In a conference room at Rainbow Towers Hotel, history was made quietly — and those paying attention know it.
By Jabulani Simplisio Chibaya
HARARE – THE Securities and Exchange Commission of Zimbabwe (SECZIM) convened a landmark stakeholder engagement session on Wednesday, bringing together regulators, industry practitioners, and compliance professionals to begin shaping what could become one of the most consequential pieces of financial legislation this country has produced in a generation. The subject: Virtual Assets and the Virtual Asset Service Providers (VASPs) that power them.
The session, themed “Understanding Virtual Assets and Virtual Asset Service Providers,” ran from 09:00 to 11:00 and was offered free of charge — a deliberate signal that SECZIM intends this process to be genuinely inclusive. It was not a tick-box exercise. It was a substantive, consultative conversation about where Zimbabwe stands in the rapidly evolving global digital asset landscape, and more importantly, where it needs to go.
The Panel That Set the Tone
The discussion was anchored by a three-person panel whose collective depth in fintech law, compliance, and virtual asset regulation gave the session an authority seldom seen in domestic regulatory forums.
Jabulani Simplisio Chibaya, MBA, a GRC and FinTech specialist with expertise spanning data governance and financial regulation across multiple jurisdictions, brought a rare combination of technical rigour and African market perspective. Having conducted years of research and advisory work in the virtual assets space, Chibaya’s contribution centred on framing the structural questions Zimbabwe must answer before it legislates — questions about what a well-built, regulator-ready VASP actually looks like from the inside, and where the non-obvious risks hide in an ecosystem that most regulators are still learning to read.
Joining him was Chanal Tanya Subramoney (née Kistnasami) of Yellow Card, a figure who has been instrumental in shaping VASP laws and regulations across Southern Africa. Her experience is extraordinary in both breadth and depth — spanning the continent and extending beyond it, including engagements alongside the United States Secret Service on virtual asset crime. When Yellow Card speaks to regulators across the region, they listen. Her presence on the SECZIM panel was a statement of seriousness on the Commission’s part.
Rounding out the panel was Phenyo P. Dingalo, Regional Counsel for SADC at YellowCard — a seasoned legal and compliance professional whose command of fintech regulation across the southern African region is genuinely formidable. Dingalo’s lens on cross-border compliance, Travel Rule implementation, and the practical realities facing regulated VASPs operating in multiple jurisdictions gave the session texture and grounding that purely theoretical discussions often lack.
Together, the three panellists covered ground that matters: what a well-structured, regulator-ready VASP actually looks like; where unhosted wallets and peer-to-peer transactions create regulatory blind spots and how to close them; and what SECZIM should be watching for that is not obvious on the surface.
The Substance: What Was on the Table
Three thematic questions structured the engagement, each touching a critical fault line in virtual asset regulation.
The first concerned Decentralised Finance (DeFi) and decentralised exchanges (DEXs) — and how they fundamentally disrupt the traditional model of financial intermediation. In conventional finance, accountability is clear: a bank, broker, or exchange stands between counterparties, holds assets, verifies identities, and can be supervised, sanctioned, or compelled. DeFi replaces that institutional accountability with self-executing smart contracts deployed on public blockchains. There is no central entity to freeze an account, no institution to examine, no VASP to license — and yet, transactions with real economic consequences are happening every day. For a regulator like SECZIM, the question is not whether DeFi exists. It is whether Zimbabwe’s framework will be designed to engage with it functionally, or whether it will write rules that the ecosystem will simply route around.
The panel’s guidance here was clear: adopt a functional approach to regulation — one that focuses on what an entity does rather than what legal structure it takes. Kenya and South Africa have already moved in this direction. A functional framework captures DeFi front-end operators, fiat on-ramps, and governance token holders with administrative powers — the actual points of centralisation within otherwise decentralised systems — rather than chasing a legal definition that technology can always outrun.
The second question addressed what operational, governance, and compliance structures regulators should expect from VASPs seeking authorisation. This is the heartbeat of any effective licensing regime — and the panel was unsparing in its assessment of what good looks like. Three pillars define a credible VASP: operational integrity (proper segregation of client assets, robust cybersecurity, cold storage protocols, business continuity plans); governance accountability (fit-and-proper requirements for directors and beneficial owners, independent Money Laundering Reporting Officers with direct board access, transparent ownership registers); and compliance architecture (full KYC/Customer Due Diligence at onboarding, Travel Rule implementation for qualifying transfers, real-time sanctions screening, and regular Business Risk Assessments that are actually reviewed rather than filed and forgotten). The collapse of FTX in 2022 — where client funds were co-mingled with operational capital and used for proprietary trading — remains the defining cautionary tale, and any VASP that cannot demonstrate clear, auditable segregation of client assets on day one should not receive a licence.
The third question tackled what is arguably the most technically challenging area in virtual asset compliance: unhosted wallets and peer-to-peer transactions. An unhosted wallet — controlled directly by its owner via a private key, with no VASP holding the funds — creates a compliance gap. When a customer sends funds to their own MetaMask or Ledger wallet, there is no receiving institution to send Travel Rule data to. The panel outlined a practical toolkit: blockchain analytics platforms (Chainalysis, Elliptic, TRM Labs) that can trace the entire transaction history of a wallet address and flag prior interactions with mixers, darknet markets, or sanctioned entities; cryptographic wallet ownership verification techniques; automated transaction monitoring rules; and, for transfers above defined thresholds to unhosted addresses, mandatory Enhanced Due Diligence backed by source-of-funds documentation. The recommendation was clear: before accepting unhosted wallet deposits or withdrawals at all, a VASP should have a blockchain analytics subscription and documented procedures in place.
What It Means for Zimbabwe
Zimbabwe’s current regulatory position is honest: the country classifies VASPs as AML/CFT reporting entities but does not yet have a dedicated virtual assets statute. SECZIM’s consultation is the step that precedes formal legislation. That is not a weakness — it is, in fact, the right sequence. The countries that have moved fastest without adequate consultation have often found themselves legislating amendments within eighteen months.
But the window for Zimbabwe to position itself advantageously is not unlimited. Across the region, the landscape is shifting rapidly. South Africa has a licensed FSP regime treating VASPs as accountable institutions under the FSCA. Nigeria passed its Investments and Securities Act in 2025, bringing virtual asset exchanges under SEC supervision. Kenya enacted a VASP Act with a dual-regulator model in 2025. Ghana’s VASP Bill reached the legislature in December 2025. Zambia issued a directive in March 2026 requiring all VASPs to register with the Bank of Zambia. Zimbabwe is not behind — but it is at an inflection point where the decisions made in the next twelve to eighteen months will determine whether the country becomes a destination for compliant, well-capitalised VASP operators, or a grey zone that attracts the wrong end of the market.
The stakes are particular to Zimbabwe’s economic architecture. This is a multi-currency environment with significant mobile money penetration and a diaspora that sends hundreds of millions of dollars home each year — much of it through expensive, slow, traditional channels. Regulated VASPs offering stablecoin remittance products could transfer that value at a fraction of the cost of Western Union or correspondent banking, reaching Zimbabweans in the diaspora corridors of South Africa, the United Kingdom, and beyond. Getting the regulatory framework right is not an abstract policy exercise — it has direct implications for the financial lives of millions of ordinary citizens.
There is also a monetary sovereignty dimension that cannot be ignored. No African central bank recognises virtual assets as legal tender, and the Reserve Bank of Zimbabwe must ensure that any VASP licensing regime does not inadvertently enable substitution of the Zimbabwe Gold (ZiG) or undermine monetary policy transmission. Explicit parameters on which stablecoins are permissible, what reserve requirements apply, and what redemption rights users hold must accompany any licensing framework from the outset — not as an afterthought.
And then there is Zimbabwe’s standing with international financial partners. The country’s history with FATF-related scrutiny makes rapid Travel Rule implementation — under FATF Recommendation 15 and 16 — not merely a compliance aspiration but a credibility signal. As of 2026, 85 of 117 FATF jurisdictions have passed or are legislating Travel Rule compliance. Countries that align quickly demonstrate institutional seriousness. Countries that do not invite grey-listing consequences that ripple through correspondent banking access for every financial institution in the country.
The Road Ahead
SECZIM’s consultative approach drew warm acknowledgement from the panel. Running an open process — and graduating sandbox participants as part of the journey rather than imposing a finished framework — is precisely how you build a regulatory architecture that actually works in practice. Sandbox-first models allow the regulator to test oversight frameworks with willing VASPs before scaling to mandatory licensing, building both regulatory capacity and industry trust simultaneously.
The immediate priorities are clear. SECZIM should move toward formalising the Travel Rule as a legislative requirement — specifying the threshold, the data fields, and the technology solutions it will accept. It should establish minimum standards for blockchain analytics subscriptions as a condition of licensing, without which any VASP’s unhosted wallet risk management is effectively blind. It should publish guidance on stablecoin products before the market runs ahead of the regulation. And it should invest in training supervisory staff in on-chain analytics — a skill set that requires active development, and one where regional collaboration with South Africa’s FSCA and Kenya’s CMA can accelerate knowledge transfer at low cost.
For VASPs looking at Zimbabwe, the message from Wednesday’s session is equally pointed: do not wait for legislation to implement your KYC/CDD infrastructure, appoint your MLRO, or document your AML/CFT programme. Early engagement shapes better regulation, and early compliance signals good faith. The operators who arrive at the licensing counter already compliant will find a faster path to authorisation. Those who treat compliance as a box to tick after the rules are finalised will find themselves playing catch-up in a framework shaped by others.
Conclusion: Building the Foundation
The innovation is coming. The question is whether Zimbabwe’s regulatory foundation will be ready to receive it well.
What happened at Rainbow Towers on Wednesday was not merely an information session. It was the beginning of a framework-building process that will define whether Zimbabwe attracts the best of what the digital asset ecosystem has to offer — or whether it cedes that ground to its regional peers who moved earlier and more decisively.
The panel that SECZIM assembled gave the country’s regulators something invaluable: a clear-eyed, practitioner-grounded map of the terrain ahead. What Zimbabwe does with that map in the months that follow will matter enormously — for financial inclusion, for the diaspora corridor, for monetary credibility, and for the country’s place in Africa’s digital financial future.
The foundation is being built. And if Wednesday’s session is any indication, it is being built by people who understand exactly what is at stake.
This article draws on proceedings from the SECZIM Stakeholder Engagement on Virtual Assets & VASPs, held on 4 June 2026 at Rainbow Towers Hotel, Harare.
Jabulani Simplisio Chibaya is a Data and AI Consultant specializing in data science, artificial intelligence, blockchain, and cryptocurrency innovation. A seasoned conference speaker, he also writes on the intersection of technology, regulation, and economic development. Contact: Cell: +263 778 921 881 | Email: simplisiochibaya22@gmail.com | LinkedIn: https://www.linkedin.com/in/jabulani-simplisio-chibaya
© etimes.co.zw | June 2026
Discover more from Etimes
Subscribe to get the latest posts sent to your email.