COMPLAINTS MANAGEMENT AS PER AMENDED GENERAL CODE OF CONDUCT
The recent amendments to the FAIS General Code of
Conduct aligns the codes with other legislation, like Treating Customers Fairly
(TCF). One of the amendments focuses on
complaints management and prescribes how to deal with client complaints to
ensure actions taken are in a client’s best interest.
|
TCF OUTCOME 6 |
“The customers should not face
unreasonable post sale barriers to change a product, switch a provider,
submit a claim or LODGE A COMPLAINT” |
“COMPLAINT” is defined as an expression of dissatisfaction by a
person to an FSP, relating to financial product / service where a provider;
• has contravened or failed to comply
with a provision of the FAIS Act and that as a result thereof the complainant
has suffered or is likely to suffer financial prejudice or damage; or
• has willfully or negligently
rendered a financial service to the complainant which has caused prejudice or
damage to the complainant or which is likely to result in such prejudice or
damage; or
• has treated the complainant
unfairly
There are 9 COMPLAINTS CATEGORIES, but
FSPs are encouraged to consider additional categories relevant to their own
business.
Recent changes as follows;
√ Ensure
the complaints process does not impose unreasonable barriers on complainants.
√ Document
the complaints management process, with clear responsibilities, objectives and
principles.
√ Document
all complaints, with the risk identified and action taken in a complaints
register (to be as detailed as possible)
√ Keep
accurate, efficient and secure records of inter alia;
-
the number of complaints received
and upheld;
-
escalated complaints;
-
Complaints referred to the Ombud;
-
The amount paid for compensation;
-
The number of complaints that are
still outstanding;
- Communication with all parties
affected, including the Ombud who has jurisdiction over the matter.
At INF Risk Management we will assist you with the
drafting of a Complaints Management Framework
together with a Complaints Register ensuring
that any complaints received are handled fairly in your FSP.
Remember to keep in mind the link
between all COMPLAINTS and the 6 TCF OUTCOMES!
-Andrea Venter
The Protection of Personal Information Act (POPIA) is
now in force and have started 1 July 2020. Still, all
businesses including FSP’s will have until 1 June 2021 to
comply and get their businesses POPIA Compliant. The POPI Act gives effect to
section 14 of the Constitution, which provides that everyone has the
right to privacy. The act tries to strike a balance between the right
to privacy and the right for access to information and applies to all local and
foreign companies collecting, using or handling consumers’ personal
information, including names, identity numbers, ages, email and physical addresses.
Regulated by the Information Regulator, the act will be the go-to piece of legislation for consumers when their personal information is abused, or companies don’t protect it sufficiently or demand personal information, such as their ID number, when it’s not necessary.
The fines and penalties for
non-compliance to POPIA vary depending on the type of offence committed, with a
maximum of 10 years imprisonment or a R10m fine.
In a country overwhelmed with crime, South Africa was in need of personal protection policies. For those who feel uncomfortable being forced to have their driver’s license scanned and their car’s number plate photographed, ID numbers and cellphone numbers collected when entering residential or business complexes could now also test the legitimacy of their concerns against the POPI Act with the Information Regulator. Many industry experts see this as an invasion of privacy and a perfect recipe for either cloning your car or identity theft. Manie van Schalkwyk, the executive director of SA Fraud Prevention Service agrees “I totally feel uncomfortable to provide any security company with that information as I am not sure what they are doing to keep secure.”
As SA went into Covid-19 lockdown, many industry
experts said regulations such as the POPIA were going to strain the ability of
service providers to maintain required levels of privacy in the new
work-from-home normal and now in the wake of the current public health crisis,
many businesses have been forced to work remotely. Now more than ever it is critical
that all businesses do their part in securing customer data, employee
operations, and business continuity as best as possible.
For most FSP’s, complying with the POPI Act will require
an analysis of all personal information within the business, where they got it from and what they do with it.
The sections which commenced on 1 July 2020 are
essential parts of the Act and comprise sections which pertain to:
I. Conditions for the lawful processing of personal information;
II. Regulation of the processing of special personal information;
III. Codes of Conduct issued by the Information Regulator;
IV. Procedures for dealing with complaints;
V. Provisions regulating direct marketing by means of unsolicited electronic communication and general enforcement of the act.
POPIA TO-DO LIST FOR FSP’S:
1. Identifying what personal information you are collecting within your business (ID documents, email and physical addresses, telephone numbers etc.)
2. From whom are you collecting this information? (Internal – HR procedures and how you protect and process Employee personal information & External – onboarding information and all information collected to perform a Financial Needs Analysis)
3. Appoint a POPIA Information Officer for your FSP (Formal process and appointment letter to be signed and kept on file)
4. Train all staff on the role of POPIA and the roles they will play to protect client data
5. Where are you storing the information you collected? (PC’s, cloud servers, cupboards - Review all your electronic system and programs that you use to communicate with clients and where you store their information.
6. Who has access to this information? (identify all individuals)
7. Rework communication tools in light of POPI’s direct marketing provisions;
8. Consider consumers’ rights
9. Implement a POPIA policy within your FSP
10. How you will act upon the right to withdraw consent
11. How you will handle client complaints within your FSP
12. Amend all contracts (employee contract and Service Level Agreements) to include POPI compliance clauses.
FSP’s, processes personal information from both
internal and external sources and must ensure that the processing of these is
done in a lawful way.
The Act is fundamental in safeguarding persons' personal information
and thus protecting them against data breaches and theft of personal
information.
-Andrea Venter
The Protection of Personal Information Act (POPIA) is
now in force and have started 1 July 2020. Still, all
businesses including FSP’s will have until 1 June 2021 to
comply and get their businesses POPIA Compliant. The POPI Act gives effect to
section 14 of the Constitution, which provides that everyone has the
right to privacy. The act tries to strike a balance between the right
to privacy and the right for access to information and applies to all local and
foreign companies collecting, using or handling consumers’ personal
information, including names, identity numbers, ages, email and physical addresses.
Regulated by the Information Regulator, the act will be the go-to piece of legislation for consumers when their personal information is abused, or companies don’t protect it sufficiently or demand personal information, such as their ID number, when it’s not necessary.
The fines and penalties for
non-compliance to POPIA vary depending on the type of offence committed, with a
maximum of 10 years imprisonment or a R10m fine.
In a country overwhelmed with crime, South Africa was in need of personal protection policies. For those who feel uncomfortable being forced to have their driver’s license scanned and their car’s number plate photographed, ID numbers and cellphone numbers collected when entering residential or business complexes could now also test the legitimacy of their concerns against the POPI Act with the Information Regulator. Many industry experts see this as an invasion of privacy and a perfect recipe for either cloning your car or identity theft. Manie van Schalkwyk, the executive director of SA Fraud Prevention Service agrees “I totally feel uncomfortable to provide any security company with that information as I am not sure what they are doing to keep secure.”
As SA went into Covid-19 lockdown, many industry
experts said regulations such as the POPIA were going to strain the ability of
service providers to maintain required levels of privacy in the new
work-from-home normal and now in the wake of the current public health crisis,
many businesses have been forced to work remotely. Now more than ever it is critical
that all businesses do their part in securing customer data, employee
operations, and business continuity as best as possible.
For most FSP’s, complying with the POPI Act will require
an analysis of all personal information within the business, where they got it from and what they do with it.
The sections which commenced on 1 July 2020 are
essential parts of the Act and comprise sections which pertain to:
I. Conditions for the lawful processing of personal information;
II. Regulation of the processing of special personal information;
III. Codes of Conduct issued by the Information Regulator;
IV. Procedures for dealing with complaints;
V. Provisions regulating direct marketing by means of unsolicited electronic communication and general enforcement of the act.
POPIA TO-DO LIST FOR FSP’S:
1. Identifying what personal information you are collecting within your business (ID documents, email and physical addresses, telephone numbers etc.)
2. From whom are you collecting this information? (Internal – HR procedures and how you protect and process Employee personal information & External – onboarding information and all information collected to perform a Financial Needs Analysis)
3. Appoint a POPIA Information Officer for your FSP (Formal process and appointment letter to be signed and kept on file)
4. Train all staff on the role of POPIA and the roles they will play to protect client data
5. Where are you storing the information you collected? (PC’s, cloud servers, cupboards - Review all your electronic system and programs that you use to communicate with clients and where you store their information.
6. Who has access to this information? (identify all individuals)
7. Rework communication tools in light of POPI’s direct marketing provisions;
8. Consider consumers’ rights
9. Implement a POPIA policy within your FSP
10. How you will act upon the right to withdraw consent
11. How you will handle client complaints within your FSP
12. Amend all contracts (employee contract and Service Level Agreements) to include POPI compliance clauses.
FSP’s, processes personal information from both
internal and external sources and must ensure that the processing of these is
done in a lawful way.
The Act is fundamental in safeguarding persons' personal information
and thus protecting them against data breaches and theft of personal
information.
-Andrea Venter
The Protection of Personal Information Act (POPIA) is
now in force and have started 1 July 2020. Still, all
businesses including FSP’s will have until 1 June 2021 to
comply and get their businesses POPIA Compliant. The POPI Act gives effect to
section 14 of the Constitution, which provides that everyone has the
right to privacy. The act tries to strike a balance between the right
to privacy and the right for access to information and applies to all local and
foreign companies collecting, using or handling consumers’ personal
information, including names, identity numbers, ages, email and physical addresses.
Regulated by the Information Regulator, the act will be the go-to piece of legislation for consumers when their personal information is abused, or companies don’t protect it sufficiently or demand personal information, such as their ID number, when it’s not necessary.
The fines and penalties for
non-compliance to POPIA vary depending on the type of offence committed, with a
maximum of 10 years imprisonment or a R10m fine.
In a country overwhelmed with crime, South Africa was in need of personal protection policies. For those who feel uncomfortable being forced to have their driver’s license scanned and their car’s number plate photographed, ID numbers and cellphone numbers collected when entering residential or business complexes could now also test the legitimacy of their concerns against the POPI Act with the Information Regulator. Many industry experts see this as an invasion of privacy and a perfect recipe for either cloning your car or identity theft. Manie van Schalkwyk, the executive director of SA Fraud Prevention Service agrees “I totally feel uncomfortable to provide any security company with that information as I am not sure what they are doing to keep secure.”
As SA went into Covid-19 lockdown, many industry
experts said regulations such as the POPIA were going to strain the ability of
service providers to maintain required levels of privacy in the new
work-from-home normal and now in the wake of the current public health crisis,
many businesses have been forced to work remotely. Now more than ever it is critical
that all businesses do their part in securing customer data, employee
operations, and business continuity as best as possible.
For most FSP’s, complying with the POPI Act will require
an analysis of all personal information within the business, where they got it from and what they do with it.
The sections which commenced on 1 July 2020 are
essential parts of the Act and comprise sections which pertain to:
I. Conditions for the lawful processing of personal information;
II. Regulation of the processing of special personal information;
III. Codes of Conduct issued by the Information Regulator;
IV. Procedures for dealing with complaints;
V. Provisions regulating direct marketing by means of unsolicited electronic communication and general enforcement of the act.
POPIA TO-DO LIST FOR FSP’S:
1. Identifying what personal information you are collecting within your business (ID documents, email and physical addresses, telephone numbers etc.)
2. From whom are you collecting this information? (Internal – HR procedures and how you protect and process Employee personal information & External – onboarding information and all information collected to perform a Financial Needs Analysis)
3. Appoint a POPIA Information Officer for your FSP (Formal process and appointment letter to be signed and kept on file)
4. Train all staff on the role of POPIA and the roles they will play to protect client data
5. Where are you storing the information you collected? (PC’s, cloud servers, cupboards - Review all your electronic system and programs that you use to communicate with clients and where you store their information.
6. Who has access to this information? (identify all individuals)
7. Rework communication tools in light of POPI’s direct marketing provisions;
8. Consider consumers’ rights
9. Implement a POPIA policy within your FSP
10. How you will act upon the right to withdraw consent
11. How you will handle client complaints within your FSP
12. Amend all contracts (employee contract and Service Level Agreements) to include POPI compliance clauses.
FSP’s, processes personal information from both
internal and external sources and must ensure that the processing of these is
done in a lawful way.
The Act is fundamental in safeguarding persons' personal information
and thus protecting them against data breaches and theft of personal
information.
-Andrea Venter