The rule of law in South Africa seems a bit ‘fair-weather’ at the moment, and you’d be forgiven for feeling a bit despondent. The endless calls to be ‘part of the solution’ are also wearing a bit thin.
Nonetheless, we believe that the key is to maintain the legal and ethical standards that you have developed over the years, as these principles ‘bleed’ into our broader communities.
And another reminder: get your COVID-19 vaccination!
THE FINANCIAL SECTOR CONDUCT AUTHORITY (THE FSCA)
2021 levies on financial institutions
A reminder that the FSCA should have issued levy invoices during September. If your financial service provider hasn’t received them yet, please let us know and we’ll follow up with the Regulator. Payment is due by 31 October.
Foreign insurance of first party risks
The FSCA and Prudential Authority (PA) released Joint Guidance Note 1 of 2021 on 30 August. The Note summarises a similar Note in 2019 for third party risks, and goes on to confirm the registration requirements for foreign entities rendering insurance business to ‘first party’ South African customers (i.e. captive insurance business).
It’s often confusing as to whether entities wishing to transact in South Africa require registration with the PA and the FSCA. Lloyds has guidance on this issue which needs input from compliance officers in both jurisdictions to understand.
Read the complete Guidance Note here.
Banking conduct of business supervision
The FSCA released Communication 18 of 2021 advising banks of their expectations regarding physical site and ATM closures (including for refurbishment).
The FSCA argues that removal of sites and ATMs is unfair on consumers, and expects banks to conduct an impact assessment and then inform the Regulator of any planned closures at least six months prior to doing so. (Now you know why your bank charges are so high – Ed.)
Here are the full details.
The FSCA fines Viceroy Research and partners R50 million
The FSCA issued a fine of R50 million to Viceroy Research and its partners on 8 September. This was in response to the report on Capitec Bank released by Viceroy in 2018.
The report caused a 23.12% drop in the Capitec share price at the time. Here is the FSCA’s press release and a brief explanation of its findings.
Viceroy was instrumental in the exposure of the Steinhoff crash in 2017, and has stated that it will challenge the fine.
Viceroy is based in Delaware, United States. As much as the FSCA enlisted the assistance of the United States Securities and Exchange Commission and is adamant this shows its reach, let’s see if it receives any payment in the stipulated 30 days.
Joint Standard on outsourcing by insurers
The FSCA and PA released Joint Standard on Outsourcing for Insurers on 8 September for comment. The aim of the draft Standard is to ensure that outsourcing doesn’t impair the prudent management of an insurer’s business.
The draft Standard will repeal Prudential Standard GOI5: Outsourcing by Insurers, but will continue to require a documented policy to guide outsourcing of activities. The policy must guide the insurer on its risk assessment of the proposed outsourcing activity.
The draft Standard provides its own guidance on what functions are ‘material’ in terms of outsourcing, what insurers are required to consider when outsourcing, as well as practical and contractual requirements on outsourcing agreements and functions.
Read the draft Standard and submit comments (by 26 October) via the framework here.
4AX name and address change
On 16 September, the FSCA confirmed the ‘semigration’ of the 4 Africa Exchange (Pty) Ltd to Cape Town. The physical move comes with a name change to the Cape Town Stock Exchange (Pty) Ltd.
Aside from the marketing and practical reasons as described in this article by Daily Maverick, it’s clear that the shift to ‘online’ brought about by the COVID-19 pandemic has stimulated some radical thinking. Businesses are now also able ‘to vote with their feet’.
NATIONAL TREASURY
Draft benchmark regulations
National Treasury released draft regulations to designate “provision of a benchmark” as a financial service on 30 August 2021.
In this context, benchmarks are used for financial instruments or financial contracts to measure the performance of investment funds.
The regulations aim to ensure that the administrators of any critical benchmarks are impartial, capable, and will therefore need to be licensed to provide the service. The FSCA will be appointed as the regulatory authority, and is required to maintain a list of local and foreign benchmark administrators. In addition, the FSCA will have to approve and maintain a list of the benchmarks and update it at least every two years.
Read the full notice here. Comments are due by 13 October 2021.
SASRIA
Sasria rate increase
Sasria SOC Limited (Sasria) released a Communication to industry (Circular 510) on 14 September to notify all stakeholders of its increased rates that will take effect from 1 January 2022.
An increase in rates was to be expected, given the claims arising from the unrest and looting in July that has emptied Sasria’s coffers.
The increase in rates doesn’t affect, amongst others, domestic fire, private cars, tertiary institutions, money, and various business interruption classes.
However, some of the increases are 3,011.71% and 1,736.4%, i.e. about 3,000 or 1,700 times as much. This serves as a reminder that Sasria is ‘state-owned’, and we now wait to see if the FSCA, after taking life insurers to task for increasing funeral benefit premiums, issues similar commentary to this insurer.
Despite the risks, the increase may mean that many hard-pressed policyholders, particularly transporters who are the main target, won’t be able to afford or willing to carry these new rates and may look to cancel the cover, only further exacerbating Sasria’s woes. Those that don’t will eventually result in the cost being transferred to consumers. It appears that Sasria’s commission structures will stay the same.
Download the new rates here.
FINANCIAL INTELLIGENCE CENTRE (FIC)
Fines issued to two South African life insurers
The South African Reserve Bank issued fines of R1 million (50% suspended) to Sanlam Life Limited and R140,000 to Fedgroup Life Limited in terms of the FIC Act.
Once again, the penalties were for shortfalls in practical implementation of the Risk Management and Compliance Plans (RMCPs) of the two companies.
We can only remind all Accountable Institutions to regularly review and update their RMCPs and resolve any deficiencies found as soon as they come to light.
The media release is available here.
Annual report
The FIC released its annual report for 2020/2021 on 21 September.
It shows a 16% increase in the number of reports received by the FIC, as well as increased investigations and recovery of the proceeds of crime. Recovered funds come to nearly R3.98 billion, and there are still funds of R613 million frozen as suspected proceeds of crime.
The FIC also set up the South African Anti-Money Laundering Integrated Task Force during the year to combine and share information between the Justice, Crime Prevention and Security Cluster, banking industry, and Regulators. This partnership has already led to the recovery of R659 million of the proceeds of crime.
The FIC will no doubt have another busy year, given the effects of heightened cybercrime due to the COVID-19 pandemic.
INFORMATION REGULATOR – PROTECTION OF PERSONAL INFORMATION ACT (POPIA)
Department of Justice ransomware attack
Remember that song by Alanis Morissette, “Ironic”?
The Department of Justice (DOJ) suffered a ransomware attack on 6 September which impacted the Information Regulator’s (IR) website and email domain, which relies on the DOJ’s IT systems for its own operations.
The impact of the ransomware attack was to affect various courts, but more specifically the IR’s website was unavailable for just over three days and its email system remains offline.
Advocate Pansy Tlakula in her interview with #AMReport405 on 21 September mentioned the following regarding the ransomware attack and data breach:
- The DOJ as of 21 September still did not know the impact and the nature of the personal information (PI) that might have been compromised.
- The DOJ has approached relevant authorities to assist the DOJ with the forensic investigation.
- It appears that about 1,200 files may have been affected, but it was not sure.
- The DOJ still has to inform the IR on the breach, the measures that have been taken, and whether the DOJ has informed the data subjects.
- The IR is in a precarious position because it has to regulate the DOJ while being dependent on the DOJ’s IT infrastructure.
- The IR has a responsibility to its own data subjects. Remember that the IR has been registering Information Officers (IOs) and Deputy Information Officers (DIOs) (at least those that were able to register online or emailed their registration forms). The IR therefore has to inform its data subjects on the possible consequences of the breach and the measures that can be taken to lessen the impact of the data breach. The IR cannot do so because it doesn’t have the necessary details.
- Data subjects cannot do anything until they know the nature and the impact of the breach on their PI.
- The IR has taken measures to try and mitigate the impact of the breach by establishing its own email addresses on its own domain, but it cannot upload any documents to the website.
- In August 2021, South Africa had 38 reported data breaches, and the IR has been receiving reports of data breaches in September from large entities.
- A number of government departments including the DOJ have archaic IT infrastructure. The Act requires all entities to put in place adequate security measures to safeguard the integrity and confidentiality of the PI that is collected and stored.
- Private and public bodies need to look at their IT infrastructure as cyber-criminals are taking advantage, and attention is to be paid to this.
- Remedies: civil actions can be taken where the responsible party has been found to be negligent on behalf of data subjects. In addition, the IR can issue a fine to the DOJ.
Following this, the IR published its official breach notification on 24 September.
As a responsible party, the IR has an obligation to notify its data subjects, being the IO and DIO, registration details among others.
Of note are the security measures that the DOJ assured the Regulator that it has in place. It mentions the layers of data protection which may serve as a useful guideline should you be unsure as to what the minimum security requirements are in terms of section 19.
The types of PI that may have been compromised are still to be determined.
The silver lining is that the data breach has forced the IR to invest in its own IT infrastructure: email domain (enquiries@inforegulator.org.za), cloud IO registration portal, and website domain. If it had been done from the beginning, this may not have happened. The question is: has the IR or will the IR conduct the Personal Information Impact Assessment for the new project?
The media release is available here.
PAIA regulations and private body PAIA Manual template
The amended PAIA (Promotion of Access to Information Act (Act No. 2 of 2000)) regulations: Regulations Relating to the Promotion of Access to Information, 2021 were finally gazetted on 27 August.
The following items are worth noting:
Obligations of the IO
Copies of the PAIA manual must be maintained by the IO in at least two official languages at the private body’s registered head office.
The IO must, upon written request of any person on Form 1 of Annexure A to the Regulations, make available the number of copies requested of the private body’s PAIA Manual in the official languages, at no charge.
Access to information: Voluntary disclosure and automatic availability of certain private body records
The head of a private body (MD/CEO/KI) may compile and keep a description of the categories as per section 52(1)(a) of the Act, that are automatically available without a person having to request access to them or are voluntarily disclosed. The description must be updated as soon as possible after any amendment and made available to the IR, on the private body’s website or for inspection at the private body’s registered office.
Request for Access to Information forms and template are here, and the amended regulations are here.
We are drafting a suitable document for the financial services industry. Let us know if you need a copy.
A-PROOFED
Designing an exceptional PowerPoint presentation
I have been asked a lot during the last 18 months to assist clients with their PowerPoint presentations, so I thought it would be helpful to jot down some notes on how to design an exceptional one. We’ve all seen far too many really bad presentations (read: Death by PowerPoint), and I’m going to tell you how to not be “that guy” and fall into the same trap.
These days, since we can’t pack out the boardroom or convention centre, presenting your case often means creating a PowerPoint presentation and presenting it to a bunch of black screens on Zoom, Teams, Google Meets, or some other app that your company may have chosen.
The first thing you need to do is to work out what you will be telling your audience. All the bells and whistles in PowerPoint can make you forget that you still have to say something that will make them sit up and take notice. Using fancy graphics with too much animation doesn’t relieve you of the responsibility to carefully plan and organise the text. Remember: the medium is not the message! Keep in mind that preparing a talk always takes far longer than you anticipate, so start early! You’ll need time to research your topic, set up the slides, and rehearse. Then you need to rehearse, and rehearse again, until you’re comfortable with the presentation.
Basically, all presentations need a few things: an attention-grabbing opener, a brief overview of the topic, what your audience have come to find out, how your solution meets that need, how they can implement your solution, and a summary and conclusion.
Your presentation needs to flow logically so that you don’t lose your audience. Also, what you’re telling them must be simple and organised. Remember that if you want to wow them, you must know your product, service, or solution really well.
Start creating your presentation without thinking about the visuals or effects. It will be so much easier if you make it like a story with a beginning, middle, and end. Kind of like a “Once Upon A Time”
Remember that your audience didn’t come to read, and if that’s the case then you might as well have emailed a document to them. We read faster than we listen, so if your slides have paragraphs of text on them, you’ll lose your audience. Keep the number of words on each slide to an absolute minimum. Proofread everything, including visuals and numbers. (I can help with this.)
If you use slide transitions, stick to only one throughout. If every slide pops up in a different way, your audience may get dizzy, lose track of what you’re trying to tell them, and soon they’ll be taking bets on whether the next slide is going to bounce in or fly in from the left or right. Your best bet is to use the simplest transition.
Fancy fonts don’t add impact. Choose a simple one like Arial or Calibri, and stay with it for the whole presentation. Use different font sizes, and bold formatting to emphasise your message. Whatever you do, DON’T use Comic Sans! It happens to be the ugliest font ever created (check out www.comicsanscriminal.com).
You’re not finished yet! Now you need to add visual elements that pack a punch.
Think about the colour first because it affects the background or template that you use. Whichever colour you choose, make sure that all your text contrasts enough with your background to be easily legible.
Avoid using the default white background. It is hard on the viewer’s eyes. Rather add a design style or a colour to the background.
It’s generally best to use a darkish background because light colours can be too bright and may make your audience whip out their Ray Bans for the occasion. Medium backgrounds can also work when you want a softer impact. As you’re most likely presenting online, make sure that everyone can read the text on their screen.
The most professional-looking backgrounds are photographs or textures rather than solid colours. You can manipulate photos in photo editing software to soften and colour them to your chosen background colour. Avoid cartoons and clip art, and make sure that your images aren’t too low res as they’ll look unprofessional. Don’t overdo the graphics, and whatever you do, don’t use images that have watermarks on them.
If you need to use graphs in your presentation, please don’t make them too busy. Keep it simple, and easy to understand. Numbers are usually confusing to an audience. Use as few as possible and allow extra time for the audience to absorb the idea. Round numbers for ease of comprehension. “We sold 1,000 units in five days.” (We actually sold 1,028.)
- Avoid using too many bullet points.
- Avoid using too many bullet points.
- Avoid using too many bullet points.
- Avoid using too many bullet points.
Oh… and one last thing. PowerPoint has a spell check option. Please use it!
And if you need help with your PowerPoint presentation, I’m at the end of a phone line (or a Zoom call if you’d prefer).
Kim Hatchuel
083 657 3377 | kim@a-proofed.co.za
www.a-proofed.co.za
