There is nothing in the FAIS Act that suggests that a Key Individual needs to be positioned internally within the FSP and by this statement, the Authority is an overreach.
Over the past few years, the FSCA has been very inconsistent when reviewing Key Individual applications. It seems as if the Authority is weary of approving Key Individual applications where the Key Individual is already approved on another license. One analyst will start questioning a person’s operational ability once the Key Individual is approved on more than 1 license, while another analyst will only raise operational ability concerns after 3 approvals. At face value, the case-by-case approach that seems to be the modus operandi at the moment is prejudicial as there is really no set criteria for the operational ability test.
Yes, the role of the Key Individual is one that is critical to ensure that the management and oversight role in respect of the financial services and activities is carried out and performed by the FSP. This entails ensuring that the financial services are rendered with utmost good faith, due care, skill and diligence. We also understand that the recent strictness in the application of the operational ability requirement stems from the FSCA seeking to curb rent-a-KI situations within the industry. However, the manner in which the Authority has opted to go about doing so, is more burdensome and somewhat inefficient.
What was also very enigmatic in a recent application, was when an analyst said:
“There is also a clear intent that the FAIS Act requires a key individual to be positioned internally within the FSP to oversee the activities of that FSP as well those of the appointed representatives of the FSP and as such can therefore not be too far removed from the day-to-day activities of the business of the FSP.”
There is nothing in the FAIS Act that suggests that a Key Individual needs to be positioned internally within the FSP and by this statement, the Authority is an overreach.
My suggestion is for the Authority to decide and place on record the exact maximum number of licenses a Key Individual can be on, instead of moving the goal post as and when it is suitable. Otherwise, the “unintended consequence” would be that there will be a vast shortage in the industry thereby limiting access even to new entrants. I say “unintended consequence” because at this rate, we are not really certain of the Authority’s intention. Also, what happened to progressively “cutting the red tape” and ensuring access as stated by the President of the Republic?
We recently attended a workshop hosted by the FSCA on their new envisaged FAIS compliance reports called, Conduct of Business Reports (in typical regulatory nomenclature) also known as CBR reports.
Here is a summary of the key points from the Workshops conducted by the FSCA on the 7th and 8th of July 2022. Both workshops, (one aimed at smaller and one aimed at larger FSPs) contained the same contents albeit the questions posed by the participants were somewhat different.
Purpose of the CBR report: The FSCA published the report in its draft form to give the industry an idea of the questions they can expect and should prepare for. They also want the industry to comment on the applicability and format of the questions.
Some of the feedback the industry gave at the workshop was as follows:
Comment/question: The report does not seem to be in line with “cutting of red tape” for the industry as it is overly burdensome
Feedback from the FSCA: The Insurance industry is already reporting in a similar manner and although the financial services industry has not used the reports before, just as with the compliance reports, the CBR reports will take some getting used to. The FSCA also reiterated the fact that although the report will eventually be tweaked here and there, the contents and questions asked will not change
Comment/question: Smaller FSPs (especially 1 man run entities) do not see how it will be practically possible for them to be able to complete and submit the report, while conducting business and ensuring the timely submission of all other regulatory requirements
Feedback from the FSCA: The answer to this question was essentially the same as above. The FSCA also added that the questions for larger and smaller FSPs are exactly the same.
Comment/question: The industry is concerned about the actual length and complexity of the report. It was also suggested that the definitions section should be expanded further, especially because some of the terms and concepts used are not in legislation
Feedback from the FSCA: The FSCA will try and expand on the definitions and will also issue guidance notes.
Comment/question: How will feedback be provided (if any) after reporting
Feedback from the FSCA: The main idea is not for the FSCA to provide feedback but rather to regulate market conduct. The main entities that will be consulted, will be the outliers within a particular sector.
Imagine if you asked the same questions and took the same approach for all clients when rendering financial services. The FSCA would have a massive problem with that but it is exactly what they are doing with the current format of the CBR reports.
The FSCA acknowledged that the report is not perfect and may have a few errors, but the content is what the industry should focus on, as not all functionality has been built in yet.
It is concerning to us that the regulator does not seem to take complaints of increased red tape seriously and often dismisses it or ignores it. Of equal concern is the fact that the same questions are asked of large and small FSPs - this makes no sense. Imagine if you asked the same questions and took the same approach for all clients when rendering financial services. The FSCA would have a massive problem with that but it is exactly what they are doing with the current format of the CBR reports.
Luckily the industry seems to all have the same concerns and we'll keep a close eye on how the FSCA handles it.
Submission of the reports
When? The reports are not yet due, and the implementation will be done in a staggered approach over the next two or so years. The FSCA did indicate that there will be a Pilot Project in early 2023 and FSPs are encouraged to volunteer for the same. The obvious pro in volunteering, would mean you would get first-hand experience with the final report and feedback on the same. As stated in the Omni CBR Roadmap, this is a multi-year project, and the FSCA will consult on the implications of the reporting more than once and support the industry in implementing it in an incremental manner.
Therefore, the current phase is specifically for the practicality of questions. Next year the FSCA will be dealing with the functionality and practicality of the report. Implementation will start in 2024 in phases.
If you would like to volunteer for the Pilot Project, kindly send an email to firstname.lastname@example.org or email@example.com
The FSCA finally published drafts of their new compliance reports and in line with all things bureaucratic decided to call them Conduct of Business Reports or CBR for short. This report seems like it will attempt to enable all financial institutions ranging from Banks to one-man run FSPs to fill it in. It will do this by changing the content of the report depending on the input of the person filling it in.
At first glance the report seems broken as certain fields do not work and some of the auto selection an population content does not activate when it should. What we can see at this stage is that the information asked for is copious and some of it does not seem related to aspects of legislation.
The content was informed by overseas regulators in western developed nations. Although this is a good base to start from, one must significantly adapt as we are not a western developed nation. We must still develop and overregulation will not get us there. Our President recently embarked on a campaign of cutting red tape to enhance business creation and operation. I do not think this complex reporting approach is in line with this goal.
Much more action and responsibility needs to be taken by the authorities when malfeasance is brought to their attention instead of placing a heavy regulatory reporting burden on financial services providers. And in these economic times there is even less breathing space for businesses as it is. We'll publish our comments via our industry bodies in line with this approach but please feel free to comment on your own as well or via your industry bodies.
Their documentation states that they will only commence Phase 2 of the Consultation in Q1 2023 and that first reporting will likely only start in 2024.
There are workshops on the CBR reports and we will attend them on your behalf but anyone can attend them and voice their opinions if they’d like. Please see the links and documents at the end of this post.
Their documentation states that they will only commence Phase 2 of the Consultation Process in Q1 2023 and that first reporting will likely only start in 2024.
Written comments must be submitted via the secure FSCA “Comments” portal, available on the FSCA website under Home > Regulated Entities > E-services or by clicking here. The comments template is web-based and is available for completion by any individual on behalf of a licensed financial institution or industry association.
The “Comments” portal will only be available from 10 June 2022 and all written comments must be submitted by 10 August 2022. The portal will be closed for any further submissions after this date.
Workshops can be booked for here:
Large FSPs (turnover >R5)
Smaller FSPs (turnover <R5m)
For more information about this Communication please contact Ms Juanita Smit at Juanita.Smit@fsca.co.za and copy FSCA_Omni_CBR_Comments@fsca.co.za
What is this?
The FSTC recently sent out important reporting changes and information. See the original communication here. To be clear, the FSTC is not to be confused with the FSCA. Although this does not fall in the realm of FAIS compliance, we thought it is a good idea to perhaps just summarise the requirements and application thereof.
Usually the BEE components of a business is handled internally/with HR or accountants in consultation with Verification Agents (BEE Compliance Officers) if need be.
The FSTC is mandated to obtain BBBEE statistical data from entities operating in the financial services sphere on their progress relating to BBBEE. They send out a request once a year for statistical data so they can compile their annual report on the progress of Financial Institutions with the Financial Sector BBBEE codes.
Who does this apply to?
The sectors/companies asked to report are:
This does not apply to:
How do I report if I need/want to?
Changes in Submission of Reports:
It is extremely important to note that the FSTC changed the method for companies to submit reports. The FSTC will NO LONGER accept reports via the reporting email.
The reports and supporting documents should be submitted as a folder through Drop Box. All report should now be submitted electronically to the Drop Box link: https://www.dropbox.com/request/YYZggWgIZT3BwJrh4AP5 with the folder named: FSTC 2020/21 Reporting– (name of entity).
FIs were requested to submit the full final verification reports, to the FSTC no later than the end of the business Friday, 12 August 2022. All reports are to be submitted electronically to the Drop Box link.
***Avoid editing and saving online into one drive. ***
Should an entity encounter difficulty in providing the above-requested information they should contact the FSTC at firstname.lastname@example.org, or call (011)838 6696 or get in touch with their respective Trade Associations for more clarity
2022 Compliance Reports
The FSCA has confirmed that there will be no compliance reports yet for this year. They are still busy drafting the new Conduct of Business Reports it seems. The last compliance reports were issued in 2018. It is not clear why it is taking them 4 years + so far to draft new CBR reports. My guess is that they are waiting for the COFI Act first, which still has to become law. Or maybe some more coffee is needed, post-haste. But that is just an educated guess at this stage. In the meantime we continue to make sure our clients are compliant in terms of what the law requires of them.
You can read more here.
FICA FATF Review
In other news, the FIC issued a document with a complicated title: "Important communication regarding FATF Mutual Evaluation: Immediate Outcome 4 - Preventative Measure". I am going to save you the time you would have spent to read the 10 page document and summarise if for you.
The document basically details that the Financial Action Task Force (the global rule maker responsible for FICA being in your lives) did an assessment on the compliance in South Africa and found us wanting. They say that entities do not understand the money laundering risk and also fail to identify reportable transactions and fail to report them to the FIC.
What does this mean? If South Africa (meaning, effectively, our regulators) does not pull up it's socks, then South Africa might get grey listed. Just know - this is not good. This also means the FIC and FSCA might do more intensive inspections of their own to prevent this. On the bright side, they will also assist the industry more. So expect more guidance and perhaps more changes to come.
Read more about this here.
By now it is old news that many of Russia's Politically Exposed Persons, entities and Prominent Influential Persons have been sanctioned. In terms of FICA, you may not deal with any sanctioned person and this may also be a reportable activity if any financial transactions are attempted.
This is just a reminder that all FSP's must check if their clients are sanctioned at onboarding stage (and keep proof of this) and whenever you are updating FICA information in line with the client risk rating being low medium or high.
If you are not using AML software to onboard clients you can search for sanctioned persons and entities on the following websites. The links work as a time of publishing this blog post.
The OFAC sanctions list is most up to date and works best:
The FIC search function exists but in my opinion is not 100% reliable and has some bug (for instance, it does not return results if all information is not entered):
We've recently attempted to register a number or Juristic Representatives in terms of the FAIS Act for our clients and were met with a rather peculiar situation. Previously, after we conducted a Due Diligence and all parties signed the necessary agreements one needed to merely add the JR on the register via the FSCA E-portal.
Much to our own surprise, it seems like this function is no longer available on the online system. When we phoned the FSCA we were told: "We no longer do it that way - you have to send it in for review.". Interesting.
There seems to have been no communication to anyone that this would change beforehand. And this seems to be a trend with the FSCA in terms of their licensing departments not communicating changes to their own stakeholders. As a further example of this we see many different kinds of documents being asked of FSP's without informing them beforehand so they can get them ready. There also does not seem to be an even playing field regarding this as the items they ask for can differ in substance and form.
When asked if they can perhaps publish these new requirements beforehand we are always met with the same answer: "in terms of Section 8(2) of the FAIS Act, The Authority may require an applicant to furnish such additional information, or require such information to be verified, as the Authority may deem necessary."
I am just taking an educated guess and that is the main problem here - if you do not communicate, people guess and speculate.
Now, in my opinion I do not think this section means you can just make up random requirements or nit-pick with regards to headings and file formats (we were recently asked to provide a statement of financial position in three different formats by three different analysts in three different license applications - there seems to be no internal communication or alignment about what is indeed required). In one recent case they asked for a Tax Clearance certificate - but for no other applications have I ever seen this in 10+ years of applications.
My friendly suggestion to the FSCA would be this: Decide on your formats, communicate it to everyone beforehand and be consistent in the application of your rules - you will have a much smoother process with happier stakeholders.
So what do the online cancellation of JR registrations mean? Maybe that they want to review the applications and maybe scrutinize it more closely, I suppose. It certainly means it will take longer than it did in the past. It could also be in preparation for COFI. I am just taking an educated guess and that is the main problem here - if you do not communicate, people guess and speculate. But, that being said - communication about these things still seems to be a problem and can be hugely improved.
We'll keep you posted on developments.
Long ago in a land not so far away the FSCA decided that it no longer wanted the obligation to investigate and debar people that should not be in the industry. One can only ponder as to why this is. Lack of resources is my best guess (as a person that used to, among others, work with and in a department that used to do this). As a result, this is something that now befell the FSP to do in 90% of the instances.
This has some unintended consequences such as:
In the recent case of NJ Du Plessis Wessels v African Wealth Organisation (Pty) Ltd and Others a person was debarred for a breach of restraint of trade. This is not grounds for the debarment of a person as this is a civil contractual matter and not something that affects the Fit and Proper status of the person. The appeal was granted as a result.
I've even seen stranger things like that time a person complaining about a cheating husband which must be debarred. Although this is uncouth and perhaps morally reprehensible, it is not grounds for debarment and has nothing to do with the person's work.
Be aware of your rights as a person that has been debarred - certain processes need to be followed to make this lawful. And if you are working in an FSP make sure your debarments are lawful as you may end up red-faced in the end.
We've seen many brokers use debarments as a way of getting back at each other and this is the unfortunate consequence of outsourcing your regulatory responsibilities to FSP's instead of having that power sit with the Regulator that can impartially look at cases with an expert eye.
Earlier this year the coming into effect of PAIA (Promotion of Access to Information Act) for all companies, private or public was extended to December. This meant certain companies were exempt (most companies) and others where not depending on staff size and turnover as well as industry.
This extension of exemption lapses on the 31st of December this year. Many thought they might extend this further but there has been no mention made of any further extensions. Thus, practically all companies in South Africa must as of 1 January 2022 have a PAIA manual on their website or, if they do not have one, they must have it available at their place of business.
Luckily the Information Regulator has made a template available as a suggestion of how this should look so one does not have to fork out money or wonder about the content. It is easy to implement and not much drafting is needed. One can view it here at the bottom of the page - be sure to fill it in correctly and add to your website under the legal section. Compared to POPI, PAIA basically consists of signing off the policy prescribed by the regulator and sticking it on your web page.
Or our clients can access our conveniently formatted version we sent to them and that we've made available on our client portal. If you are not a client you can buy one here.
In closing, I am baffled as to why all companies have to have this kind of policy as it is entirely likely that it will never be used by 99% of all companies. It is very useful if you want to obtain information as a journalist from state owned entities where our rights as citizens are concerned. However, persons will rarely use this as a method of obtaining their own information (freely available from the entities). By the way, people's own information is usually the only information that they care about and this is catered for by POPI.
Like with POPI, I do not see that the regulator will be checking all companies from the get-go to see if this is in place. Better safe than sorry though.
I am a fan of regulations and compliance that have reasons and make sense. I am also a fan of "less is more" when it comes to regulation. In that vein I do believe much of our current financial services regulation in South Africa over-corrects to protect investors at the expense of economic activity and innovation. I've written a previous blog post about it that you can find here.
It seems like Crypto is heading the same way if some voices of reason do not speak up. It is not new that a country wants to control or outright ban Crypto. China has banned, un-banned and re-banned it many times over. Other countries have seen the light and provided enabling regulations for Crypto to flourish and grow. Mainstream adoption is growing exponentially in the form of ETF's being issued and even card issuers like Visa joining the party. Some Crypto Exchanges have even listed on major stock exchanges.
So, what have our regulators done so far? They have issued zero final regulations. To their credit, there was a draft regulation on the advice and intermediary services on Cryptocurrencies issued in November of last year. But nothing has been said of that since a year ago. All that happened in the meantime is that the FSCA issued another draft regulation barring Pension Funds from holding Crypto assets. I would assume this includes NFT's (non-fungible tokens) in the form of Art which had sales of $10.7 billion in Q3 of 2021. The Reserve Bank has also reportedly pushed banks to prevent customers from buying Crypto with their cards and from buying Crypto from any company domiciled overseas.
So basically we only have confusion and frustrated businesses. I can't begin to tell you how many Crypto businesses approached us in the last two years to find out how they can comply and get licensed. Unfortunately you can't yet.
I understand that many people have been taken for a ride by Crypto scammers. But, many people have also been taken for a ride by money scammers. Does declaring investing in normal fiat money a crime, solve the problem? No, you but can rather provide trust by licensing exchanges and funds at best. One cannot eliminate all crime by force over-regulation as the criminals will still find ways to do the crime (rather beef up the criminal justice system). What you will accomplish with this heavy handed regulatory approach is overburden those that want to comply en ensure that less people are economically active in this space.
Instead, enable the industry through a measured approach with limited regulation that is both practical and that encourages new entrants to the market.
Blockchain technology is already changing the world and offering better use cases, privacy and trust for all involved. Cryptocurrency is just one use case of blockchain technology and we are at risk of getting left behind if do not create a better space for it to grow.
by: Horizon Compliance team