As digital finance, cryptocurrency and fintech services continue to expand across Africa, questions around regulation, oversight and legal risk are becoming increasingly pressing. In Lesotho, the regulatory framework remains cautious, fragmented and, in some areas, still under development. This creates both opportunity and risk for businesses, investors and consumers operating in the digital financial space.
This article provides an overview of the current legal and regulatory position in Lesotho, with a particular focus on cryptocurrency, payment services, anti-money laundering compliance and cybercrime regulation.
The Central Bank of Lesotho’s position on cryptocurrency
The Central Bank of Lesotho (CBL) has publicly clarified its position on cryptocurrency through a formal press statement. The Bank has expressly advised that it does not oversee, supervise or regulate cryptocurrencies or crypto-asset platforms operating in Lesotho. Importantly, the CBL has warned members of the public that any losses suffered through cryptocurrency transactions fall entirely outside its regulatory protection framework.
In practical terms, this means that consumers and investors have no recourse to the Central Bank in the event of fraud, insolvency or loss arising from cryptocurrency activity. The absence of regulatory oversight places the full risk squarely on users and market participants.
At present, the CBL has also not issued any policy position or regulatory guidance on central bank digital currencies (CBDCs). There is no indication that Lesotho is developing or piloting its own CBDC, and no public consultation process has been initiated in this regard.
Fintech services and infrastructure constraints
Lesotho has seen a gradual increase in fintech-related services, particularly in mobile payments and digital financial platforms. However, access to the underlying infrastructure remains uneven. Fintech adoption is largely concentrated in urban areas, with limited penetration in rural regions due to connectivity, banking access and technological constraints.
While innovation continues to emerge, the regulatory environment has not yet been modernised to actively accommodate new digital financial models. This creates uncertainty for fintech providers seeking to scale operations nationally.
Licensing requirements for payment service providers
Payment service providers operating in Lesotho fall squarely within the regulatory ambit of the Central Bank. Any entity offering payment services is required to obtain a licence from the CBL before commencing operations.
To qualify for a licence, an applicant must satisfy a number of statutory and regulatory requirements. These include, critically, that the licensee must be incorporated as a company and must maintain a registered office within Lesotho. Governance, capital adequacy, compliance and operational capacity are also key considerations during the licensing process.
Foreign fintech companies seeking to enter the Lesotho market must therefore carefully structure their operations to meet local presence and licensing requirements. Operating without the requisite licence exposes providers to regulatory enforcement action and potential shutdown.
National payment system reform: a regulatory gap
Despite the growth of digital finance globally, there have been no amendments to the national payment system framework in Lesotho aimed at enabling new market entrants or enhancing interoperability and innovation. No draft legislation or regulatory reforms have been proposed to modernise payment rails or broaden participation in payment clearing and settlement systems.
This regulatory inertia limits competition and innovation and may slow the development of more inclusive digital payment solutions within the country.
Anti-money laundering and financial sanctions compliance
On the compliance front, Lesotho has taken more concrete steps in relation to anti-money laundering and counter-terrorist financing obligations. The Financial Intelligence Unit of the Central Bank of Lesotho has recently issued guidelines focused on the implementation of financial sanctions.
These guidelines are aimed at enforcing sanctions imposed by the United Nations Security Council, particularly against designated terrorist organisations and sanctioned individuals. Financial institutions and regulated entities are expected to align their internal controls, screening mechanisms and reporting processes with these requirements.
For fintech companies, payment service providers and financial institutions, sanctions compliance is no longer optional. Robust customer due diligence, transaction monitoring and sanctions screening are essential to mitigate regulatory and reputational risk.
Cybercrime regulation: an unresolved vulnerability
One of the most significant regulatory gaps in Lesotho remains cybercrime. There is currently no dedicated cybercrime legislation in force. While a Computer Crime and Cybercrime Bill has been drafted, it has not yet been enacted and no timeline for promulgation has been announced.
In the absence of specific cybercrime legislation, enforcement relies on general criminal law provisions, which are often ill-suited to address modern digital threats such as hacking, data breaches, ransomware and online fraud. This legislative gap presents heightened risk for businesses operating digital platforms and handling sensitive data.
Key takeaways for businesses and investors
The legal landscape for cryptocurrency and fintech in Lesotho remains cautious and under-regulated. Cryptocurrencies operate entirely outside the supervisory remit of the Central Bank, while payment services are tightly regulated through licensing requirements. Anti-money laundering enforcement is strengthening, particularly in relation to international sanctions, but cybercrime regulation remains incomplete.
Businesses entering this space must carefully assess regulatory risk, ensure compliance with existing licensing and AML obligations, and implement robust internal controls to mitigate exposure in areas where the law has yet to catch up with technology.
--
Read the original publication at Mayet & Associates
