We’re halfway through the Rugby World Cup and it’s proving to be every bit as exciting as everyone had hoped! It seems even our regulators are also rivetted to their screens as not much has happened over the past month. Nonetheless, we’ve worked through everything and have (as usual) summarised the important issues in the South African financial services industry.
THE FINANCIAL SECTOR CONDUCT AUTHORITY (FSCA)
2023 Annual Levies
A reminder that the levies on financial services providers (FSPs) are due for payment to the FSCA by 31 October. It seems that the invoices are delayed this year, so make sure to get a copy of your FSP’s levy invoices for the year (even by contacting the FSCA if you have to). Remember there are two amounts, both payable to the FSCA: one for the ‘licence’ and one to the FAIS Ombud. Ensure your FSP number is used as a reference when paying.
It’s tedious and embarrassing to resolve the issue once it becomes apparent that the FSCA has suspended an FSP’s licence because the levies haven’t been paid!
Draft 2024 FSCA and Ombud levies
The FSCA released its budget and proposed levies and fees for 2024 on 19 September.
The proposal notes that fees for some FSCA functions have not been increased since 2018, and that there are new functions for the regulators under the Financial Sector Regulation Act that do not have a fee as yet. The fees will therefore duly be increased, and a table of additional functions and fees has been added.
Other than the new fees and levies, the FSCA has proposed to increase all the amounts by 6% (rather than the 6.9% it claimed it was entitled to).
Comments can be submitted to FSCA.RFDStandards@fsca.co.za by 2 November 2023.
The FAIS Ombud levy is a different story as there is no increase proposed by the Ombud. This is most likely because the Ombud Council has decided on a different funding model and the FAIS Ombud is in the process of aligning itself with this body.
The Ombud Council plans to charge per case, but to bridge the gap until this method is operational, there will be a special levy of 7.5% of the standard FSCA levy in 2024/2025 and 2025/2026. This means that FSPs will pay the FAIS Ombud the same levy as last year. Banks, insurers, exchanges, and some other providers (as per Schedule 2 of Financial Sector and Deposit Insurance Levies Act, 11 of 2022) will have to pay the additional 7.5% levy.
Comments on the Ombud Council proposal are to be submitted to admin@ombudcouncil.org.za using this template by 31 October 2023.
FSCA withdraws SALT Asset Management (Pty) Limited Licence
Following the provisional withdrawal of SALT’s FAIS licence in April this year, the FSCA has confirmed the withdrawal citing SALT’s numerous failures in terms of the Financial Intelligence Centre Act. (Remember the FSCA is responsible for enforcing compliance of FSPs with FICA.)
SALT is alleged to have been involved in money laundering activities with the Gold Leaf Tobacco Corporation which resulted in investigations by the FSCA and the Financial Intelligence Centre (FIC).
SALT was found not have developed a Risk Management and Compliance Plan (RMCP), which resulted in the company not conducting due diligence, identity verification and sanctions checks on clients, not notifying the FSCA and FIC when holding third party records, establishing relationships with anonymous clients, and continuing relationships with parties where it had not conducted due diligence.
Given the findings of the Financial Action Task Force and South Africa’s subsequent “greylisting”, such monitoring and action will become the norm. It would be foolish for Accountable Institutions not to ensure that their RMCP is up to date and incorporated into the operations of the business.
FINANCIAL INTELLIGENCE CENTRE
Appointment of the Acting FIC Director
The Minister of Finance, Enoch Godongwana, has appointed Advocate Pieter Smit as the Acting Director of the FIC effective from 1 September 2023 until 29 February 2024 or sooner should the full-time appointment be made.
Advocate Smit was instrumental in the establishment of the FIC in 2004, and takes up this role as Advocate Xolisile Khanyile’s term as the current director ended on 31 August 2023.
PRUDENTIAL AUTHORITY (PA)
Proposed amendments relating to banks
The PA issued proposed amendments to banks on 19 September for a final round of consultation.
The amendments are intended to include the recommendations of the Basel Committee on Banking Supervision (commonly known as the Basel III requirements).
The proposals include a standardised approach to credit risk, revisions to the internal ratings-based approaches to credit risk, streamlining the operational risk and leverage ratio frameworks, and the output floor requirements.
Comments can be submitted to SARB-PA@resbank.co.za for the attention of Mr A J Smal, by no later than 25 October 2023.
Proposed Pillar 3 disclosures for banks
Regulation 43(1) of the banking regulations requires the disclosure in the annual financial statements of banks’ capital adequacy position, liquidity position, financial performance, leverage ratio, ownership, governance, business activities, risk profile, and risk management practices.
The Pillar 3 disclosure requirements aim to promote market discipline by providing users with key information relating to banks’ regulatory capital and risk exposures. The goal of Pillar 3 disclosure requirements is to improve transparency and confidence in a bank’s exposure to risk as well as the overall adequacy of its regulatory capital.
The proposed Directive removes the Pillar 3 requirements from the regulations and creates its own standards.
Comments can be submitted to SARB-PA@resbank.co.z for the attention of Mrs D Langa, by no later than 20 October 2023.
COMPANIES AND INTELLECTUAL PROPERTY COMMISION (CIPC)
Beneficial ownership
There is some confusion in industry as to whether and when to submit returns to the CIPC on beneficial ownership as communications from the CIPC are unclear if you are able to find them. As much as the legal precedent is that it’s not the Regulator’s requirement to inform those affected of requirements, we would have hoped that there would be clarity available for those seeking it.
We are therefore only in the position to note that the facility to submit the reports is available on the CIPC system – provided that the beneficial owners are individuals. Beware, as with all such returns, the frustration levels are high even while using the guidance document.
In addition, there is new terminology to get to grips with: most importantly the difference between affected and non-affected companies.
Affected companies are public companies, state-owned enterprises, and private companies where more than 10% of the issued securities were transferred (other than a transfer between related persons within the previous 24 months) or a private company that is a subsidiary of a regulated company. By inference, a non-affected company does not meet these requirements. Affected and non-affected companies have to (or will have to) submit returns.
The initial notes from the CIPC were that the returns were expected in October. As such, we would recommend you attempt to get them in.
We will confirm more information on this as soon as we are able to.
INFORMATION REGULATOR (IR)
Enforcement Notice issued to Dis-Chem
The IR issued an Enforcement Notice to Dis-Chem Pharmacies Ltd on 31 August.
During April or May 2022, Dis-Chem’s third party service provider, Grapevine, suffered a brute force cyber-attack by an unauthorised party which exposed more than 3.6 million data subjects’ names and surnames, email addresses, and cellphone numbers.
The Regulator’s assessment found that Dis-Chem failed to:
- Identify the risk of using weak passwords and prevent the usage of such passwords.
- Put in place adequate measures to monitor and detect unlawful access to its environment.
- Enter into an operator agreement with Grapevine and ensure that Grapevine has adequate security measures in place to secure personal information in its possession. Furthermore, the agreement would have outlined processes of reporting to Dis-Chem in the event of a security compromise.
To try to resolve this, the Enforcement Notice instructs Dis-Chem to:
- Conduct a Personal Information Impact Assessment to ensure that adequate measures and standards exist to comply with the conditions for the lawful processing of personal information.
- Implement an adequate Incident Response Plan, maintain a vulnerability management programme, implement strong access control measures, and maintain an Information Security Policy.
- Ensure that it concludes written contracts with all operators who process personal information on its behalf, and that such contracts compel the operator(s) to establish and maintain same or better security measures.
- Develop, implement, monitor, and maintain a compliance framework which clearly makes provision for the reporting obligations of Dis-Chem and all its operators.
Dis-Chem must provide a report to the IR within 31 days detailing the actions taken in terms of the Enforcement Notice. Should it not make adequate progress, it could face a R10 million penalty.
Media reports confirm that Dis-Chem is disputing the IR’s findings despite having implemented the necessary changes.
Obstructive behaviour during investigations
The IR released a circular at the end of August noting its concern with registered entities that are obstructing the National Credit Regulator (NCR) from exercising its duties when conducting an investigation.
It seems that some entities are not permitting NCR investigators access to their premises or records – citing that they need to make an appointment or that they need to provide credentials. NCR investigators are required to produce certificates confirming their appointment when conducting an investigation, which can be verified against some form of identification. Once this has been done, the investigation should be able to get underway as the National Credit Act empowers investigators to conduct their duties during business hours.
The escalation could result in a criminal case being lodged against the individuals preventing access.
NATIONAL CREDIT REGULATOR
Grid failure questionnaires
The NCR issued questionnaires to stakeholders regarding the preparedness of institutions in the event of a national energy grid failure.
The questionnaires are directed at the banking sector, the retail sector, and at generic entities.
Comments are due by 6 October 2023 and can be sent to Bongani Gwexe (bgwexe@ncr.org.za), and Mmalefa Motaung (mmotaung@ncr.org.za).
FINANCIAL SERVICES TRIBUNAL
Overturning of debarment
In the case of Lufuno Precious Shiburi v Liquid Capital (Pty) Ltd, the Tribunal members decided to set aside the debarment of the representative.
The decision noted the following: the FSP failed to follow its own Human Resources policies. This included not undertaking an independent inquiry for FAIS debarment requirements. It’s important for FSPs and their Key Individuals to note that the disciplinary procedure alone does not always constitute sufficient evidence that a representative’s misconduct impugns their honesty and integrity.
As such, dismissal does not constitute automatic grounds for debarment, and FSPs should ensure they consult with their compliance officers before rushing into any action.
OMBUDS
The Ombud Council releases draft rules
The Ombud Council released its draft rules on 4 September.
In general, the rules follow those currently in place, and the document released notes the specific provisions and differences. Two of the proposals are to increase the limit of jurisdiction to R3,500,000 as well as to allow for oral complaints submissions.
Commentary on the rules should be submitted to admin@ombudcouncil.org.za by 16 October 2023.
A-PROOFED
In an age where artificial intelligence (AI) continues to reshape our world, it’s tempting to believe that AI models like ChatGPT can effortlessly take on any task thrown their way. While ChatGPT is indeed a powerful language model, it’s essential to dispel the notion that it can act as a proofreading tool. Despite its remarkable capabilities, ChatGPT has its limitations when it comes to proofreading, and here’s why.
Contextual understanding: ChatGPT’s strength lies in understanding and generating human-like text based on the input it receives. However, when it comes to proofreading, understanding the context and intent behind the text is crucial. ChatGPT might correct grammar and spelling errors, but it may not always grasp the nuances of your message. It lacks the ability to comprehend the broader context of a document, making it less effective as a proofreading tool for complex or specialised content.
Inconsistencies and style preferences: Proofreading extends beyond mere grammar and spelling checks. It involves ensuring consistency in writing style, tone, and formatting. While ChatGPT can offer suggestions for sentence structure and word choice, it often fails to adapt to specific style preferences. You may have distinct guidelines for a document, which ChatGPT might not fully grasp or adhere to.
Limited industry knowledge: Effective proofreading often requires domain-specific knowledge. In the case of insurance and financial services compliance, a proofreader needs to be well-versed in the subject matter to identify inaccuracies or inconsistencies. ChatGPT has a general knowledge base but lacks the industry-specific expertise that human proofreaders have (like me).
Overreliance on technology: Relying solely on technology for proofreading can lead to complacency and missed opportunities for human insight. Human proofreaders offer a personal touch, understanding your voice and intent, which technology cannot replicate.
Potential errors: AI models like ChatGPT, while impressive, are not infallible. They can make mistakes and provide incorrect corrections, which can be detrimental to the final quality of a document. Human proofreaders can exercise judgement and discern when an AI suggestion is inaccurate.
Ultimately, the best approach to proofreading is to use human expertise. This will give you the highest quality documents that are free of errors, consistent in style, and aligned with what you want to achieve. That’s where I come in!
Get in touch!
kim@a-proofed.co.za | 083 657 3377
