The Information Regulator recently announced that there will be no extension given to the current POPI grace period, which means that the due date will remain unchanged and all organisations in South Africa should comply with the Protection of Personal Information Act (POPIA) by the 1st of July 2021. The same due date counts for complying with the Promotion of Access to Information Act (PAIA).
Advocate Pansy Tlakula, chairperson of the Information Regulator also added to the above announcement that severe penalties will be given to business’s not complying with POPIA within the given timeframe (whether it is intentional or accidental). Penalties can include fines up to R10 million and a jail sentence of up to 10 years. It is therefore extremely important that ALL businesses implement the required POPI policies and procedures as soon as possible.
The POPIA is introduced to ensure business’s conduct themselves in a responsible manner when collecting, processing, storing, and sharing another entity’s personal information, by holding them accountable should they abuse or compromise personal information in any way.
The regulator can grant exemptions for certain circumstances and relevant functions within business’s if it is satisfied that the public interest outweighs the interference with the privacy of the data subject.
In this post we take a short look at what POPI and PAIA entails, who it applies to and when you need to do what. Obviously, this is a oversimplified summary created for short attentions spans. The work itself is much more in depth. Contact us if you do not have it in place yet and we can assist you with your POPI needs.
Many of you might vaguely recall the term POPI (Protection of Personal Information Act) but do not really know what to do with it and by when. The new regulations that come into full effect on 1 July 2021 mean every business in South Africa need to comply with them. This is in line with global trends to better guard personal information of clients, as can be seen in the EU with GDPR (General Data Protection Regulation).
What is it?
It deals with the management of client data and everything related thereto. In short, one would need the following to comply:
POPI should also be read with PAIA (Promotion of Access to Information Act). This Act only applies to certain companies with 50 or more employees and in certain sectors. Read more about whether you need to comply here or contact us for advice. The deadline for compliance on PAIA was extended to 30June 2021.
What is it?
PAIA is focused on providing the public with access to records of companies in a structured manner. Generally speaking if a company needs to comply with this law it needs to have
As always, contact us if you need help putting this in place.
National Treasury issued the second draft of the new COFI (Conduct of Financial Institutions) Bill on 29 September 2020. For those of you that do not know, the COFI Act will will replace the FAIS Act in totality and be the focus for your compliance in coming years. In addition, the COFI Act will regulate the conduct of other services and product providers. The bill also wants to ensure a level playing field. We need to keep the regulator accountable and we need to ensure the regulation makes sense whilst preventing the situation where "all animals are equal, but some animals are more equal than others", as the book of Animal Farm in the picture above warns.
The latest changes in the second draft are:
We are responding and commenting as a compliance firm to the draft. If you are a member of an industry representative body (like the FIA or FPI) you can also provide your comments through them. If you are not a member of an industry representative body then you can send your comments directly to National Treasury or to us to add it to our comments and to send on your behalf.
this piece of legislation will control your business in the future and determine the shape and form of your industry for years to come.
I, for one, am concerned at the new practise we see at the FSCA where they seem to ask extra and unlimited amounts of questions to new licensees without informing the applicant if these new requirements beforehand which leads to copious delays. In addition to that, I am concerned at how difficult it is with the FAIS Act in its current form to become a Key Individual or to start your own FSP. We will be taking up these and other concerns in our comments to the FSCA.
We encourage everyone to comment in whatever form because this piece of legislation will control your business in the future and determine the shape and form of your industry for years to come. Any risks, detriment to you or unnecessary red tape that is not addressed will become part of your life and we'd like to avoid that as much as possible.
The due date is 30 October 2020 but we've heard from some sources that they are still receiving comments after that as extensions were provided to certain industry representative bodies until 16 November 2020. Comments submitted directly to National Treasury can be sent to: email@example.com .
You can view the full published bill and other documents here.
You may be aware of third parties that offer the service of comparing product details when replacements are made on financial products. These comparisons are often relied on by advisors without ensuring all details contained therein are an accurate reflection of the financial product and all its unique and most updated features.
When the advisor relies on the comparison without ensuring 100% correctness, incorrect advice may be given and the client may make a decision based on the incorrect advice. Consequently, when disputes arise, the advisor wants to hold the third party responsible for providing incorrect information.
The FSCA is concerned about this practise and recommends that advisors check the factual correctness of all compared product features, before giving advice to the client. It is the responsibility of the advisor to ensure correctness, therefore, if a dispute arises, the advisor could be held responsible.
The same is true for pre-populated ROA's without replacements. We often see that advisors have a general statement that may or may not be tweaked to fit a client's circumstances, that paragraphs are copied between different clients' ROA's, or that one paragraph is copied and pasted over-and-over on the same ROA. This practise is a recipe for negligence and consequently, disputes. We urge all advisors to provide unique descriptions of a client's needs and reasons for preferences/choices, to ensure an accurate audit trail is kept and thus minimising opportunities for disputes.
The FSCA communication on this subject can be accessed by clicking on the "FSCA Post" button below:
Recent changes (June - July 2020) were made to the General Code of Conduct, Fit and Proper Requirements and Short Term Deposit Codes of Conduct to give effect to the RDR (retail distribution review), among other process that commenced long ago. Most of the changes that will affect an FSP are those contained in the General Code of Conduct. It is to be noted that most of the legislative changes that have an effect on FSP's come into effect only 6 months after publication.
We summarise the changes here shortly and will further disseminate and assist our clients in the coming months to implement this.
Fit and Proper Changes
The bulk of the changes under Fit and Proper are administrative in nature such as aligning definitions across product legislation and FAIS legislation and correcting numbering so there is not too much that will affect you here. Notable changes to the regulations here are:
Changes to the General Code of Conduct
Here are many changes that will impact the operation of an FSP in general. Close attention is to be paid here. Notable changes are:
Changes to the Short Term Deposit Code of Conduct
These changes mainly apply to banks and are of an administrative nature where definitions are aligned to the new changes in the General Code of conduct. Not much to see here.
Please the full set of notices here if you are feeling particularly sadistic and want to read the legislation yourself.
I recently counted the number of Covid regulations and they number at approximately 147 different documents on the Government Website. That is a ridiculous amount of new rules that I suspect many people transgress every day without even knowing it - and I do not blame them.
The FSCA, Reserve Bank and Prudential Authority issued a new set of Covid Measures for FSP's to comply with under level 3 lockdown. These rules also allow FSP's to actively deal with clients in a prescribed manner, which I suppose is a silver lining. Please see the full document here. We've tried to take the essence out of it as much as possible to show you what you need to comply with in this post.
Apart from what we detail in this post please remember that financial institutions must comply with the Occupational Health and Safety Directives issued by the Minister of Employment and Labour in terms of the Regulations regarding the precautionary measures in workplaces. You can find these regulations here.
Where face to face meetings or physical interaction with customers are unavoidable, in order to protect both the employees of the financial institution as well as financial customers, these meetings should be held at premises where appropriate health measures and social distancing can be implemented, such as-
A financial institution should not hold meetings at the homes of clients, or visit financial customers at home for purposes of providing financial services to them.
Where exceptional circumstances require that a meeting takes place at the home of a customer, the following protocols must be followed:
A financial institution must upon request by the Authorities submit the name of the COVID-19 compliance officer designated under Regulation 47 and its workplace plan as contemplated in Regulation 47(1)(b) of the Regulations to the Authorities.
What is this?
We've recently received some calls from clients on the FSTC (Financial Sector Transformation Council) reporting BBBEE communication sent out by the FSCA on behalf of the FSTC. See the original communication here. To be clear, the FSTC is not to be confused with the FSCA. Although this does not fall in the realm of FAIS compliance we thought it is a good idea to perhaps just summarise the requirements and application thereof. Usually the BEE components of a business is handled internally/with HR or accountants in consultation with Verification Agents (BEE Compliance Officers) if need be.
The FSTC is mandated to obtain BBBEE statistical data from entities operating in the financial services sphere on their progress relating to BBBEE. They send out a request once a year for statistical data so they can compile their annual report on the progress of Financial Institutions with the Financial Sector BBBEE codes.
Who does this apply to?
The sectors/companies asked to report are:
This Amended FSC does not apply to:
How do I report if I need/want to?
FIs were requested to submit the full final verification reports, to the FSTC no later than the end of the business Friday, 05 June 2020. All reports are to be submitted electronically via email to firstname.lastname@example.org with the subject: FSTC 2018/19 Report– (name of entity). In the past, however, they did allow entities to still submit after this date, however we cannot guarantee this.
Should an entity encounter difficulty in providing the above-requested information they should contact the FSTC at email@example.com, or call (011)838 6696 or get in touch with their respective Trade Associations for more clarity
*This post is updated as and when information changes or regulations are added. Latest Update: 04/22/2020.
In this post we tell you all about how financial services companies can operate lawfully and safely during the lockdown. We are all aware of the lockdown currently implemented in South Africa due to the COVID-19, and even though we are in a lockdown, we should not confuse this period for a complete shutdown for financial services. Businesses that produce, distribute and deliver essential services are allowed to continue operations if necessary, whilst adhering to the correct health and hygiene procedures during this time.
There was a release of a third amendment which brings greater clarity to what is regarded as essential services in the financial sector. This amendment is the third amendment to the Regulations to the Disaster Management Act 2002, published by Government Notice No 318 of 18 March 2020, as amended by Government Notice No 398 of 25 March 2020 and Government Gazette Notice No 419 of 26 March 2020 (Regulations).
What is regarded as essential services in the financial market?
Essential Services in the financial market includes the following services necessary to maintain the functioning of a financial system as defined in section 1(1) of the Financial Sector Regulation Act, only when the operation of a place of business or entity is necessary to continue to perform those services:
What is our interpretation of FSP's rendering services during lockdown period?
We would argue the services that FSP's render fall under the essential services definition as mentioned above and can therefore continue operations if necessary to service current clients. This does not mean you should go out and canvass for new clients face to face. The essential services exemption is there to assist current clients in need that have no other option but to see you in person - i.e. vulnerable persons and those of little means. The FSP needs to have a CIPC certificate to continue operations and the staff need a permit issued by the FSP itself if they are traveling to and from clients.
Important information for FSP's during this lockdown period:
Where do I request a permit issued by the CIPC for my FSP?
The permit for an FSP to render essential services can be requested online, and is issued by the CIPC. Follow this link to request a permit or click on the "Request a CIPC permit" button below: bizportal.gov.za/essential_service.aspx
Where do I get a permit for the staff of my FSP if they are traveling to clients?
The permit to render essential services for staff of an FSP can be issued by the FSP. Use the form in this link, or click on the "Issue a Permit for my staff" button below: guideline_permit_essential_services.pdf
Are there any exemptions to provide relief to my FSP during the pandemic?
Annual Financial Statement submission dates are usually 4 months after the financial year end, it has now been extended by 4 months, therefore submissions are due 8 months after your FSP's financial year end.
An exemption for compliance with Financial Soundness Requirements was also issued and can be summarised as follows:
GENERAL SOLVENCY REQUIREMENT (Assets must exceed Liabilities)
Exemption: Liabilities may exceed Assets by no more than 20%
Applies to: All Cat 1’s / Cat 2 / Cat 4
WORKING CAPITAL REQUIREMENT (Current Assets must exceed Current Liabilities)
Exemption: Current Liabilities may exceed Current Assets by no more than 20%
Applies to: Cat 1 Holding Funds / Cat 2 / Cat 4
LIQUIDITY REQUIREMENT (Maintain Liquid Assets equal or greater than X/52 weeks of Annual Expenditure)
Exemption: The Liquid Assets may not be less than 50% of the specified Liquidity Requirement:
If you decide to rely on the exemption for Financial Soundness Requirements, there are certain conditions to be met. For more details, please refer to FAIS Notice 21/2020 on the FSCA website.
Note that there are also no Compliance Reports due for 2020.
Practical measures you must comply with
The FSCA and Prudential Authority also issued a joint Directive to state that those financial services businesses that are operating need to comply with the following:
"Financial institutions are hereby directed as follows:
A head of a financial institution must, where that head determines staff as essential as contemplated in Regulation 11B(2), endeavour to limit these members of staff to as small a number as possible and, as far as possible, enable remote working, including working from home to support essential services.
A financial institution must take appropriate precautionary measures to reduce the risk of exposure, transmission and spread of the COVID-19, including to limit the number of staff required to be at offices in order to provide the elevant required essential financial services to a minimum and must put appropriate measures in place to promote minimum physical contact between staff, by-
A financial institution must-
A financial institution must develop and implement an infectious disease preparedness and response plan that can help guide protective actions gainst COVID-19, which must include plans and policies aimed at compliance with this Directive.
A financial institution must identify a workplace coordinator who will be responsible for COVID-19 related issues and their impact at the workplace and for timeously responding to the Authorities upon request for information."
Just like with the Corona virus we are currently experiencing, prevention is better than cure in your financial services practice as a financial advisor. In this Blog Post we take a look at the new RDR (Retail Distribution Review) updates affecting the naming conventions of financial advisors that came out in December 2019.
It is important to note that the RDR proposals are at stage 3 out of a possible 6. Stage 3 means “informal stakeholder consultation and/or technical work at an advanced stage”. Thus, the specifics of around the classes and impacts around it are still suggestions and will likely look different in the implementation stage. My bet is it will take more than a year to implement. Given the Coronavirus issue it might delay it further. Time will tell.
Essentially there will be two classes:
PSA = Product Supplier Agent
This is a person tied to a specific product supplier only. They may only sell their products. They are not allowed to opine or advise on other products in the market and are more subjective.
RFA = Registered Financial Advisor
This designation is for independent financial advisors. They can advise on other products in the market and can take a more objective stance.
The above designations are for registration purposes only and client facing designations are still being deliberated on. The FSCA stated that one can only be one of the above designations and not both but space will be made for minimal exemptions.
For more information see the Discussion Paper from the FSCA here: https://www.fsca.co.za/Regulatory%20Frameworks/Pages/Treating-customers-fairly.aspx
Comments and feedback to be provided to the FSCA via firstname.lastname@example.org by 31 March 2020.
The Financial Sector Conduct Authority (FSCA) issued a Press Release which states that the FSCA will be making an effort to protect their staff, the financial sector and aid Government efforts by using precautionary measures to contain the COVID-19 pandemic.
What precautionary measures will the FSCA take to limit the sprad of COVID-19?
The FSCA cancelled all on-site inspections and will communicate new dates to the financial institutions affected.
What FSCA activities will remain unchanged?
For more information on this topic:
by: Horizon Compliance team