CONTINUOUS PROFESSIONAL DEVELOPMENT (CPD) – ONE MONTH TO GO!
We’re sure we don’t need to remind you that there’s only one month to go to complete your CPD hours in terms of the FAIS Fit and Proper requirements.
There’s plenty of material available, but we’d recommend our CPD partners AC Develop. Sign up and get it done!
THE FINANCIAL SECTOR CONDUCT AUTHORITY (THE FSCA)
Appointment of Commissioner and Deputy Commissioner
Tito Mboweni (the Minister of Finance) has appointed Unathi Kamlana as Commissioner of the FSCA, and Astrid Ludin as the Deputy Commissioner. Both are expected to take up their roles on 1 June 2021.
We wish them well in their new positions.
Here is the official media release.
Directive to Provide Information
In an effort to provide accountable institutions (AIs) which failed to comply with the Directive to Provide Information (DPI) by 31 March 2021 a final opportunity to comply, the FSCA has re-issued the DPI. Those AIs that did not submit in time are required to complete and submit the return between 1 May 2021 and 31 May 2021. This will also include newly authorised financial services providers (FSPs) which will have to complete and submit the DPI.
Submissions are to be made through the FSCA’s e-Portal on its website.
FINANCIAL INTELLIGENCE CENTRE (FIC)
Public Compliance Communication No. 12A (PCC 12A)
On 24 March 2021, the FIC released PCC 12A (which replaces PCC 12 and provides guidance on which compliance activities can be outsourced by accountable and reporting institutions to third parties).
Here’s a summary of the guidance:
AIs were reminded that they are ultimately responsible for their compliance obligations in terms of FICA.
Outsourcing has been clarified to refer to when an AI obtains the advice and assistance of service providers to enable the fulfilment of their FICA obligations. The service providers cannot discharge any FICA obligations on behalf of AIs.
AIs are permitted to use service providers to perform compliance activities relating to risk assessments, collecting and processing documents and information in terms of customer due diligence (CDD), as well as for record-keeping purposes.
AIs may use service providers to scrutinise and verify client information.
Responsibility for CDD still rests with AIs, and the use of service providers to fulfil and discharge CDD, reporting, and registration obligations does not remove it.
Any obligation to obtain senior management approval as required in terms of sections 21F, 21G, and 21H of the FIC Act cannot be outsourced.
The PCC also makes it clear that the outsourcing of compliance obligations is not the same as placing reliance on a third-party AI as provided for in the legislation.
Read the full PCC here.
Public Compliance Communication No. 49 (PCC 49)
On 24 March 2021, the FIC released PCC 49 which provides guidance on money laundering, terrorist financing, and proliferation financing considerations and suggested resources that may be consulted in determining these risks in relation to geographic areas.
There appears to be concern that the Risk Management and Compliance Plans of AIs have not adequately quantified and risk rated for foreign and (perhaps, more importantly) local geographic risks. As such, the intention of the PCC is to assist AIs in identifying and managing risks relating to geographic areas.
The full PCC is available here.
Public Compliance Communication No. 50 (PCC 50)
On 31 March 2021, the FIC released PCC 50 to guide anyone reporting to the FIC about the measures required for the mitigation of lost intelligence data where a report ought to have been filed and the person reporting fails to file the report, or where the person reporting files a defective report. In both these instances, the person reporting is required to remediate the reporting failure as soon as possible.
A defective report includes a rejected report owing to validation failures, or where the data submitted in the report is inaccurate or false. In addition, the PCC provides guidance on measures aimed at preventing, remediating, and mitigating failures, and elaborates on the Directive 3 of 2014 process to be followed when applicable.
Read the Communication here.
Administrative Sanctions
In its capacity as the authority responsible for enforcement of FICA, the FSCA imposed administrative sanctions on three FSPs. The sanctions were imposed subsequent to onsite reviews conducted at the premises of the FSPs during 2019.
Offences ranged from not updating company names and goAML registration, to not implementing Risk Management and Compliance Plans, or the plans not being suitably implemented or training conducted.
The AIs are based all over the country; in the age of online meetings there is slim hope of avoiding inspections. Disappointingly, in some instances the AIs were made aware of the findings and instructed to resolve them, but ignored the regulators. We’re also finding that the regulators are far more stringent when applying the legislation than most FSPs have become used to.
The lesson: don’t avoid your compliance obligations because you “have a business to run and clients to service”. It will cost you more in the long run!
Qualification Requirements for CMS Accreditation
On 15 April 2021, the FSCA published Communication No. 6 of 2021 clarifying that the minimum educational requirement for CMS accreditation is a grade 12 National Senior Certificate (NSC) which must be verified by MIE.
Applicants applying for or renewing accreditation who don’t provide the CMS with a copy of the grade 12 certificate will be rejected. Previously, the CMS accepted an affidavit from the applicant confirming that the applicant has a grade 12 education.
However, in 2014, the CMS decided to no longer accept affidavits. After the FSCA engaged the CMS, the following was confirmed:
- The grade 12 education or equivalent qualification as a basic minimum qualification is not a new requirement. The only change implemented by the CMS is that affidavits are no longer accepted in instances where brokers or applicants are unable to produce the actual certificates.
- The CMS does not accept a registered skills programme of 30/60 credits as an equivalent to a grade 12 education.
- However, brokers or applicants who only completed a skills programme with no grade 12 education may be exempted for a period of two years to allow time to complete a formal qualification (it does not have to be a Grade 12 NSC, and can be any certificate as long as it is registered on the National Qualifications Framework (NQF)).
- It should, however, be noted that a formal exemption process applies in which each application is reviewed on its merits by the CMS. It is not an automatic exemption. It’s advisable that brokers or applicants who were granted exemption enrol as soon as possible to complete a qualification within this two-year period.
- Qualifications that are registered at NQF level 4 or higher will be accepted as an equivalent to a grade 12 NSC.
Please ensure that apprentice and renewal accreditation applications are submitted to the CMS with a certified copy of your grade 12/matric certificate.
Where an exemption has been applied for and granted by the CMS, the candidate must complete a recognised qualification within the maximum two-year period to obtain the qualification.
Contact us for further details should you have any queries regarding the qualification requirements and exemption.
To read the full Communication, click here.
INFORMATION REGULATOR – POPIA (PROTECTION OF PERSONAL INFORMATION ACT)
On 1 May 2021, there will only be 61 days until 1 July 2021 where public and private bodies need to be POPIA compliant.
Guidelines on the Registration of Information Officers (IOs)
The final guidance note on IOs and Deputy Information Officers (DIOs) was published by the Information Regulator on 1 April 2021. As mentioned last month, registration of IOs and DIOs will commence from 1 May 2021. Registration can be done by email or online via the registration portal when it goes live, presumably from 1 May (let’s hope it doesn’t crash).
Information Officers
IOs and DIOs will perform their duties and responsibilities in terms of both PAIA and POPIA. IOs and DIOs will only be allowed to act in these capacities after being registered with the Information Regulator. It is assumed that the Information Regulator will advise whether an application has been approved.
The exercise will also update the details of IOs under PAIA, where private bodies were required to publish their PAIA manual and lodge a copy with the South African Human Rights Commission (SAHRC). It is not clear whether the threshold exemptions will be extended by the Information Regulator when it becomes the regulatory body responsible for PAIA on 1 July 2021.
When the Information Regulator takes over the responsibilities of PAIA from the SAHRC, it will be empowered via the Information Regulator’s Enforcement Committee to make recommendations for any action that should be taken against an IO in terms of PAIA. IOs may, on conviction, be held criminally liable in terms of PAIA for the following offences:
“A person who, with intent to deny a right of access in terms of this Act,-
(a) destroys, damages or alters a record;
(b) conceals a record; or
(c) falsifies a record or makes a false record,…
… The head of a private body who, wilfully or in a grossly negligent manner, fails to comply with the provisions of section 51 of PAIA (compilation of the entity’s PAIA manual)…
… Non-compliance with an Enforcement Notice.”
The guidance reiterates that IOs are automatically appointed in terms of PAIA and POPIA by virtue of their positions. Therefore, the IO of a private body will be any of the following:
- A natural person who carries on any trade, business, or profession, but only in such capacity, or any person duly authorised by that natural person.
- Any partner of the partnership or any person duly authorised by the partnership.
- Chief Executive Officer or Managing Director or equivalent officer of the juristic person, or any person duly authorised by that officer or any person who is acting as such or any person duly authorised by such acting person.
Authorisation of an IO or DIO must:
- Be made in writing.
- Not prohibit the person who made the authorisation from exercising the power concerned or performing the duty concerned himself or herself.
- Be able to be withdrawn or amended in writing by that person who provided authorisation.
Note that the person authorising any person as the IO retains the accountability and responsibility for any power or the functions authorised to that person.
The duties of the IO include the following:
- The encouragement of compliance by the body with the conditions for the lawful processing of personal information.
- Dealing with requests made to the body pursuant to POPIA.
- Working with the Regulator in relation to investigations conducted pursuant to Chapter 6 of POPIA in relation to the body.
- Ensuring compliance by a body with the provisions of POPIA.
- A compliance framework must be developed, implemented, monitored, and maintained.
- A personal information impact assessment must be done to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information.
- A manual must be developed, monitored, maintained, and made available as prescribed in sections 14 and 51 of PAIA, as amended.
- Internal measures must be developed together with adequate systems to process requests for information or access thereto.
- Internal awareness sessions must be conducted regarding the provisions of POPIA, regulations made in terms of POPIA, codes of conduct, or information obtained from the Regulator.
- Upon request by any person, copies of the manual must be provided to that person upon the payment of a fee to be determined by the Regulator from time to time.
Deputy Information Officers
The Information Regulator has made it clear that only an employee of a private body can be designated as a DIO (no outsourcing allowed!).
Once again, the designation to a DIO must be in writing and the candidate must:
- Be afforded sufficient time, adequate resources, and the financial means to devote to matters concerning POPIA and PAIA.
- Report to the highest management office within a body. This means that only an employee at a level of management and above should ideally be considered for designation as a DIO of a body.
- Be accessible to everyone, particularly to a data subject in respect of POPIA or a requester, in terms of PAIA.
- Have a reasonable understanding of POPIA and PAIA in order to execute his or her duties.
- Have a reasonable understanding of the business operations and processes of a body.
Training of IOs / DIOs
The Information Regulator has recommended that IOs and DIOs receive appropriate training and keep abreast of the latest developments in POPIA and PAIA, but that the Regulator is not “empowered to provide any training”.
After all that, the most important part of the guidance provides the procedures for the registration of IOs and DIOs as well as application templates and draft appointment letters. Should you wish to register manually, you will need to follow these steps and attach the necessary documentation.
We’re ready to assist in the completion and submission of the forms should you need us.
To read the entire guidance note, click here.
A-PROOFED
Most people I know say they absolutely hate Microsoft Word, and that they prefer to do as much as they can in Excel. Excel has its own very useful functions, but in my opinion, it isn’t an appropriate tool for writing reports or letters. Microsoft created Word specifically for that.
I’m going to give you some helpful tips which will make your life so much simpler. If there’s anything else that you need help with, you know how to get in touch with me.
Writing outside the box
Did you know that you can type anywhere in a Word document? An-y-where! I have no doubt that you’ve fiddled with textboxes, and used the tab button (or, heaven forbid, the space bar) to indent text so that it is in the exact place that you want it. Those days are over! All you need to do is to double click the place where you’d like to insert your text. Voilà!
Customise your autocorrect
No matter how much time you spend in front of your keyboard every day, there will still be words and phrases that you may not be able to master. The people who created Microsoft Word clearly also had the same problem, because they made it easy to personalise your commonly misspelled words without being prompted. You may have noticed that a few of these are already pre-programmed into Word (like the i before e mix-up), but you can add your own to solve things like accented letters (André, this one is just for you!), or replace short abbreviations with technical terms. Just go to the File menu, click on Options, select the Proofing tab, and click on AutoCorrect Options to personalise it for your needs.
Find and replace
Most of you will know about using the Ctrl+F shortcut to find text in your document, but how many of you know about the Replace function? Imagine how frustrating it could be if you realise halfway through your document that you’ve spelled your client’s name wrong, and you don’t want to have to go through the entire document to find every occurrence of his or her name. Once you’ve clicked on Ctrl+F, click on the Replace tab, then type the word or phrase in the top field and the corrected word or phrase into the bottom field. From there you can choose to automatically replace all instances, or review them one by one.
Undo and redo
Almost everyone knows the shortcut for undoing nearly any action in Microsoft Office – Ctrl+Z. Far fewer people know, and actively employ, the redo shortcut. This is a quick solution for viewing and comparing different formatting and layout options, and there’s a tracking history of 100 actions. Look for the anti-clockwise and clockwise arrows in the ‘ribbon’ at the top of your screen.
Highlight an entire sentence with a click
Clicking and dragging is for the birds. Good thing you don’t have to do it. If you hold down the Ctrl key and click on any word, it will highlight the entire sentence.
Hop around to editing hotspots
Hitting Shift-F5 will allow you to cycle through the parts of your document you’ve recently edited. This trick will even remember where you were editing last after you re-open a document.
Auto-update date and time
Sometimes you have a document that you use again and again, but just update a few bits and pieces. If this happens to be a document like a letter that includes the date and/or time, one nifty little trick is to allow Word to update the date automatically. Under the Insert tab, click the Date & Time button (it’s in the Text menu block), and a pop-up window will appear. Click the date format you want and then click the “update automatically” box in the bottom right corner. Now the date and/or time will be updated every time you open (or print) the document.
Easily convert to a PDF
Word makes it easy to convert your document to a PDF. When you click on Save A Copy, you’ll see a drop-down menu under the file name, which will provide a list of options including PDF.
Change capitalisation easily
If you want to change text to lower case, Sentence case, Title Case, UPPERCASE, or for some absurd reason tOGGLE Case, all you need to do is to highlight the word (or sentence), and click on Shift+F3 until your text looks like you want it to. Easy. Or should I say EASY?
If you have any questions, or you need me to help you with your document, I’m a phone call or email away!
Kim Hatchuel
083 657 3377 | kim@a-proofed.co.za
www.a-proofed.co.za