INF Risk Management (Pty) Ltd

NEW ACCOUNTABLE INSTITUTION (AI) KIDS ON THE BLOCK

Amendments to the Financial Intelligence Centre Act (FICA), as embodied in the General Laws (Anti-Money Laundering and Combating Terrorism Financing) Amendment Act, started to come into effect on 31 December 2022. All the amendments will be in force by 1 April 2023.

Schedule 1 of FICA now lists 23 types of AIs. When reading through the list, remember "person" includes "legal entity". FIC may impose an administrative sanction if the FIC finds that an AI or any person with an obligation to comply with the FIC Act has not complied with the FICA or with a directive issued in terms of the FICA.

Herein the changes made;

ITEM 1/ LEGAL PRACTITIONERS: This scope has been broadened to now include Advocates and Juristic Entities delivering legal services to members of the public. With the re-scoped item 2 (see herein below) Legal Practitioners now will also have to add a second registration as TC Service Providers to their existing registration if applicable.

ITEM 2/ TCSP (TRUST OR COMPANY SERVICE PROVIDERS): A trust and company service provider is any person in the ordinary course of business who assists their client in the creation, operation and management of an external company, a foreign company, a close corporation or a trust. This includes attending to the registration of the business entity with the relevant authority/ies. Organizations that provide the services of a TCSP will be considered AI’s, regardless of whether their employees are auditors, accountants or any other professionals.

ITEM 11/ CREDIT PROVIDERS

(a) A person who carries on the business of a credit provider as defined in the National Credit Act, 2005 (Act 34 of 2005).

(b) A person who carries on the business of providing credit in terms of any credit agreement that is excluded from the application of the National Credit Act, 2005 by virtue of section 4(1)(a) or (b) of that Act.

Listed herein above at (a) is the first category of credit providers, which includes all persons who carry on business as a credit provider as covered by the National Credit Act, 2005 (Act 34 of 2005) (NCA).

In terms of section 1 of the NCA, the definition of credit provider is wide and includes numerous different persons which include:

The party who supplies goods or services under a discount transaction, incidental credit agreement or instalment agreement;

The party who advances money or credit under a pawn transaction;

The party who extends credit under a credit facility;

The mortgagee under a mortgage agreement;

The lender under a secured loan;

The lessor under a lease;

The party to whom an assurance or promise is made under a credit guarantee;

The party who advances money or credit to another under any other credit agreement;

Any other person who acquires the rights of a credit provider under a credit agreement after it has been entered into.

Listed herein above at (b) is the second category of credit providers, which includes all persons who carry on the business of providing credit in terms of any credit agreement that is excluded from the application of the NCA, by virtue of section 4(1)(a) or (b) of the NCA.

This is a very extensive category, and the onus is on the entity to prove that they do not fall within this category.

Below are a few examples of credit providers and credit agreements which will fall within this category of persons;

Clothing store credit providers;

Companies that provide any type of loans to employee/s;

Companies that provide any type of loans to juristic person/s;

Short-term and long-term loans and credit transactions;

Entities that provide incidental credit or Incidental credit agreements;

Microfinance loans;

Small, intermediate and/or large credit agreements;

Low-cost housing loans;

Credit card/s;

Credit overdraft/s;

Unsecured and secured credit agreements;

Credit transactions;

Closed loop and open loop credit facilities;

Retail store card credit facilities;

Credit facility providers;

Revolving credit agreements.

ITEM 20/ HIGH VALUE GOODS DEALERS: This will include a person who carries on the business of dealing in high-value goods in respect of any transaction where such a business receives payment in any form to the value of R100,000 or more. Whether the payment is made in a single operation or in more than one operation that appears to be linked, where “high-value goods” means any item that is valued in that business at R100,000 or more.

“Time is running out for new accountable institutions to register with the FIC”

WHAT DO YOU NEED AS AN ACCOUNTABLE INSTITUTION

A Board resolution appointing an Anti-Money Laundering (AML) Compliance Officer as well as a Deputy Anti-Money Laundering (AML) Compliance Officer if necessary due to the size and complexity of your business;

A Board resolution accepting the obligations as per your personalized RMCP;

Registration at the FIC

A personalized RMCP to fit your specific business needs;

A personalized Risk Based Matrix used as basis to risk rate different client types and conduct CDD;

A Risk Classification used to individually risk rate each different client type

Annual FICA Refresher Training and Testing of all staff members as directed by the FIC

-Andrea Venter

CONTINUOUS PROFESSIONAL DEVELOPMENT (CPD)

CPD is an activity that is required by the FAIS Act to ensure all Representatives keep their skills up to date and relevant. Below we have unpacked the most frequently asked questions on CPD compliance with its answers.

1. DOES EVERYONE HAVE TO DO CPD?

No. Representatives of Category 1 FSPs who ONLY work in the Long-Term Insurance subcategory A and/or Friendly Society benefits, and those who work ONLY in Tier 2 products, and/or those who ONLY render intermediary services in Tier 1 products do not have to do CPD activities. If you give advice in Tier 1 financial products, you have to engage in CPD activities.

2. HOW MANY CPD ACTIVITIES DO I HAVE TO DO?

The minimum requirements depend on the Classes of Business and sub-classes that you work in:

2.1 One subclass only, in a single Class, requires 6 hours CPD during a CPD cycle;

2.2 Two or more subclasses, in a single Class, require 12 hours CPD during a CPD cycle;

2.3 If you work in two or more Classes of Business you have to do 18 hours of CPD per cycle.

3. HOW LONG IS A CPD CYCLE?

12 months, starting on 1st June each year and running until 31st May the following year.

4. WHAT COUNTS AS A CPD ACTIVITY?

Anything that is relevant to maintaining and building knowledge, skills, expertise and ethical standards. It has to be accredited by a Professional Body that confirms that the activity can be verified – which means proof of the identity of the person completing it, and proof that it was completed. The Professional Body gives the activity a value in hours.

4.1 I am studying for a qualification. Can this count as time for CPD purposes?NO.

Activities performed towards a qualification do not count.

4.2 I am under supervision until I pass the RE5 examination for representatives. Do I have to complete CPD’s as well? NO.

CPD obligations will only start once you have achieved competence by passing the RE5 examination.

4.3 I attended a workshop to prepare me to write and pass the RE5 examination. Does this count towards CPD’s? NO.

Training undertaken during your time under supervision does not apply

4.4 My employer organizes sessions which count for CPD points: do those count?The Authority (FSCA) requires CPD activities to have hour values which need to be verified by a professional body.

4.5 I was under supervision until the end of August. When do I start CPD, and how many hours must I do?CPD hours are not done while under supervision because you are still working towards meeting the competency requirements.Your CPD obligation would have started as soon as you were fully competent – from 1st September on wards. The minimum number of hours you have to complete by the end of the cycle is adjusted pro rata according to the time left in the cycle when you started.

EXAMPLE: If your work would usually require 18 CPD hours, then the adjustment would be 18 ÷ 12 (giving hours per month) 1.5 x 9 (Sep to May, remaining months) = 13.5 hours.

4.6 I am a Key Individual for my FSP. Do I have to do CPD? YES.

The minimum hours of CPD that you have to record depends on the Classes of Business and the sub classes that you manage or oversee, just as for a Representative.

4.7 I am going to attend a study course for the RE1 examination for Key Individuals. Does that count towards CPD hours? YES, as long as the programme is accredited by a Professional Body.

4.8 I attended a half-day product training session for a new product introduced by an Insurer. How many hours CPD can I record for that? NONE.

Product specific training does not count towards CPD.

5. WHO IS RESPONSIBLE FOR MAKING SURE THAT CPD ACTIVITIES ARE COMPLETED?

Each Representative, Key Individual or Natural person FSP must ensure that a suitable range of CPD activities is completed each cycle and that at least the minimum number of hours is recorded per CPD cycle. The individual must keep a record of the activities that he or she completed in a competence register. The FSP must have policies and procedures that set out how these requirements will be met and must administer the CPD process.

-Andrea Venter

PI COVER: HOW MUCH IS ENOUGH?

It is compulsory in terms of the Financial Advisory and Intermediary Services act of 2002 (FAIS Act) for all Financial Services Providers (FSPs) to have Professional Indemnity (PI) cover. The FAIS Act stipulates that FSPs should have a suitable level of PI insurance in place.

It is the duty of the FSP to assess the risk associated with their own professional services and also to determine what level of cover is required over and above the minimum levels set

MINIMUM LEVELS:

þ CAT I OR IV (FSP RECEIVES CLIENT FUNDS)

Suitable guarantee of minimum of R1 million or PI and Fidelity cover minimum R1 million

þ CAT II (FSP DOESN’T RECEIVE CLIENT FUNDS)

Suitable guarantee of minimum of R1 million or PI cover minimum R1 million

þ CAT II (FSP RECEIVES CLIENT FUNDS)

Suitable guarantee of minimum of R5 million or PI and Fidelity cover minimum R5 million

þ CAT IIA (FSP DOESN’T RECEIVE CLIENT FUNDS)

Suitable guarantee of minimum of R5 million or PI cover for a minimum R5 million

þ CAT IIA (FSP RECEIVES CLIENT FUNDS)

Suitable guarantee of minimum of R5 million or PI and Fidelity cover minimum of R5 million

þ CAT III

Suitable guarantee of minimum of R5 million or PI and Fidelity cover minimum R5 million

FSPs require PI cover in order to protect themselves against unforeseeable and unexpected PI exposures. PI cover is intended to protect FSPs against legal costs and claims for damages to third parties which may arise out of an act, omission or breach of professional duty in the course of its business. PI risk exposures stem from the provision of professional advice to insurance policy holders such as individuals and businesses. The FSPs PI cover will protect against; Negligent errors, negligent omissions; Negligent wrongful acts; Negligent breach of professional duty or contracts; Breach of respective warranty; Breach of trust committed in good faith; Defamation or injuria; Loss or damage to any documents; Related defense costs and any other costs incurred in mitigating or preventing a claim that is likely to occur.

If an incident were to occur that results in a financial loss to a third party, and legal action is taken against your FSP to recover losses, your PI insurance will protect both the assets and reputation of your FSP.

The most important aspect to consider when taking out PI cover is to determine whether the minimum cover will be sufficient. Considering the number of complaints that are being heard by the FAIS Ombud, it becomes apparent that South African consumers are very keen to take FSPs to court if they feel they are not being treated fairly. Our society is a lot more litigious than we both like to believe, or remember. Insurance and Financial products are multifaceted and there will be a time when not all exclusions, definitions or some minor details are explained to a consumer, then Murphy’s Law interjects, and your PI cover comes into play. The cover will ensure that you are guided accordingly and legal advice is provided should you need to be defended.

The requirement for how much you may need when that gloomy day should come, may not be sufficient. As the claim’s frequencies are becoming higher and the severity of these claims are also increasing, having adequate PI cover has become overpoweringly important. More claims result in more litigation between parties but the defense costs are covered by your PI policy, but are limited to the amount of cover you have purchased. Litigation usually consumes a huge amount of the limit available to the FSP and this could leave you underinsured for a certain portion of the loss incurred.

HOW MUCH PI COVER IS ENOUGH? WHICH FACTORS DO YOU NEED TO CONSIDER?

1. SIZE OF YOUR BOOK:

This is the first point of reference. Does your FSP advise 10, 100 or 1000 clients? How many individual policies does your FSP have on its books? The question is really relating to how many times your FSP could potentially be, or have given negligent advice. The probability increasing with the greater the number of clients your FSP has, and the greater the number of products your FSP advises those clients on.

2. COMPLEXITY OF FINANCIAL PRODUCTS:

All insurance products and investment schemes have a degree of difficulty to them, some more than others. Some products may be less frequently dealt with and here you will need to make sure you are updated with the latest developments. It is vital that you remember that a potential claim may arise from how well your client understood the financial product and as an intermediary providing financial advice and intermediary services, the responsibility falls upon your shoulders to ensure you explain to your clients what they are buying into. Therefore, it is expected that each representative within the FSP is capable in respect of giving advice on the products or investments being sold.

3. SUM INSURED:

The question here is would your PI Cover amount be sufficient to cover a PI claim. In this regard the idea is to ensure that the PI limit that your FSP has, is sufficient enough to cover the highest limit of indemnity that your FSP has brokered or highest value of investment placed after considering all other factors described above.

4. NATURE OF THE FINANCIAL SERVICES:

Do you render financial advice and/or intermediary services or only one of the two? The answer to this question is important especially when you need to determine whether the claim is as a result of incorrect advice being given, or the correct advice being given, but your FSP failed to render the correct documents to the third parties insurers. The discretionary mandate that your FSP has been given by a client is also a very important consideration here. Ensuring that your FSP does not act outside of this mandate, or does not fulfil all the requirements of this mandate is crucial.

5. DEGREE OF RISK INVOLVED:

The degree of the risk involved really relates to all of the above factors when deciding on whether or not your FSP is adequately protected against the risks involved.

IN SUMMARY, WHEN AN FSP REVISITS ITS PI COVER ON ITS FSP, IT IS WELL WORTH CONSIDERING AND EVALUATING ALL THESE FACTORS FIRST TO ENSURE THAT YOU ARE SUFFICIENTLY PROTECTED

-Andrea Venter

FSP ADVERTISING REQUIREMENTS

ADVERTISING REQUIREMENTS AS PER AMENDED GENERAL CODE OF CONDUCT

Section 14 of the GCOC contains details regarding advertising principles, requirements and standards.

DEFINITION OF ADVERTISEMENT has been substituted with a broader definition, in particular to include

“any communication published through any medium and in any form, by itself or together with any other communication…” and therefore any advertisement that intends to create public interest in your business, including “brand awareness” will be covered by the Advertising requirements in the Code.

“The new requirements, seek to ensure that clients are not subjected to aggressive, misleading, or unwanted marketing and are able to make informed decisions”>

The key changes on advertising requirements as follows;

KI or Senior Management must have a documented process and procedure to approve advertisements;
Advertisements must be factually correct, clear, accurate, balanced, and not misleading;
Advertisement must use plain language;
Advertisement must not criticize/belittle any financial product, financial service, product supplier or provider;
FSP must keep records of all advertisements for a period of at least 5 years after publication;
References to statistics, performance data, achievements/awards must disclose the source and date thereof, and the associate or product supplier who granted the award;
References to premiums or periodic investment amounts must include the escalation rate/ basis and the period for which a premium is guaranteed;
Advertisements must indicate all key limitations, exclusions, risks and charges related to the financial product, financial service or related service. If not practically available then it should clearly state where the available information can be found;
Client must be given the opportunity to demand that he/she does not receive any further advertisements through any of the direct mediums;
Advertisements that include puffery (exaggerated opinion of quality) must be consistent with the provisions relating to puffery in the Code of Advertising Practice Issued by the Advertising Regulatory Board;
Endorsements and testimonials must be based on genuine opinion and actual experience;
Realistic impression must be given of the overall fees, costs and any indirect charges.
Clients must be in a position to understand exactly what services they are paying for. No loyalty benefit (cash back bonus) should create the impression that it is free;
No projected benefits may be included in advertisements, if the benefits depend on future unknown investment performance, unless used to demonstrate the benefits of savings in general.

At INF Risk Management we will assist you with an Advertising Policy and Procedure together with an Advertising Approval form ensuring that advertisements are compliant with the Amended Code.

-Andrea Venter

COMPLAINTS MANAGEMENT AMENDMENTS

COMPLAINTS MANAGEMENT AS PER AMENDED GENERAL CODE OF CONDUCT

The recent amendments to the FAIS General Code of Conduct aligns the codes with other legislation, like Treating Customers Fairly (TCF). One of the amendments focuses on complaints management and prescribes how to deal with client complaints to ensure actions taken are in a client’s best interest.

TCF OUTCOME 6

“The customers should not face unreasonable post sale barriers to change a product, switch a provider, submit a claim or LODGE A COMPLAINT”

“COMPLAINT” is defined as an expression of dissatisfaction by a person to an FSP, relating to financial product / service where a provider;

• has contravened or failed to comply with a provision of the FAIS Act and that as a result thereof the complainant has suffered or is likely to suffer financial prejudice or damage; or

• has willfully or negligently rendered a financial service to the complainant which has caused prejudice or damage to the complainant or which is likely to result in such prejudice or damage; or

• has treated the complainant unfairly

There are 9 COMPLAINTS CATEGORIES, but FSPs are encouraged to consider additional categories relevant to their own business.

Recent changes as follows;

√ Ensure the complaints process does not impose unreasonable barriers on complainants.

√ Document the complaints management process, with clear responsibilities, objectives and principles.

√ Document all complaints, with the risk identified and action taken in a complaints register (to be as detailed as possible)

√ Keep accurate, efficient and secure records of inter alia;

- the number of complaints received and upheld;

- escalated complaints;

- Complaints referred to the Ombud;

- The amount paid for compensation;

- The number of complaints that are still outstanding;

- Communication with all parties affected, including the Ombud who has jurisdiction over the matter.

At INF Risk Management we will assist you with the drafting of a Complaints Management Framework together with a Complaints Register ensuring that any complaints received are handled fairly in your FSP.

Remember to keep in mind the link between all COMPLAINTS and the 6 TCF OUTCOMES!

-Andrea Venter

The Protection of Personal Information Act (POPIA) is now in force and have started 1 July 2020. Still, all businesses including FSP’s will have until 1 June 2021 to comply and get their businesses POPIA Compliant. The POPI Act gives effect to section 14 of the Constitution, which provides that everyone has the right to privacy. The act tries to strike a balance between the right to privacy and the right for access to information and applies to all local and foreign companies collecting, using or handling consumers’ personal information, including names, identity numbers, ages, email and physical addresses.

Regulated by the Information Regulator, the act will be the go-to piece of legislation for consumers when their personal information is abused, or companies don’t protect it sufficiently or demand personal information, such as their ID number, when it’s not necessary.

The fines and penalties for non-compliance to POPIA vary depending on the type of offence committed, with a maximum of 10 years imprisonment or a R10m fine.

In a country overwhelmed with crime, South Africa was in need of personal protection policies. For those who feel uncomfortable being forced to have their driver’s license scanned and their car’s number plate photographed, ID numbers and cellphone numbers collected when entering residential or business complexes could now also test the legitimacy of their concerns against the POPI Act with the Information Regulator. Many industry experts see this as an invasion of privacy and a perfect recipe for either cloning your car or identity theft. Manie van Schalkwyk, the executive director of SA Fraud Prevention Service agrees “I totally feel uncomfortable to provide any security company with that information as I am not sure what they are doing to keep secure.”

As SA went into Covid-19 lockdown, many industry experts said regulations such as the POPIA were going to strain the ability of service providers to maintain required levels of privacy in the new work-from-home normal and now in the wake of the current public health crisis, many businesses have been forced to work remotely. Now more than ever it is critical that all businesses do their part in securing customer data, employee operations, and business continuity as best as possible.

For most FSP’s, complying with the POPI Act will require an analysis of all personal information within the business, where they got it from and what they do with it.

The sections which commenced on 1 July 2020 are essential parts of the Act and comprise sections which pertain to:

I. Conditions for the lawful processing of personal information;

II. Regulation of the processing of special personal information;

III. Codes of Conduct issued by the Information Regulator;

IV. Procedures for dealing with complaints;

V. Provisions regulating direct marketing by means of unsolicited electronic communication and general enforcement of the act.

POPIA TO-DO LIST FOR FSP’S:

1. Identifying what personal information you are collecting within your business (ID documents, email and physical addresses, telephone numbers etc.)

2. From whom are you collecting this information? (Internal – HR procedures and how you protect and process Employee personal information & External – onboarding information and all information collected to perform a Financial Needs Analysis)

3. Appoint a POPIA Information Officer for your FSP (Formal process and appointment letter to be signed and kept on file)

4. Train all staff on the role of POPIA and the roles they will play to protect client data

5. Where are you storing the information you collected? (PC’s, cloud servers, cupboards - Review all your electronic system and programs that you use to communicate with clients and where you store their information.

6. Who has access to this information? (identify all individuals)

7. Rework communication tools in light of POPI’s direct marketing provisions;

8. Consider consumers’ rights

9. Implement a POPIA policy within your FSP

10. How you will act upon the right to withdraw consent

11. How you will handle client complaints within your FSP

12. Amend all contracts (employee contract and Service Level Agreements) to include POPI compliance clauses.

FSP’s, processes personal information from both internal and external sources and must ensure that the processing of these is done in a lawful way.

The Act is fundamental in safeguarding persons' personal information and thus protecting them against data breaches and theft of personal information.

-Andrea Venter

The fines and penalties for non-compliance to POPIA vary depending on the type of offence committed, with a maximum of 10 years imprisonment or a R10m fine.

For most FSP’s, complying with the POPI Act will require an analysis of all personal information within the business, where they got it from and what they do with it.

The sections which commenced on 1 July 2020 are essential parts of the Act and comprise sections which pertain to:

I. Conditions for the lawful processing of personal information;

II. Regulation of the processing of special personal information;

III. Codes of Conduct issued by the Information Regulator;

IV. Procedures for dealing with complaints;

V. Provisions regulating direct marketing by means of unsolicited electronic communication and general enforcement of the act.

POPIA TO-DO LIST FOR FSP’S:

1. Identifying what personal information you are collecting within your business (ID documents, email and physical addresses, telephone numbers etc.)

FSP’s, processes personal information from both internal and external sources and must ensure that the processing of these is done in a lawful way.

The Act is fundamental in safeguarding persons' personal information and thus protecting them against data breaches and theft of personal information.

-Andrea Venter

The fines and penalties for non-compliance to POPIA vary depending on the type of offence committed, with a maximum of 10 years imprisonment or a R10m fine.

For most FSP’s, complying with the POPI Act will require an analysis of all personal information within the business, where they got it from and what they do with it.

The sections which commenced on 1 July 2020 are essential parts of the Act and comprise sections which pertain to:

I. Conditions for the lawful processing of personal information;

II. Regulation of the processing of special personal information;

III. Codes of Conduct issued by the Information Regulator;

IV. Procedures for dealing with complaints;

V. Provisions regulating direct marketing by means of unsolicited electronic communication and general enforcement of the act.

POPIA TO-DO LIST FOR FSP’S:

1. Identifying what personal information you are collecting within your business (ID documents, email and physical addresses, telephone numbers etc.)

FSP’s, processes personal information from both internal and external sources and must ensure that the processing of these is done in a lawful way.

The Act is fundamental in safeguarding persons' personal information and thus protecting them against data breaches and theft of personal information.

-Andrea Venter