Earlier this year the coming into effect of PAIA (Promotion of Access to Information Act) for all companies, private or public was extended to December. This meant certain companies were exempt (most companies) and others where not depending on staff size and turnover as well as industry.

This extension of exemption lapses on the 31st of December this year. Many thought they might extend this further but there has been no mention made of any further extensions. Thus, practically all companies in South Africa must as of 1 January 2022 have a PAIA manual on their website or, if they do not have one, they must have it available at their place of business.

Luckily the Information Regulator has made a template available as a suggestion of how this should look so one does not have to fork out money or wonder about the content. It is easy to implement and not much drafting is needed. One can view it here at the bottom of the page - be sure to fill it in correctly and add to your website under the legal section. Compared to POPI, PAIA basically consists of signing off the policy prescribed by the regulator and sticking it on your web page.

Or our clients can access our conveniently formatted version we sent to them and that we've made available on our client portal. If you are not a client you can buy one here.

In closing, I am baffled as to why all companies have to have this kind of policy as it is entirely likely that it will never be used by 99% of all companies. It is very useful if you want to obtain information as a journalist from state owned entities where our rights as citizens are concerned. However, persons will rarely use this as a method of obtaining their own information (freely available from the entities). By the way, people's own information is usually the only information that they care about and this is catered for by POPI.

Like with POPI, I do not see that the regulator will be checking all companies from the get-go to see if this is in place. Better safe than sorry though.

I am a fan of regulations and compliance that have reasons and make sense. I am also a fan of "less is more" when it comes to regulation. In that vein I do believe much of our current financial services regulation in South Africa over-corrects to protect investors at the expense of economic activity and innovation. I've written a previous blog post about it that you can find here.

It seems like Crypto is heading the same way if some voices of reason do not speak up. It is not new that a country wants to control or outright ban Crypto. China has banned, un-banned and re-banned it many times over. Other countries have seen the light and provided enabling regulations for Crypto to flourish and grow. Mainstream adoption is growing exponentially in the form of ETF's being issued and even card issuers like Visa joining the party. Some Crypto Exchanges have even listed on major stock exchanges.

So, what have our regulators done so far? They have issued zero final regulations. To their  credit, there was a draft regulation on the advice and intermediary services on Cryptocurrencies issued in November of last year. But nothing has been said of that since a year ago. All that happened in the meantime is that the FSCA issued another draft regulation barring Pension Funds from holding Crypto assets. I would assume this includes NFT's (non-fungible tokens) in the form of Art which had sales of $10.7 billion in Q3 of 2021. The Reserve Bank has also reportedly pushed banks to prevent customers from buying Crypto with their cards and from buying Crypto from any company domiciled overseas. 

So basically we only have confusion and frustrated businesses. I can't begin to tell you how many Crypto businesses approached us in the last two years to find out how they can comply and get licensed. Unfortunately you can't yet.

I understand that many people have been taken for a ride by Crypto scammers. But, many people have also been taken for a ride by money scammers. Does declaring investing in normal fiat money a crime, solve the problem? No, you but can rather provide trust by licensing exchanges and funds at best. One cannot eliminate all crime by force over-regulation as the criminals will still find ways to do the crime (rather beef up the criminal justice system). What you will accomplish with this heavy handed regulatory approach is overburden those that want to comply en ensure that less people are economically active in this space.

Instead, enable the industry through a measured approach with limited regulation that is both practical and that encourages new entrants to the market.

Blockchain technology is already changing the world and offering better use cases, privacy and trust for all involved. Cryptocurrency is just one use case of  blockchain technology and we are at risk of getting left behind if do not create a better space for it to grow.

​What are the financial soundness requirements?
The FAIS Act explains the Financial Soundness requirements for FSPs in Chapter 6 of the Fit and Proper Board Notice 194 of 2017. The FSP must meet the financial soundness requirements at all times.
There are different requirements for different types of FSPs, however the three main categories for most of the FSPs are as follows:

1. General Solvency Requirement (Overall Outcome: Assets > Liabilities)
2. Working Capital Requirement (Overall Outcome: Current Assets > Current Liabilities)
3. Liquidity Requirement (Overall Outcome: Maintain Liquid Assets >= x/52 weeks of Annual Expenditure according to the FSP category)

 
What important changes took place regarding subordinated loans?
The most important change that we come face to face with almost monthly is the change where Category 1 FSPs may no longer subtract subordinated loans from the current liabilities in the working capital requirements. This requirement is applicable to Category 1 FSPs Holding Client Funds, and Category 1 FSPs Not Holding Client Funds.
 
How can an FSP ensure it meets the requirements?
The FAIS Act states that all FSPs should maintain monthly management accounts if these accounts are continuously monitored and compared with the financial soundness requirements the FSP should be able to maintain the financial soundness requirements.
 
What can an FSP do if they suspect that the requirements are not being met?
It is immensely important that the FSP follow one of these two steps as soon as the FSP suspects or foresees that the financial soundness requirements are not being, or will not be met, these are listed and explained as follows:

1. Early Warning Report
2. Rely on FSCA Exemption

 

• The Early Warning Report is a report that can be submitted to the FSCA by the FSP or its Compliance Officers. The FSP must submit or request their Compliance Officer to submit an Early Warning Report that is certified by the CEO, controlling member, managing or general partner or trustee of the FSP, if one of the following financial statuses are true for the FSP:

1. Assets exceed liabilities by less than 10%
2. Current assets exceed current liabilities by less than 10%
3. If any of the financial soundness requirements are not met or if the FSP becomes aware of any situation that may result in any of the above  

• FSCA Exemption Application is an application that can be sent to the FSCA before the financial year end to assist the FSP with meeting the financial requirements as set out in the exemption application, this exemption does not mean that an FSP does not have to meet any of the requirements as set out in the Financial Soundness Requirements, but this exemption allows for some leeway between the Financial Soundness Requirements and the exemption requirements to assist the FSP to meet the requirements even if it is then by only meeting the requirements as set out by the exemption. There is additional documentation that must be sent together with this application within 7 days of relying on this exemption, these are as follows:

1. Annexure 6 (Form A: Liquidity Calculation) of BN194 of 2017 to the FSCA (Liquidity Calculation certified by the CEO, controlling member, managing or general partner, or trustee of the FSP.
2. An Action Plan showing how the FSP plans to re-establish its financial position to meet the financial soundness requirements and this plan should include the steps that the FSP will take and in what timeframe these steps will take place to ensure the financial soundness requirements that is not currently met, are met as soon as possible.

​In addition to the above, the FSP must submit the following items every 6 months from the date that
​        the FSP relied on the exemption:

• Management accounts
• Regularly updated Liquidity Calculation (Form A)

The exemption conditions are as follows:

​How to calculate an FSPs Financial Soundness Requirements?
The Financial Soundness requirements can be explained and calculated as follows:

​*Liquid Assets are calculated as follows:

• Cash & cash equivalents +
•  (Plus) Participatory interest in a Money Market Portfolio
• (Plus) 70% of the market value of a participatory interest in a CIS, other than an investment in a money market portfolio or a CIS hedge fund
• (Plus) 70% of the market value of a security listed on a licensed exchange provided it does not constitute more than 50% of total liquid assets
• = Liquid Assets

​
*Annual Expenditure is calculated as follows:

• Annual Expenditure
• (less) staff bonuses
• (less) employees’ and directors’, partners’ or members’ share in profit
• (less) emoluments of directors, members, partners or sole proprietor
• (less)  other appropriation of profits to directors, members and partners"
• (less) remuneration that is linked to-
  • (aa)     a percentage of the FSP’s revenue; or
  • (bb)     a percentage of the revenue generated by an employee, representative or contractor of the FSP; and
  • that in the absence of such revenue the FSP has no obligation to pay the remuneration"
• (less) depreciation
• (less) bad debts
• (less) any loss resulting from the sale of assets

 
Contact us for any information on the Compliance Officer services we provide for information on the financial soundness requirements, our team at Horizon Compliance are always keen to help.

This blog is about the recently imposed administrative sanctions on Momentum Wealth (Pty) Ltd and Momentum Collective Investments RF (Pty) Ltd by the FSCA.

The broad reason for the sanctions was the ineffective money laundering/terrorist financing control measures of both accountable institutions, as required by the FIC Act. The total financial penalty imposed by the regulator on these institutions amounted to R11,100,000.00 (excluding an amount of R100,000.00 which is suspended for three years).

The breaches identified by the FSCA were the following:

1. Non-compliance with cash threshold reporting (CTR) requirements on historic transactions (2010-2017).
2. Risk-rating failures:

• Momentum Wealth failed to identify, verify and risk rate a beneficiary of one trust in terms of s 21B of the FIC Act.
• Momentum CIS failed to risk rate 38 clients in line with their own RMCP.

 
These cases serve as a reminder to accountable institutions to regularly submit cash threshold reports, risk-rate clients(and potential clients) and comply with your own RMCP.

​For more information click here

In this blog we deal with the case of Ernest Lehanie ta Ernest Venter Makelaars and FAIS Ombud and Another where the Appeals Tribunal found against the FAIS Ombud. Because this deals with a Property Syndication investment this is also important for other cases of a similar nature. 
 
This matter relates to the appeal of a decision made by the FAIS Ombud. Briefly, the FSP breached the FAIS Act and Code of Conduct by not making a full disclosure regarding the high-risk investment product and all associated risks to the investor (who was a pensioner) for the investor to make an informed decision. Also, physical evidence of an analysis of the client’s financial needs and risk profiling seems is absent. Moreover, the prospectus given to the client contained contradictions relating to investor funds.
 
The FAIS Ombud’s decision:
The FSP breached its duty to act with skill, care and diligence by failing to ensure that the client invested in product that was right for his financial needs. This breach made the FSP liable to the client (investor). The FSP’s liability was based on its failure to provide a full disclosure to the investor and for not being able to reasonably foresee the investor’s loss.
 
The Financial Services Tribunal concluded as follows:
The lack of a full disclosure by the FSP about the investment was not sufficiently linked to the investor’s loss. That is, the FAIS Ombud erred in stating that the FSP should have reasonably foreseen the collapse of the Sharemax Property Syndication, thereby holding the FSP liable. The FSP’s failure to discharge its statutory duty, is not remotely linked to the investor’s loss. The investor’s risk is therefore, not entirely  the FSP's fault. Further evidence is required in order to establish a link if indeed there is any. This resulted in the entire application being disposed of. Therefore, the matter was referred back to the Ombud for further reconsideration.

For more information on this Financial Services Tribunal decision click here

​PAIA is the acronym for the Promotion of Access to Information Act and it enables people to gain access to information held by public and private bodies so they may exercise any rights they have in relation to the information. It was historically only applied to government organisations and the legislation was expanded to apply to more businesses.

The PAIA manual does not have to be submitted to any regulator or person at this stage, it is, however, very important that the PAIA manual reflects on your company's website should PAIA apply to your company. There are thresholds' in place to indicate which companies are subject to a PAIA compliance and the rest of the companies that fall beneath these threshold amounts are exempt from having to comply with PAIA.

The PAIA thresholds are as follows, and should your company have this amount of employees of annual turnover per specific sector, you need to have a PAIA Manual in place (this may change from time to time):

The due date for PAIA and POPI is 1 July 2021, and it is immensely important that your company complies within the given due date to prevent any fines or penalties by the regulator.

Please contact us if you require any assistance with your PAIA Manual, we will gladly assist you. You can also go to our website for more information on how to contact us.

Businesses can now register their Information Officers online with the Information Regulator. Businesses must do so without delay to avoid any penalties or regulatory action. The Information Officer is usually the CEO or COO of the company and may delegate some functions to Deputy Information Officers, who must also be registered.

Please ensure that information officers are duly appointed and that the necessary information is submitted.

The online portal of the Information Regulator can be viewed here.
One can also contact the Information regulator on their email address: registration.IR@justice.gov.za .

For more information on registration and responsibilities please see the Guidance Note issued recently on 1 April.

If you need any assistance with rolling out your policies please contact us or see our starter kit on our online store!

The Information Regulator recently announced that there will be no extension given to the current POPI grace period, which means that the due date will remain unchanged and all organisations in South Africa should comply with the Protection of Personal Information Act (POPIA) by the 1st of July 2021. The same due date counts for complying with the Promotion of Access to Information Act (PAIA).

Advocate Pansy Tlakula, chairperson of the Information Regulator also added to the above announcement that severe penalties will be given to business’s not complying with POPIA within the given timeframe (whether it is intentional or accidental). Penalties can include fines up to R10 million and a jail sentence of up to 10 years. It is therefore extremely important that ALL businesses implement the required POPI policies and procedures as soon as possible.
​
The POPIA is introduced to ensure business’s conduct themselves in a responsible manner when collecting, processing, storing, and sharing another entity’s personal information, by holding them accountable should they abuse or compromise personal information in any way.

The regulator can grant exemptions for certain circumstances and relevant functions within business’s if it is satisfied that the public interest outweighs the interference with the privacy of the data subject.

In this post we take a short look at what POPI and PAIA entails, who it applies to and when you need to do what. Obviously, this is a oversimplified summary created for short attentions spans. The work itself is much more in depth. Contact us if you do not have it in place yet and we can assist you with your POPI needs.

Many of you might vaguely recall the term POPI (Protection of Personal Information Act) but do not really know what to do with it and by when. The new regulations that come into full effect on 1 July 2021 mean every business in South Africa need to comply with them. This is in line with global trends to better guard personal information of clients, as can be seen in the EU with GDPR (General Data Protection Regulation).

What is it?
It deals with the management of client data and everything related thereto. In short, one would need the following to comply:

• a POPI policy that is developed, monitored and maintained
• appoint an Information Officer
• Perform an impact assessment/GAP analysis on the business relating to POPI
• Training and awareness is conducted on POPI

POPI should also be read with PAIA (Promotion of Access to Information Act). This Act only applies to certain companies with 50 or more employees and in certain sectors. Read more about whether you need to comply here or contact us for advice. The deadline for compliance on PAIA was extended to 30June 2021.

What is it?

PAIA is focused on providing the public with access to records of companies in a structured manner. Generally speaking if a company needs to comply with this law it needs to have

• a PAIA Policy
• appoint an Information Officer
• Submit the Policy to the SAHRC

As always, contact us if you need help putting this in place.

National Treasury issued the second draft of the new COFI (Conduct of Financial Institutions) Bill on 29 September 2020. For those of you that do not know, the COFI Act will will replace the FAIS Act in totality and be the focus for your compliance in coming years. In addition, the COFI Act will regulate the conduct of other services and product providers. The bill also wants to ensure a level playing field. We need to keep the regulator accountable and we need to ensure the regulation makes sense whilst preventing the situation where "all animals are equal, but some animals are more equal than others", as the book of Animal Farm in the picture above warns.

The latest changes in the second draft are:

• The application of the COFI Bill in relation to existing legislation.
• The approach to conduct standards
• Refined licensing approach
• More detail around transformation (BEE and EE) and enforcement thereof
• Medical schemes are removed until more work is done
• Streamlining of interaction between the Financial Markets Act and the COFI Act
• Application to the non-retail business where clients are corporates or where clients are professional investors, for example

We are responding and commenting as a compliance firm to the draft. If you are a member of an industry representative body (like the FIA or FPI) you can also provide your comments through them. If you are not a member of an industry representative body then you can send your comments directly to National Treasury or to us to add it to our comments and to send on your behalf.

​I, for one, am concerned at the new practise we see at the FSCA where they seem to ask extra and unlimited amounts of questions to new licensees without informing the applicant if these new requirements beforehand which leads to copious delays. In addition to that, I am concerned at how difficult it is with the FAIS Act in its current form to become a Key Individual or to start your own FSP. We will be taking up these and other concerns in our comments to the FSCA.

We encourage everyone to comment in whatever form because this piece of legislation will control your business in the future and determine the shape and form of your industry for years to come. Any risks, detriment to you or unnecessary red tape that is not addressed will become part of your life and we'd like to avoid that as much as possible.

The due date is 30 October 2020 but we've heard from some sources that they are still receiving comments after that as extensions were provided to certain industry representative bodies until 16 November 2020. Comments submitted directly to National Treasury can be sent to: marketconduct@treasury.gov.za .

You can view the full published bill and other documents here.