The Banking Catch-22

The South African market-entry problem most foreign fintechs discover too late is not the form. It is the gap between a bank applying FICA logic to an unknown foreign entity — and the FSCA applying FAIS operational-ability logic to a licence applicant.

1. The Moment It Breaks

Nadia had the FSCA application ready.

Her lawyers had reviewed it three times. The CIPC documents were clean. The Key Individual file was in order.

One item sat on the checklist: South African business bank account.

The bank asked for the licence.

The FSCA application asked for the bank account.

Nadia stared at the email chain, did the small laugh people do when the room has caught fire but the Teams call is still open, and asked the only question left: "So who moves first?"

Nobody.

2. Naming the Deadlock

A structural deadlock between two correct institutions.

The Banking Catch-22 is the point where a South African bank will not onboard an unlicensed foreign fintech because the risk profile is incomplete — while the FSCA will not approve the licence because the operating capability is incomplete without banking.

That distinction matters. If the bank is wrong, you escalate. If the regulator is wrong, you argue the interpretation. If both are right, the answer is architecture.

Figure 01 — The deadlock is not a paperwork problem. It is a sequencing problem.

3. Why the Bank Is Right

Start with the bank.

A foreign fintech arrives in South Africa with a slick deck, a cross-border payments model, maybe a crypto or stablecoin rail somewhere in the machinery, and no local track record.

To a CEO, that sounds like market entry.

To a bank risk committee, it sounds like unknown source of funds, unknown customer base, unknown sanctions exposure, unknown AML controls and unknown transaction behaviour.

Lovely.

Now add the country context. South Africa was grey-listed by FATF in February 2023 and exited in October 2025 after completing 22 action items. That exit was a milestone, not a spa day. The next mutual evaluation cycle runs into 2027, and every serious bank knows the exam has moved from policy promises to enforcement outcomes.

You can feel that in onboarding rooms.

In January 2025, the Prudential Authority sanctioned Standard Bank R13 million for FIC Act weaknesses. In April 2025, Absa took a R10 million sanction after customer due diligence and transaction-monitoring failures.

So when a foreign CASP, FX broker or B2B payments applicant asks for a bank account before the licence is live, the bank is remembering the invoice for getting FICA wrong.

Basel III does not help the mood. Higher capital and liquidity discipline make banks more selective about low-information, high-admin relationships. A new foreign entity with no South African operating history, no approved licence and a business model that touches cross-border flow is a meeting with extra chairs.

4. Why the FSCA Is Right

The regulator is not asking for a bank account because someone in Pretoria enjoys watching founders suffer.

The FAIS Act licensing regime requires fit and proper applicants. Board Notice 194 of 2017 includes operational ability requirements.

Operational ability means the applicant must show that it can actually run the financial services business it wants permission to run.

For an FSP, that includes business address, communication, records, systems, compliance arrangements, financial soundness and banking arrangements.

For a CASP, the same logic gets sharper because crypto activity brings custody, wallet, cyber, Travel Rule, FICA and client asset questions into the room.

So when the FSCA looks at an applicant with no bank account, no banking pathway and no credible account-opening strategy, it sees a business plan with a hole in the floor.

5. The Sequential Trap

Here is where most advisory work in this market gets too neat — and, frankly, too lazy.

The checklist says:

• register company,

• appoint Key Individual,

• prepare FSCA application,

• open business bank account,

• submit.

It looks tidy. It also fails in real life.

Figure 02 — Round and round, like a regulatory airfryer with no chicken in it.

Sequential processing is the enemy. By the time the client reaches the bank, the bank wants comfort the FSCA has not yet given. By the time the client returns to the FSCA, the FSCA wants operational proof the bank has not yet enabled.

Round and round.

This is where generic advisers quietly offload the hardest part to the client. "Open a business bank account" appears as a bullet point under prerequisites, usually between tax registration and proof of address, as if a foreign payments company can walk into Sandton with a passport, a smile and a dream.

Good luck, my friend.

The numbers behind the trap

• 512 CASP applications received by the FSCA in its December 2025 CASP update.

• 121 voluntarily withdrawn after FSCA engagement.

• 120+ further applications withdrawn at the end of the FSCA 2025/26 cycle.

The CASP numbers make the point with less poetry. In the FSCA's December 2025 CASP update, the regulator had received 512 applications. 300 were approved. 14 were declined. 121 were voluntarily withdrawn after engagement with the FSCA.

By the end of the FSCA's 2025/26 year, the direction had not changed: more than 120 applications had been voluntarily withdrawn after regulatory engagement.

Those withdrawals were not random confetti. The FSCA identified fit and proper failures, especially operational ability and competency. Inside that operational ability bucket sits the thing founders feel in their bones: no credible banking, no credible operating model.

A withdrawn application often reads politely from the outside.

Inside the room, it usually sounds like: "We cannot prove we can operate yet."

6. Parallel Architecture

Begging harder at the bank solves nothing.

Submitting a thinner FSCA file and hoping nobody notices the missing banking piece solves even less. Hope is Oros at room temperature with a board resolution attached.

The conceptual frame is parallel architecture.

That means the bank and the regulator are pre-qualified in parallel.

Figure 03 — The mechanics stay behind the engagement wall. The public point is the architecture, not the route map.

The bank needs enough clarity to decide whether the risk is bankable. The FSCA needs enough operational substance to decide whether the applicant is fit to operate.

The architecture has to let both institutions become comfortable without asking either of them to pretend the other one has already approved the thing.

For FSP applicants in B2B cross-border payments, the licensing model, flow-of-funds logic, FICA posture and account-opening story cannot be designed in separate little boxes. For CASP and stablecoin operators, the FSCA conduct perimeter, FIC accountable-institution duties, Travel Rule posture and banking-risk story have to speak the same language before the first serious bank meeting.

The evidence pack stays behind the wall. So do the sequencing mechanics, the banking relationship strategy, the bank names and the internal routes that make this move faster.

If your adviser treats the bank account as client homework, they have missed the architecture. If they treat the FSCA application as a document exercise, they have missed the operating test. If they treat CASP licensing as crypto paperwork, they have missed the post-grey-list enforcement mood sitting behind the bank's face.

And yes, the bank has a face. Usually polite. Usually calm. Usually saying no with a very expensive smile.

7. The Adviser Test

If your current advisers have listed "open a business bank account" as your item to sort out — ask them three questions.

1. Which bank?

2. Which relationship manager?

3. What evidence pack should we bring to the first meeting?

The answer will tell you everything.

Start with the operating problem — not a prettier checklist.

This is where we start: with a Bank-Ready Diagnostic and a market-entry architecture that gives the bank and the FSCA something real to assess.

If your FSP or CASP application is stuck at the bank-account line, book a strategy call.

→ Book a strategy call with Calford & Grey Advisory: calfordgrey.co.za

Source trace · Built from Calford & Grey's Banking Catch-22 article note, regulatory-licensing knowledge base, CASP operational-ability notes, FATF grey-list exit context, Prudential Authority sanctions context, and the Calford & Grey brand and diagram standards. This article sells readiness, architecture and evidence. It does not guarantee bank, FSCA, SARB or FinSurv outcomes.