This blog is about the recently imposed administrative sanctions on Momentum Wealth (Pty) Ltd and Momentum Collective Investments RF (Pty) Ltd by the FSCA.

The broad reason for the sanctions was the ineffective money laundering/terrorist financing control measures of both accountable institutions, as required by the FIC Act. The total financial penalty imposed by the regulator on these institutions amounted to R11,100,000.00 (excluding an amount of R100,000.00 which is suspended for three years).

The breaches identified by the FSCA were the following:

1. Non-compliance with cash threshold reporting (CTR) requirements on historic transactions (2010-2017).
2. Risk-rating failures:

• Momentum Wealth failed to identify, verify and risk rate a beneficiary of one trust in terms of s 21B of the FIC Act.
• Momentum CIS failed to risk rate 38 clients in line with their own RMCP.

 
These cases serve as a reminder to accountable institutions to regularly submit cash threshold reports, risk-rate clients(and potential clients) and comply with your own RMCP.

​For more information click here

In this blog we deal with the case of Ernest Lehanie ta Ernest Venter Makelaars and FAIS Ombud and Another where the Appeals Tribunal found against the FAIS Ombud. Because this deals with a Property Syndication investment this is also important for other cases of a similar nature. 
 
This matter relates to the appeal of a decision made by the FAIS Ombud. Briefly, the FSP breached the FAIS Act and Code of Conduct by not making a full disclosure regarding the high-risk investment product and all associated risks to the investor (who was a pensioner) for the investor to make an informed decision. Also, physical evidence of an analysis of the client’s financial needs and risk profiling seems is absent. Moreover, the prospectus given to the client contained contradictions relating to investor funds.
 
The FAIS Ombud’s decision:
The FSP breached its duty to act with skill, care and diligence by failing to ensure that the client invested in product that was right for his financial needs. This breach made the FSP liable to the client (investor). The FSP’s liability was based on its failure to provide a full disclosure to the investor and for not being able to reasonably foresee the investor’s loss.
 
The Financial Services Tribunal concluded as follows:
The lack of a full disclosure by the FSP about the investment was not sufficiently linked to the investor’s loss. That is, the FAIS Ombud erred in stating that the FSP should have reasonably foreseen the collapse of the Sharemax Property Syndication, thereby holding the FSP liable. The FSP’s failure to discharge its statutory duty, is not remotely linked to the investor’s loss. The investor’s risk is therefore, not entirely  the FSP's fault. Further evidence is required in order to establish a link if indeed there is any. This resulted in the entire application being disposed of. Therefore, the matter was referred back to the Ombud for further reconsideration.

For more information on this Financial Services Tribunal decision click here

​PAIA is the acronym for the Promotion of Access to Information Act and it enables people to gain access to information held by public and private bodies so they may exercise any rights they have in relation to the information. It was historically only applied to government organisations and the legislation was expanded to apply to more businesses.

The PAIA manual does not have to be submitted to any regulator or person at this stage, it is, however, very important that the PAIA manual reflects on your company's website should PAIA apply to your company. There are thresholds' in place to indicate which companies are subject to a PAIA compliance and the rest of the companies that fall beneath these threshold amounts are exempt from having to comply with PAIA.

The PAIA thresholds are as follows, and should your company have this amount of employees of annual turnover per specific sector, you need to have a PAIA Manual in place (this may change from time to time):

The due date for PAIA and POPI is 1 July 2021, and it is immensely important that your company complies within the given due date to prevent any fines or penalties by the regulator.

Please contact us if you require any assistance with your PAIA Manual, we will gladly assist you. You can also go to our website for more information on how to contact us.

Businesses can now register their Information Officers online with the Information Regulator. Businesses must do so without delay to avoid any penalties or regulatory action. The Information Officer is usually the CEO or COO of the company and may delegate some functions to Deputy Information Officers, who must also be registered.

Please ensure that information officers are duly appointed and that the necessary information is submitted.

The online portal of the Information Regulator can be viewed here.
One can also contact the Information regulator on their email address: registration.IR@justice.gov.za .

For more information on registration and responsibilities please see the Guidance Note issued recently on 1 April.

If you need any assistance with rolling out your policies please contact us or see our starter kit on our online store!

The Information Regulator recently announced that there will be no extension given to the current POPI grace period, which means that the due date will remain unchanged and all organisations in South Africa should comply with the Protection of Personal Information Act (POPIA) by the 1st of July 2021. The same due date counts for complying with the Promotion of Access to Information Act (PAIA).

Advocate Pansy Tlakula, chairperson of the Information Regulator also added to the above announcement that severe penalties will be given to business’s not complying with POPIA within the given timeframe (whether it is intentional or accidental). Penalties can include fines up to R10 million and a jail sentence of up to 10 years. It is therefore extremely important that ALL businesses implement the required POPI policies and procedures as soon as possible.
​
The POPIA is introduced to ensure business’s conduct themselves in a responsible manner when collecting, processing, storing, and sharing another entity’s personal information, by holding them accountable should they abuse or compromise personal information in any way.

The regulator can grant exemptions for certain circumstances and relevant functions within business’s if it is satisfied that the public interest outweighs the interference with the privacy of the data subject.

In this post we take a short look at what POPI and PAIA entails, who it applies to and when you need to do what. Obviously, this is a oversimplified summary created for short attentions spans. The work itself is much more in depth. Contact us if you do not have it in place yet and we can assist you with your POPI needs.

Many of you might vaguely recall the term POPI (Protection of Personal Information Act) but do not really know what to do with it and by when. The new regulations that come into full effect on 1 July 2021 mean every business in South Africa need to comply with them. This is in line with global trends to better guard personal information of clients, as can be seen in the EU with GDPR (General Data Protection Regulation).

What is it?
It deals with the management of client data and everything related thereto. In short, one would need the following to comply:

• a POPI policy that is developed, monitored and maintained
• appoint an Information Officer
• Perform an impact assessment/GAP analysis on the business relating to POPI
• Training and awareness is conducted on POPI

POPI should also be read with PAIA (Promotion of Access to Information Act). This Act only applies to certain companies with 50 or more employees and in certain sectors. Read more about whether you need to comply here or contact us for advice. The deadline for compliance on PAIA was extended to 30June 2021.

What is it?

PAIA is focused on providing the public with access to records of companies in a structured manner. Generally speaking if a company needs to comply with this law it needs to have

• a PAIA Policy
• appoint an Information Officer
• Submit the Policy to the SAHRC

As always, contact us if you need help putting this in place.

National Treasury issued the second draft of the new COFI (Conduct of Financial Institutions) Bill on 29 September 2020. For those of you that do not know, the COFI Act will will replace the FAIS Act in totality and be the focus for your compliance in coming years. In addition, the COFI Act will regulate the conduct of other services and product providers. The bill also wants to ensure a level playing field. We need to keep the regulator accountable and we need to ensure the regulation makes sense whilst preventing the situation where "all animals are equal, but some animals are more equal than others", as the book of Animal Farm in the picture above warns.

The latest changes in the second draft are:

• The application of the COFI Bill in relation to existing legislation.
• The approach to conduct standards
• Refined licensing approach
• More detail around transformation (BEE and EE) and enforcement thereof
• Medical schemes are removed until more work is done
• Streamlining of interaction between the Financial Markets Act and the COFI Act
• Application to the non-retail business where clients are corporates or where clients are professional investors, for example

We are responding and commenting as a compliance firm to the draft. If you are a member of an industry representative body (like the FIA or FPI) you can also provide your comments through them. If you are not a member of an industry representative body then you can send your comments directly to National Treasury or to us to add it to our comments and to send on your behalf.

​I, for one, am concerned at the new practise we see at the FSCA where they seem to ask extra and unlimited amounts of questions to new licensees without informing the applicant if these new requirements beforehand which leads to copious delays. In addition to that, I am concerned at how difficult it is with the FAIS Act in its current form to become a Key Individual or to start your own FSP. We will be taking up these and other concerns in our comments to the FSCA.

We encourage everyone to comment in whatever form because this piece of legislation will control your business in the future and determine the shape and form of your industry for years to come. Any risks, detriment to you or unnecessary red tape that is not addressed will become part of your life and we'd like to avoid that as much as possible.

The due date is 30 October 2020 but we've heard from some sources that they are still receiving comments after that as extensions were provided to certain industry representative bodies until 16 November 2020. Comments submitted directly to National Treasury can be sent to: marketconduct@treasury.gov.za .

You can view the full published bill and other documents here.

​You may be aware of third parties that offer the service of comparing product details when replacements are made on financial products. These comparisons are often relied on by advisors without ensuring all details contained therein are an accurate reflection of the financial product and all its unique and most updated features. 

When the advisor relies on the comparison without ensuring 100% correctness, incorrect advice may be given and the client may make a decision based on the incorrect advice. Consequently, when disputes arise, the advisor wants to hold the third party responsible for providing incorrect information. 

The FSCA is concerned about this practise and recommends that advisors check the factual correctness of all compared product features, before giving advice to the client. It is the responsibility of the advisor to ensure correctness, therefore, if a dispute arises, the advisor could be held responsible.

The same is true for pre-populated ROA's without replacements. We often see that advisors have a general statement that may or may not be tweaked to fit a client's circumstances, that paragraphs are copied between different clients' ROA's, or that one paragraph is copied and pasted over-and-over on the same ROA. This practise is a recipe for negligence and consequently, disputes. We urge all advisors to provide unique descriptions of a client's needs and reasons for preferences/choices, to ensure an accurate audit trail is kept and thus minimising opportunities for disputes. 

The FSCA communication on this subject can be accessed by clicking on the "FSCA Post" button below:

Summary 
Recent changes (June - July 2020) were made to the General Code of Conduct, Fit and Proper Requirements and Short Term Deposit Codes of Conduct to give effect to the RDR (retail distribution review), among other process that commenced long ago. Most of the changes that will affect an FSP are those contained in the General Code of Conduct. It is to be noted that most of the legislative changes that have an effect on FSP's come into effect only 6 months after publication.

Fit and Proper Changes
The bulk of the changes under Fit and Proper are administrative in nature such as aligning definitions across product legislation and FAIS legislation and correcting numbering so there is not too much that will affect you here. Notable changes to the regulations here are:​

• an FSP may not appoint an unrehabilitated insolvent
• if a representative is sequestrated after appointment the FSP can only keep the representative if risk mitigating measures are put in place
• operational ability requirements of the FSP is expanded where data and physical security of client information is concerned
• where FSP applicants are concerned, expenditure considered less certain items one would normally include such as bonuses, bad debts etc.
• Professional Bodies can only accredit CPD activities that are verifiable

Changes to the General Code of Conduct
Here are many changes that will impact the operation of an FSP in general. Close attention is to be paid here. Notable changes are:

• General
  • Direct marketing is now seen as rendering services via telephone, internet, digital platform or email
  • One is not allowed to use regulators logo or name
  • Not use FAIS approval to support business or products that is not regulated
  • New definition of a direct marketer
  • Immaterial financial interest now includes loyalty rewards
• Independence & Fees
  • Not allowed to say they are independent if certain condictions are prevalent
  • One is only allowed the fees that are agreed to with the client and commensurate to the services rendered
  • Methods on recommendation of products and conflict of interest and fair treatment of clients are further prescribed
• FNA 
  • New definition of FNA
  • One must take into consideration the level of knowledge of client
  • Allowance for focused or limited FNA is further expanded
  • Replacement advice further expanded
  • Cancellation of products is further expanded
  • Comparison of products not allowed if features are not compared and disclosed clearly
• Advertisements
  • Need to have process/policy for advertisements
  • Negative option marketing is not allowed
  • Clients must be allowed to opt out of unwanted direct marketing
  • Comparative Marketing is further regulated
  • Testimonials is further regulated
  • Loyalty Benefits is further regulated
  • Forecasts is further regulated
  • Puffery (advertising overstatements) is further regulated
• Complaints Management
  • Framework is expanded
  • Responsibilities is expanded
  • Complaints categorisation is expanded
  • Escalation and review, decisions and communication is expanded
  • Record keeping and anlalysis is expanded
• Ombud Interactions
  • Must have processes to communicate and state ombud details
  • Monitor cases and improve internal processes​

Changes to the Short Term Deposit Code of Conduct
​​These changes mainly apply to banks and are of an administrative nature where definitions are aligned to the new changes in the General Code of conduct. Not much to see here.

Please the full set of notices here if you are feeling particularly sadistic and want to read the legislation yourself.

I recently counted the number of Covid regulations and they number at approximately 147 different documents on the Government Website. That is a ridiculous amount of new rules that I suspect many people transgress every day without even knowing it - and I do not blame them.

The FSCA, Reserve Bank and Prudential Authority issued a new set of Covid Measures for FSP's to comply with under level 3 lockdown. These rules also allow FSP's to actively deal with clients in a prescribed manner, which I suppose is a silver lining. Please see the full document here. ​We've tried to take the essence out of it as much as possible to show you what you need to comply with in this post.

Apart from what we detail in this post please remember that financial institutions must comply with the Occupational Health and Safety Directives issued by the Minister of Employment and Labour in terms of the Regulations regarding the precautionary measures in workplaces. You can find these regulations here.

The Summary
Where face to face meetings or physical interaction with customers are unavoidable, in order to protect both the employees of the financial institution as well as financial customers, these meetings should be held at premises where appropriate health measures and social distancing can be implemented, such as-

1. suitably equipped offices of the financial institution;
2. the place of work of the customer, or
3. other premises where appropriate health measures can be implemented and monitored.

A financial institution should not hold meetings at the homes of clients, or visit financial customers at home for purposes of providing financial services to them.

Where exceptional circumstances require that a meeting takes place at the home of a customer, the following protocols must be followed:

1. An employee of a financial institution should only visit a customer’s home after confirming an appointment with the customer, and should not arrive at a customer’s home without prior notice.
2. Both the customer and the employee are required to complete a risk questionnaire prior to the visit to establish if either of them is vulnerable, or whether the financial customer resides with a vulnerable person, or if either of them is at risk of infecting others. Only if both are not vulnerable or at risk of infecting others may the appointment at the customer’s home continue. If the appointment occurs more than one day after the telephonic questionnaire is completed, the financial institution should make a follow-up confirmation on the day of the appointment to ensure that the circumstances have not changed.
3. The employee should perform a non-contact temperature screen on him or herself in the presence of the customer as well as on the customer.
4. The employee should carry sanitiser, and a spare mask which should be offered to the customer on arrival if the customer does not have a mask. The consultation should not continue unless the customer has sanitised his or her hands and is wearing a face mask. The customer should be informed in advance of this requirement.
5. Social distancing should be practiced as far as possible whilst completing forms, limiting the time close to the customer as far as possible.
6. A record that the above measures were implemented must be kept in respect of each customer.

A financial institution must upon request by the Authorities submit the name of the COVID-19 compliance officer designated under Regulation 47 and its workplace plan as contemplated in Regulation 47(1)(b) of the Regulations to the Authorities.