lesaka, FirstRand, and Capitec are actively absorbing fintech agility to secure their future infrastructure. However, this consolidation comes with a significantly higher bar for compliance.

With the “Travel Rule” fully operational, the COFI Bill dismantling regulatory silos, and global-standard AI oversight on the horizon, Fintech firms that shift early will be better positioned to grow, partner, or exit on their own terms. This means starting to work towards activity-based regulation and heightened AI governance.

At the same time, government policy is recalibrating the balance between transformation and economic pragmatism by setting new BEE targets and updating employer thresholds.

Ultimately, success going forward requires navigating a complex triumvirate: aggressive technological integration, rigorous regulatory alignment, and measurable demographic transformation.

---

Annexures

1

Subsequent amendments resulting from COFI Bill

COFI will, amongst others, consolidate and replace various industry-specific conduct laws, such as:

• the Financial Advisory and Intermediary Services Act, 2002;
• the Collective Investment Schemes Control Act, 2002;
• the Short-term Insurance Act, 1998;
• the Long-term Insurance Act, 1998;
• the Credit Rating Services Act, 2012;
• the Financial Institutions (Protection of Funds) Act, 2001;
• and the Friendly Societies Act, 1956.

It will also effect extensive amendments to:

• the Pension Funds Act, 1956;
• the Financial Sector Regulation Act, 2017;
• the Banks Act, 1990;
• the Labour Relations Act, 1995;
• the Insurance Act, 2017;
• the Income Tax Act, 1962;
• the Financial Markets Act, 2012;
• the Medical Schemes Act, 1998;
• the Transnet Pension Funds Act, 1990;
• the Co-operative Act, 2005; and
• the Government Employees Pension Funds Law, Proclamation, 1996.

The COFI Bill further scopes within its ambit certain activities under the National Payments Systems Act, 1998 and the National Credit Act, 2005.