The Information Regulator recently announced that there will be no extension given to the current POPI grace period, which means that the due date will remain unchanged and all organisations in South Africa should comply with the Protection of Personal Information Act (POPIA) by the 1st of July 2021. The same due date counts for complying with the Promotion of Access to Information Act (PAIA).

Advocate Pansy Tlakula, chairperson of the Information Regulator also added to the above announcement that severe penalties will be given to business’s not complying with POPIA within the given timeframe (whether it is intentional or accidental). Penalties can include fines up to R10 million and a jail sentence of up to 10 years. It is therefore extremely important that ALL businesses implement the required POPI policies and procedures as soon as possible.
​
The POPIA is introduced to ensure business’s conduct themselves in a responsible manner when collecting, processing, storing, and sharing another entity’s personal information, by holding them accountable should they abuse or compromise personal information in any way.

The regulator can grant exemptions for certain circumstances and relevant functions within business’s if it is satisfied that the public interest outweighs the interference with the privacy of the data subject.

In this post we take a short look at what POPI and PAIA entails, who it applies to and when you need to do what. Obviously, this is a oversimplified summary created for short attentions spans. The work itself is much more in depth. Contact us if you do not have it in place yet and we can assist you with your POPI needs.

Many of you might vaguely recall the term POPI (Protection of Personal Information Act) but do not really know what to do with it and by when. The new regulations that come into full effect on 1 July 2021 mean every business in South Africa need to comply with them. This is in line with global trends to better guard personal information of clients, as can be seen in the EU with GDPR (General Data Protection Regulation).

What is it?
It deals with the management of client data and everything related thereto. In short, one would need the following to comply:

• a POPI policy that is developed, monitored and maintained
• appoint an Information Officer
• Perform an impact assessment/GAP analysis on the business relating to POPI
• Training and awareness is conducted on POPI

POPI should also be read with PAIA (Promotion of Access to Information Act). This Act only applies to certain companies with 50 or more employees and in certain sectors. Read more about whether you need to comply here or contact us for advice. The deadline for compliance on PAIA was extended to 30June 2021.

What is it?

PAIA is focused on providing the public with access to records of companies in a structured manner. Generally speaking if a company needs to comply with this law it needs to have

• a PAIA Policy
• appoint an Information Officer
• Submit the Policy to the SAHRC

As always, contact us if you need help putting this in place.

National Treasury issued the second draft of the new COFI (Conduct of Financial Institutions) Bill on 29 September 2020. For those of you that do not know, the COFI Act will will replace the FAIS Act in totality and be the focus for your compliance in coming years. In addition, the COFI Act will regulate the conduct of other services and product providers. The bill also wants to ensure a level playing field. We need to keep the regulator accountable and we need to ensure the regulation makes sense whilst preventing the situation where "all animals are equal, but some animals are more equal than others", as the book of Animal Farm in the picture above warns.

The latest changes in the second draft are:

• The application of the COFI Bill in relation to existing legislation.
• The approach to conduct standards
• Refined licensing approach
• More detail around transformation (BEE and EE) and enforcement thereof
• Medical schemes are removed until more work is done
• Streamlining of interaction between the Financial Markets Act and the COFI Act
• Application to the non-retail business where clients are corporates or where clients are professional investors, for example

We are responding and commenting as a compliance firm to the draft. If you are a member of an industry representative body (like the FIA or FPI) you can also provide your comments through them. If you are not a member of an industry representative body then you can send your comments directly to National Treasury or to us to add it to our comments and to send on your behalf.

​I, for one, am concerned at the new practise we see at the FSCA where they seem to ask extra and unlimited amounts of questions to new licensees without informing the applicant if these new requirements beforehand which leads to copious delays. In addition to that, I am concerned at how difficult it is with the FAIS Act in its current form to become a Key Individual or to start your own FSP. We will be taking up these and other concerns in our comments to the FSCA.

We encourage everyone to comment in whatever form because this piece of legislation will control your business in the future and determine the shape and form of your industry for years to come. Any risks, detriment to you or unnecessary red tape that is not addressed will become part of your life and we'd like to avoid that as much as possible.

The due date is 30 October 2020 but we've heard from some sources that they are still receiving comments after that as extensions were provided to certain industry representative bodies until 16 November 2020. Comments submitted directly to National Treasury can be sent to: marketconduct@treasury.gov.za .

You can view the full published bill and other documents here.

​You may be aware of third parties that offer the service of comparing product details when replacements are made on financial products. These comparisons are often relied on by advisors without ensuring all details contained therein are an accurate reflection of the financial product and all its unique and most updated features. 

When the advisor relies on the comparison without ensuring 100% correctness, incorrect advice may be given and the client may make a decision based on the incorrect advice. Consequently, when disputes arise, the advisor wants to hold the third party responsible for providing incorrect information. 

The FSCA is concerned about this practise and recommends that advisors check the factual correctness of all compared product features, before giving advice to the client. It is the responsibility of the advisor to ensure correctness, therefore, if a dispute arises, the advisor could be held responsible.

The same is true for pre-populated ROA's without replacements. We often see that advisors have a general statement that may or may not be tweaked to fit a client's circumstances, that paragraphs are copied between different clients' ROA's, or that one paragraph is copied and pasted over-and-over on the same ROA. This practise is a recipe for negligence and consequently, disputes. We urge all advisors to provide unique descriptions of a client's needs and reasons for preferences/choices, to ensure an accurate audit trail is kept and thus minimising opportunities for disputes. 

The FSCA communication on this subject can be accessed by clicking on the "FSCA Post" button below:

Summary 
Recent changes (June - July 2020) were made to the General Code of Conduct, Fit and Proper Requirements and Short Term Deposit Codes of Conduct to give effect to the RDR (retail distribution review), among other process that commenced long ago. Most of the changes that will affect an FSP are those contained in the General Code of Conduct. It is to be noted that most of the legislative changes that have an effect on FSP's come into effect only 6 months after publication.

Fit and Proper Changes
The bulk of the changes under Fit and Proper are administrative in nature such as aligning definitions across product legislation and FAIS legislation and correcting numbering so there is not too much that will affect you here. Notable changes to the regulations here are:​

• an FSP may not appoint an unrehabilitated insolvent
• if a representative is sequestrated after appointment the FSP can only keep the representative if risk mitigating measures are put in place
• operational ability requirements of the FSP is expanded where data and physical security of client information is concerned
• where FSP applicants are concerned, expenditure considered less certain items one would normally include such as bonuses, bad debts etc.
• Professional Bodies can only accredit CPD activities that are verifiable

Changes to the General Code of Conduct
Here are many changes that will impact the operation of an FSP in general. Close attention is to be paid here. Notable changes are:

• General
  • Direct marketing is now seen as rendering services via telephone, internet, digital platform or email
  • One is not allowed to use regulators logo or name
  • Not use FAIS approval to support business or products that is not regulated
  • New definition of a direct marketer
  • Immaterial financial interest now includes loyalty rewards
• Independence & Fees
  • Not allowed to say they are independent if certain condictions are prevalent
  • One is only allowed the fees that are agreed to with the client and commensurate to the services rendered
  • Methods on recommendation of products and conflict of interest and fair treatment of clients are further prescribed
• FNA 
  • New definition of FNA
  • One must take into consideration the level of knowledge of client
  • Allowance for focused or limited FNA is further expanded
  • Replacement advice further expanded
  • Cancellation of products is further expanded
  • Comparison of products not allowed if features are not compared and disclosed clearly
• Advertisements
  • Need to have process/policy for advertisements
  • Negative option marketing is not allowed
  • Clients must be allowed to opt out of unwanted direct marketing
  • Comparative Marketing is further regulated
  • Testimonials is further regulated
  • Loyalty Benefits is further regulated
  • Forecasts is further regulated
  • Puffery (advertising overstatements) is further regulated
• Complaints Management
  • Framework is expanded
  • Responsibilities is expanded
  • Complaints categorisation is expanded
  • Escalation and review, decisions and communication is expanded
  • Record keeping and anlalysis is expanded
• Ombud Interactions
  • Must have processes to communicate and state ombud details
  • Monitor cases and improve internal processes​

Changes to the Short Term Deposit Code of Conduct
​​These changes mainly apply to banks and are of an administrative nature where definitions are aligned to the new changes in the General Code of conduct. Not much to see here.

Please the full set of notices here if you are feeling particularly sadistic and want to read the legislation yourself.

I recently counted the number of Covid regulations and they number at approximately 147 different documents on the Government Website. That is a ridiculous amount of new rules that I suspect many people transgress every day without even knowing it - and I do not blame them.

The FSCA, Reserve Bank and Prudential Authority issued a new set of Covid Measures for FSP's to comply with under level 3 lockdown. These rules also allow FSP's to actively deal with clients in a prescribed manner, which I suppose is a silver lining. Please see the full document here. ​We've tried to take the essence out of it as much as possible to show you what you need to comply with in this post.

Apart from what we detail in this post please remember that financial institutions must comply with the Occupational Health and Safety Directives issued by the Minister of Employment and Labour in terms of the Regulations regarding the precautionary measures in workplaces. You can find these regulations here.

The Summary
Where face to face meetings or physical interaction with customers are unavoidable, in order to protect both the employees of the financial institution as well as financial customers, these meetings should be held at premises where appropriate health measures and social distancing can be implemented, such as-

1. suitably equipped offices of the financial institution;
2. the place of work of the customer, or
3. other premises where appropriate health measures can be implemented and monitored.

A financial institution should not hold meetings at the homes of clients, or visit financial customers at home for purposes of providing financial services to them.

Where exceptional circumstances require that a meeting takes place at the home of a customer, the following protocols must be followed:

1. An employee of a financial institution should only visit a customer’s home after confirming an appointment with the customer, and should not arrive at a customer’s home without prior notice.
2. Both the customer and the employee are required to complete a risk questionnaire prior to the visit to establish if either of them is vulnerable, or whether the financial customer resides with a vulnerable person, or if either of them is at risk of infecting others. Only if both are not vulnerable or at risk of infecting others may the appointment at the customer’s home continue. If the appointment occurs more than one day after the telephonic questionnaire is completed, the financial institution should make a follow-up confirmation on the day of the appointment to ensure that the circumstances have not changed.
3. The employee should perform a non-contact temperature screen on him or herself in the presence of the customer as well as on the customer.
4. The employee should carry sanitiser, and a spare mask which should be offered to the customer on arrival if the customer does not have a mask. The consultation should not continue unless the customer has sanitised his or her hands and is wearing a face mask. The customer should be informed in advance of this requirement.
5. Social distancing should be practiced as far as possible whilst completing forms, limiting the time close to the customer as far as possible.
6. A record that the above measures were implemented must be kept in respect of each customer.

A financial institution must upon request by the Authorities submit the name of the COVID-19 compliance officer designated under Regulation 47 and its workplace plan as contemplated in Regulation 47(1)(b) of the Regulations to the Authorities.

What is this?
We've recently received some calls from clients on the FSTC (Financial Sector Transformation Council) reporting BBBEE communication sent out by the FSCA on behalf of the FSTC. See the original communication here. To be clear, the FSTC is not to be confused with the FSCA. Although this does not fall in the realm of FAIS compliance we thought it is a good idea to perhaps just summarise the requirements and application thereof. Usually the BEE components of a business is handled internally/with HR or accountants in consultation with Verification Agents (BEE Compliance Officers) if need be.

The FSTC  is mandated to obtain BBBEE statistical data from entities operating in the financial services sphere on their progress relating to BBBEE. They send out a request once a year for statistical data so they can compile their annual report on the progress of Financial Institutions with the Financial Sector BBBEE codes.

Who does this apply to?
The sectors/companies asked to report are:

1. ​Banking;
2. Long-term insurance;
3. Short-term insurance;
4. Re-insurance;
5. Retirement fund administration;
6. The management of collective investment scheme assets;
7. Financial services intermediation and brokerage (FSP's);
8. Public entities involved in the financial sector e.g. DBSA, Land Bank;
9. Asset management, consulting and administration;
10. Private equity, venture capitalist and impact investors;
11. Management of investments on behalf of the public, including, but not limited to, private equity, members of any exchange licensed to trade equities or financial instruments in South Africa and entities listed as part of the financial index of a licensed exchange;
12. Underwriting management agents; and
13. Industry Trade Associations operating in the sector.

This Amended FSC does not apply to:

1. Natural or juristic persons who do not have trading operations in the Republic of South Africa;
2. The trading operations of natural or juristic persons outside the Republic of South Africa; and Managers of investments on behalf of the public who are not subject to regulation by the FSCA, such as lawyers who hold money in intermediate trusts etc.

How do I report if I need/want to?

1. Exempted Micro Enterprises must submit an affidavit confirming their annual turnover and level of black ownership to the FSTC.
2. Financial Institutions that meet the requirements of a Qualified Small Financial Institution (QSFI), that has an annual turnover of more than R10 million but less than R50 million, and are more than 50% black owned (where there is an existing equity deal in place) or at least 51% black owned (for all deals concluded after the commencement date of the amended Code) or 100% black owned, should submit an affidavit confirming their annual turnover and BBBEE status to the FSTC.  
3. Financial institutions with an annual turnover of R50 million or more must have their BBBEE status verified by a Verification Agent. This agent must submit a verification certificate together with the full verification report to the FSTC within 30 days of issuing the verification certificate. 

FIs were requested to submit the full final verification reports, to the FSTC no later than the end of the business Friday, 05 June 2020. All reports are to be submitted electronically via email to reporting@fstc.org.za with the subject: FSTC 2018/19 Report– (name of entity). In the past, however, they did allow entities to still submit after this date, however we cannot guarantee this.

Should an entity encounter difficulty in providing the above-requested information they should contact the FSTC at reporting@fstc.org.za, or call (011)838 6696 or get in touch with their respective Trade Associations for more clarity

​Any Penalties?

1. All entities that do not submit the required reports to the Council will automatically be discounted by one BEE level in the next rating period.
2. The Council also reserves the right to name institutions that have not submitted reports on a list, however we have not seen them doing so yet.

In this post we tell you all about how financial services companies can operate lawfully and safely during the lockdown. We are all aware of the lockdown currently implemented in South Africa due to the COVID-19, and even though we are in a lockdown, we should not confuse this period for a complete shutdown for financial services. Businesses that produce, distribute and deliver essential services are allowed to continue operations if necessary, whilst adhering to the correct health and hygiene procedures during this time.

There was a release of a third amendment which brings greater clarity to what is regarded as essential services in the financial sector. This amendment is the third amendment to the Regulations to the Disaster Management Act 2002, published by Government Notice No 318 of 18 March 2020, as amended by Government Notice No 398 of 25 March 2020 and Government Gazette Notice No 419 of 26 March 2020 (Regulations).

What is regarded as essential services in the financial market?
Essential Services in the financial market includes the following services necessary to maintain the functioning of a financial system as defined in section 1(1) of the Financial Sector Regulation Act, only when the operation of a place of business or entity is necessary to continue to perform those services:
​

• the banking environment (including the operations of mutual banks, cooperative banks, co-operative financial institutions and the Postbank);
• the payments environment;
• the financial markets (including market infrastructures licensed under the Financial Markets Act, 2012 (Act No. 19 of 2012);
• the insurance environment;
• the savings and investment environment;
• pension fund administration;
• outsourced administration;
• medical schemes administration; and
• additional services designated in terms of regulation 11B(4A)(c)(i)'.

What is our interpretation of FSP's rendering services during lockdown period?
We would argue the services that FSP's render fall under the essential services definition as mentioned above and can therefore continue operations if necessary to service current clients. This does not mean you should go out and canvass for new clients face to face. The essential services exemption is there to assist current clients in need that have no other option but to see you in person - i.e. vulnerable persons and those of little means. The FSP needs to have a CIPC certificate to continue operations and the staff need a permit issued by the FSP itself if they are traveling to and from clients.

Important information for FSP's during this lockdown period:

• If your FSP can continue servicing and acquiring clients in a non-face to face manner, great! Please continue business.
• Avoid seeing clients face to face at all costs. If you cannot, then operate under the following rules below.
• FSP's need to have a permit issued by the CIPC to render essential services in person to clients when doing so face to face.
• All the staff of the FSP need to have a permit to perform essential service Regulation 11B (3) issued by the FSP if they are travelling.
• FSP's need to adhere to health and hygiene protocols during this period, and therefore rather make use of video conferencing to communicate with clients where possible, such as Skype, Google Hangouts, Zoom or MS Teams. Phone calls are also an option if it is not necessary to see a client in person. 
• FSP's should remind clients of the potential consequences that could result in canceling their financial products. This reminder should be in written format to keep it as proof of informing clients of the potential consequences of termination. (This can be done via email.)

Where do I request a permit issued by the CIPC for my FSP?
The permit for an FSP to render essential services can be requested online, and is issued by the CIPC. Follow this link to request a permit or click on the "Request a CIPC permit" button below: bizportal.gov.za/essential_service.aspx

Where do I get a permit for the staff of my FSP if they are traveling to clients?
The permit to render essential services for staff of an FSP can be issued by the FSP. Use the form in this link, or click on the "Issue a Permit for my staff" button below: guideline_permit_essential_services.pdf

Are there any exemptions to provide relief to my FSP during the pandemic?
Annual Financial Statement submission dates are usually 4 months after the financial year end, it has now been extended by 4 months, therefore submissions are due 8 months after your FSP's financial year end.

An exemption for compliance with Financial Soundness Requirements was also issued and can be summarised as follows:

GENERAL SOLVENCY REQUIREMENT (Assets must exceed Liabilities) 
Exemption: Liabilities may exceed Assets by no more than 20%
Applies to: All Cat 1’s / Cat 2 / Cat 4

WORKING CAPITAL REQUIREMENT (Current Assets must exceed Current Liabilities) 
Exemption: Current Liabilities may exceed Current Assets by no more than 20%
Applies to: Cat 1 Holding Funds / Cat 2 / Cat 4

LIQUIDITY REQUIREMENT (Maintain Liquid Assets equal or greater than X/52 weeks of Annual Expenditure) 
Exemption: The Liquid Assets may not be less than 50% of the specified Liquidity Requirement:
Applies to:

• Cat 1 Holding Funds (where X = 4)
• Cat 2 (where X = 8)
• Cat 4 (where X = 4)

If you decide to rely on the exemption for Financial Soundness Requirements, there are certain conditions to be met. For more details, please refer to FAIS Notice 21/2020 on the FSCA website.

Note that there are also no Compliance Reports due for 2020.

Just like with the Corona virus we are currently experiencing, prevention is better than cure in your financial services practice as a financial advisor. In this Blog Post we take a look at the new RDR (Retail Distribution Review) updates affecting the naming conventions of financial advisors that came out in December 2019.
​
It is important to note that the RDR proposals are at stage 3 out of a possible 6. Stage 3 means “informal stakeholder consultation and/or technical work at an advanced stage”. Thus, the specifics of around the classes and impacts around it are still suggestions and will likely look different in the implementation stage. My bet is it will take more than a year to implement. Given the Coronavirus issue it might delay it further. Time will tell.
 
Two Classes
Essentially there will be two classes:

PSA = Product Supplier Agent
This is a person tied to a specific product supplier only. They may only sell their products. They are not allowed to opine or advise on other products in the market and are more subjective.

RFA = Registered Financial Advisor
This designation is for independent financial advisors. They can advise on other products in the market and can take a more objective stance.

The above designations are for registration purposes only and client facing designations are still being deliberated on. The FSCA stated that one can only be one of the above designations and not both but space will be made for minimal exemptions.

Other Impacts

• Advisers will not be allowed to be on more than one licsence – with some exceptions. This does not apply to KI’s.
• Juristic Representatives to be allowed to continue but the FSCA wants more compliance and oversight on them. There are currently over 4000 juristic representatives and 10000+ FSP’s.
• No commission can be transferred if a PSA changes to being a RFA and vice versa. RFA’s can transfer commission from one FSP to another if it is not a Product Supplier.
• Commission can only be paid out for services rendered and ongoing commission only where ongoing services are in fact, rendered.
• PSA’s must refer clients away that want a product type which the Product Provider does not have. Referral fees can be paid with this referral, so there is an opportunity for Product Suppliers and independent advisers to partner in this regard.
• PSA’s are not allowed to use the word “Independent” and one can also not use the term if you are owned or if you own a stake in a Product Supplier directly.
  
• There is a proposal that only CFP’s are allowed to use the term Financial Planning, Financial Planner. However, I expect this to be opposed as most advisers use this terminology and I think it would be unfair and confusing to clients. The designation of being a CFP should be enough to show clients that you’ve attained the certification. If you do not agree, I’d like to hear your thoughts in the comments on the matter. I am open to changing my mind if the argument makes sense.

 
For more information see the Discussion Paper from the FSCA here: https://www.fsca.co.za/Regulatory%20Frameworks/Pages/Treating-customers-fairly.aspx
 
Comments and feedback to be provided to the FSCA via fsca.rdrfeedback@fsca.co.za by 31 March 2020.

The Financial Sector Conduct Authority (FSCA) issued a Press Release which states that the FSCA will be making an effort to protect their staff, the financial sector and aid Government efforts by using precautionary measures to contain the COVID-19 pandemic.