Omega Compliance Solutions
August 2020
Level 2! It looks like South Africa is getting through the COVID-19 mire at last. But let’s not be complacent and remember to keep to the rules (you know we love rules) – wear a mask, sanitise your hands, and avoid unnecessary contact.
Stay safe!
FINANCIAL SECTOR CONDUCT AUTHORITY
Banking Code of Conduct
On 3 July 2020, the Financial Sector Conduct Authority (FSCA) released the Conduct Standard for Banks. The standard’s intention is to introduce a conduct regulatory framework that supports fair customer treatment in the banking sector.
As banks have various financial products that already require them to be registered in terms of FAIS, and their credit products are specifically excluded, the general and governance obligations will have the biggest effect on their investment and foreign exchange products.
The standard requires banks to set up TCF (Treating Customers Fairly) programmes, and adapt procedures in terms of product design and management, advertising, disclosure, and complaints processes. Note that these requirements are aligned to the FAIS General Code of Conduct – confirmation that the overarching conduct laws are on the way.
Banks are given further requirements in terms of their responsibilities when withdrawing or closing services and products, as well as when clients choose to terminate or switch products and services.
The fair treatment of clients’ requirements was enacted with immediate effect, but we’re sure this is readily achievable. Banks will have until 3 February 2021 to implement revised processes to manage their governance, product design, and advertising policies. The remaining implementation of revised disclosures, complaints, termination, and switching must be completed by 3 July 2021.
Please let us know if you need any assistance to meet these new requirements. (Yes, we have banks as compliance clients – Ed.)
For the full standard click here.
Cell Captive Conduct Standard for Consultation
On 28 July 2020, the FSCA released a Draft Conduct Standard regarding third party cell captive arrangements for comment.
The main effects appear to be more monitoring work for insurers when granting and managing cell captive agreements, and consequently more intrusive monitoring and reporting requirements for the cell owners.
Should you wish to comment, you have until 22 September 2020 to do so by using the form in the zipped documents link here.
Exemptions from PI and FG
The FSCA released Notice 68 which extends the exemption for insurers from holding Professional Indemnity (PI) and Fidelity Guarantee (FG) Insurance to 31 August 2022.
Notice 69 extends the exemption for underwriting management agents (UMAs) from holding PI and FG cover to the same date; but remember this is provided the insurer takes on responsibility for the UMA as per FAIS Notice 122 of 2017.
The actual exemptions (including the originals) are listed below:
Interim FAIS Commissioner Appointed
The FSCA confirmed that Advocate Dube Tshidi has been appointed as the FAIS Commissioner until 5 November 2020. This temporary appointment is to ensure that the role is filled pending a permanent appointment.
Click here to read the press release.
Resignation of Caroline da Silva
The FSCA announced the resignation of Caroline da Silva from her position as Divisional Executive of Regulatory Policy after seven years at the FSB and the FSCA. There was no confirmation of her further plans. Her last day will be 31 October 2020.
Da Silva has had a significant effect on the South African financial services industry, and we wish her well in her future endeavours.
The official announcement is available here.
Pre-populated Records of Advice
The FSCA issued Communication 46 of 2020 to express its concerns over Financial Services Providers (FSPs) using pre-populated records. The result of this is that clients are often provided with incorrect advice based on erroneous information.
The FSCA has not issued a directive, but has made a strong recommendation that FSPs confirm the accuracy of information in prepopulated records before making recommendations to clients. Should FSPs determine that the information is inaccurate or insufficient, they should correct it accordingly.
The full communication is available here.
Annual Levies
The FSCA has approved and released the structure of the annual levies to be charged this year. Levies are slightly reduced from the draft issued earlier this year.
Ensure that your Key Individual and Rep register is up to date before 31 August to pay the correct amount. The FSCA will issue invoices in September, and payment is due by 31 October 2020.
The full details are available here.
FINANCIAL INTELLIGENCE CENTRE
In July 2020, the Financial Intelligence Centre (FIC) imposed administrative sanctions against eight FSPs for non-compliance with the provisions of the Financial Intelligence Centre Act. The fines were for not implementing Risk Management and Compliance Plans (RMCPs), as well as for not reporting cash transactions. Fines ranged from R10 000 to R500 000.
We urge you to make sure that your RMCP is completed, up to date, and that your procedures continue to be adhered to. We can assist in developing plans or running a check on whether they are being adhered to – contact us if you need help.
FINANCIAL SERVICES TRIBUNAL
Debarments
N Phillips and The Engine Room
The focus of this case was around section 6A(2)(a) of the FAIS Act, and the fit and proper requirement of “personal character qualities of honesty and integrity” of a call centre agent, where the tribunal considered felt that The Engine Room overreacted.
The basis seems to boil down to whether the providing of a false name to an irate client was material.
For the whole case click here.
INFORMATION REGULATOR – POPIA
July was a busy month for the Information Regulator. Fortunately, for entities holding client information, the effective date of the regulations is 1 July 2021! The repercussions of data breaches could have been far more severe.
Experian (a consumer, business, and credit information services agency) is the most recent entity to experience a data breach, and has made the public aware. One wonders how many other data breaches have gone unannounced.
A plan to deal with a data breach is essential, and we recommend every affected entity finalise and review its plans as soon as possible, despite the deadline. Let us know if you need assistance.
Readiness Plan for the Implementation of POPIA
The Operational Readiness Plan (ORP) published by the Information Regulator describes what the Information Regulator is planning to do over the next 12 months.
- The plan details the actions that are to be undertaken by the Regulator per each provision of POPIA, and the deadlines. We have summarised some of the key action items below:
| PROVISION OF POPIA | ACTION UNDERTAKEN/TO BE UNDERTAKEN | TIME FRAME |
(Section that requires critical action for the implementation of POPIA) | (The action required by the provision) | (Projected timeframe for completion of the Action) |
8. Responsible party to ensure conditions for lawful processing – Condition 1 – Accountability | Development of an Internal Guide for interpreting the eight Conditions for Lawful Processing of Information by the Information Regulator for the Information Regulator. | 31 March 2021 |
11. Consent, justification and objection – Condition 2 – Processing Limitations | Development of a Consent Form and Development of an Objection Form. | Provided as per Form 1 of the POPIA Regulations of December 2018 |
12. Collection directly from data subject – Condition 2 – Processing Limitations | Development of a guide for the interpretation of “national security” in terms of section 12(2)(d)(iv) and in relation to other provisions in the Act. | 31 March 2021 |
22. Notification of security compromises – Condition 7 – Security safeguards | Provide guidance on the manner in which data subjects must be notified of unauthorised access or acquisition of their personal information as provided for in section 22(4)(e). Provide guidance on the manner in which the responsible party must publicise any compromise to the integrity or confidentiality of personal information if such compromise would protect a data subject who may be affected by the compromise as provided for in section 22(6). | 31 March 2021 |
27(2). General authorisation concerning special personal information – Part B – Additional Rights and Obligations – Processing of special personal information | Development of an application form to authorise a responsible party to process special personal information. Development of criteria for what constitutes public interest and appropriate safeguards as provided for in section 27(2). | 31 March 2021 |
Section 55 and 56 Information Officers (IOs) | Development of a Guideline for the registration of IOs and designation and delegation of Deputy Information Officers (DIOs). Development of an electronic portal enabling access to the register of IOs. | 31 March 2021 |
71. Automated decision making | Development of guidelines on automated decision making and profiling. | 31 March 2021 |
72(1)(a) Transfer of personal information outside the Republic | Development of guidelines on trans-border information flows. | 30 December 2020 |
- We will look into the various types of regulations or codes of conduct that the Information Regulator believes are required in next month’s Legislative Update.
Click here for a copy of POPIA.
Registration of POPIA Information Officers
The Information Officer (IO) of an organisation is an important person when it comes to information. By default, every single organisation in South Africa has one. The Promotion of Access to Information Act (PAIA) automatically designates a person in each organisation as an officer. However, unlike in PAIA, there are no exemptions under POPIA.
Many organisations are trying to work out who the person should be. Is it the CIO, the IT Manager, the information security officer, the legal adviser, the compliance officer? What should the structure be, and how many people do you need? Do you need one officer and two deputies, or just two deputies? Should one deal with PAIA and the other with POPIA? Who is accountable, and who is responsible? Should the responsibility be designated to someone else? Should you have one for the group, or each entity within the group?
Draft guidelines on the registration of IOs were published for comment in late July 2020, for 31 August 2020. The guidelines show organisations how to:
- register IOs;
- update their details;
- designate DIOs; and
- delegate duties to DIOs.
It must be noted that the IO as per section 55(1) of POPIA remains the same as per sections 1 or 14 and 41 of the PAIA Act, the Chief Executive Officer (CEO), Managing Director (MD), or Key Individual.
Registration of IOs will be compulsory for every person identified as the head of a private body.
For example:
| Type of Private Body | Identity of IOs |
Natural Person | Sole proprietor who carries on any trade, business or profession, but only in such capacity and not in his personal capacity |
Partnership | Any partner of the partnership, or any person duly authorised by the partnership |
Juristic Person | CEO or MD, or equivalent officer of the juristic person or any person duly authorised by that officer or any person who is acting as such or any person duly authorised by such acting person |
The deadline for registration of an IO and DIO is on or before 31 March 2021.
We suspect that not much will be changed in terms of the majority of the guidelines; however, there may be greater clarity on the designation of DIOs such as:
- whether DIOs must be employees and at what management level;
- whether the DIO can be outsourced;
- how qualified the DIO must be to have a reasonable understanding of POPIA and PAIA in order to execute their duties; and
- how the Information Regulator expects IOs and DIOs to receive appropriate training.
We will provide a detailed update when the final guidelines have been published, and how we can assist with the registration of your IO or DIOs.
Click here for the guidelines.
FROM A-PROOFED
The consequences of bad writing
Imagine you’re in the market for a new insurance policy for your brand spanking new Harley Davidson. For these types of purchases, it’s so important to shop around for the best price, excess, and cover, etc. Working in insurance, you’ll probably read through the policy wording to see what will happen in the event of a claim, how much you’ll need to pay, and all the other important things that policy wordings should detail. Now, while we’re imagining things… What would you do if the policy wording had spelling and grammar mistakes, with incorrect punctuation (shock, horror), the page layout was all over the place, and it was generally a really difficult document to read? You’d move on to the next insurer because you’d think that any company that didn’t proofread its own writing – or employ someone to make the document look good – couldn’t be trusted to create a good product. You’d get your insurance cover elsewhere. I know I would!
I can’t say this often enough: I believe that good writing can make your instructions clearer, your emails easier to read, your marketing material more effective, and your internal communications more efficient.
Let’s look at writing from another angle, and examine how harmful bad writing can be. Because of careless and sloppy writing, the insurance company not only lost a client, but also damaged its general reputation. Chances are, if it was you, you wouldn’t take out insurance with them ever again, and you’d tell all your friends. With that in mind, here are some of the ways poor writing can damage your company:
Poor writing costs sales and business. Whether you sell insurance, motorbikes, make-up, or even if you provide a service, if your writing is unclear, unconvincing, or careless, people won’t buy your product or service. Sloppy, incomplete, or unpersuasive proposals, websites, and marketing material will cost your business in so many ways.
Poor writing causes frustration. In your writing, if you’re not clear about what you want to achieve, or what your client needs to understand, or how they should reply, the frustration can be intense. It will also save time (which we never have enough of) because there won’t be any backwards and forwards when one email would do.
Poor design causes frustration. If you need your clients to fill in a form of some sort, it can be very frustrating if the form is difficult to complete, with columns and fields that are too small, and there’s uncertainty as to what needs to go into which block. What would happen if your email address was thisemailaddressiswaytoolong@nevergoingtofitinthespace.com?
Poor writing costs time. Any communication, like reports, memos, and emails must be clear, relevant, and complete. If they’re not, you’re going to have to rewrite them, and you’ll spend hours on the phone with your clients who will call you because they don’t understand certain things or need things explained to them. You’d save yourself so much time if everything was clear and there was no need for the many support calls.
Poor writing can have an effect on your staff. Poorly written communications to and between employees – training manuals, emails, and letters – can leave employees confused, angry, or insulted. A condescending tone, incomplete explanations of decisions, or biased language in a company-wide memo, for example, can annoy, worry, or even upset employees. When facts aren’t clear, rumours can replace them, and rumours often make things look worse.
Poor writing can hurt your company’s brand. Your brand is how the world sees you – the associations it makes with your name, and the feelings it has about your products. Your brand is more than your logo, your tag line, or the expensive website you had done. It’s influenced by everything you put out to the public. When your brand is not professional, you’ll lose more than just that one person who wouldn’t take out your insurance because there was a spelling mistake on your policy wording; the damage will affect everything about your company because people will make the assumption that everything you do is of poor quality.
Poor writing can be dangerous. A set of policies in your company handbook that fails to clearly explain your company’s rules regarding sick days, and your leave policy, may result in your staff becoming unnecessarily overworked, stressed, or depressed.
I’ll conclude by reminding you that if you write well, you’ll have happier clients, greater productivity, and higher profits.
There are many benefits of hiring a proofreader. When you’re ready, A-Proofed can assist.
Contact Kim Hatchuel on 083 657 3377 or kim@a-proofed.co.za
