Benefits

FSCA Regulation Plan 2022 - 2025

FSCA Regulation Plan 2022 – 2025

Benefits

FSCA Regulation Plan 2022 – 2025

FSCA Regulation Plan 2022 - 2025

The Financial Sector Conduct Authority (‘FSCA’) has published its Regulation Plan (‘Plan’) for the next three years, effective from 1 April 2022 to 31 March 2025.

Purpose of the FSCA Regulation Plan

The Plan seeks to set out the regulations and rules within which financial institutions (including all retirement funds) must operate and for which the FSCA is responsible.

The financial sector is currently in the process of undergoing two major legislative reforms –

The Conduct of Financial Institutions (COFI) Bill will reshape the future conduct regulatory framework by consolidating the conduct financial sector laws into a single overarching piece of conduct legislation, and will also bring a broad scope of new activities within the conduct legislative framework; and

The Financial Markets Act.

Main focus areas of the FSCA Regulation Plan

The focus areas forming part of the Plan are regulatory framework developments related to:
  1. Conduct
  2. Financial markets (integrity and efficiency); and
  3. A number of themes will be cut across all financial institution sectors (some of which are set out below).

Conduct of Financial Institutions Bill (‘COFI Bill’)

The framework envisaged in the Plan will position the FSCA to ensure an efficient transition into the COFI Bill. The framework consists of three phases to be executed concurrently:

PHASE 1: A high level design of the regulatory framework

A consideration of the overall design of the regulatory framework under the COFI Bill, including the structure and how conduct standards will be managed.

PHASE 2: Harmonisation of regulatory frameworks

Based on the need to start harmonising laws administered by the FSCA, the harmonisation project identifies key conduct themes and the subsequent development of cross-cutting (across financial institutions) requirements for each of those themes. The result is a regulatory framework applied to the financial industry as a whole, regardless of the type of financial institution or activity.

PHASE 3: Transition to the COFI Bill framework

the third phase entails a significant redesign of the current regulatory framework[1] and transitioning existing sectoral standards to the COFI Bill framework. All the subordinate legislation (for example, Conduct Standards) currently sitting under all the sectoral laws (for example, the Pension Funds Act) will continue to exist after the COFI Bill has come into operation, even though the laws in terms of which they were made have been repealed until they are replaced by Conduct Standards under the Bill (once promulgated).

Retirement funds

Some of the reporting requirements and formats for retirement funds are outdated. New and revised standards include the following that is in the pipeline:

    • Pension Funds Financial Statements and Regulatory Reporting Standard.
    • Conduct Standard – payment of contributions (section 13A of the Pension Funds Act): this Conduct Standard has already been submitted to Parliament and is expected to be finalised shortly. Regulation 33 of the Pension Funds Act will be repealed at the same time.
    • Conduct Standard – conditions for investment in derivative instruments: a final version of this Conduct Standard will be submitted to National Treasury to provide to Parliament during the third quarter of 2022.
    • Conduct Standard – conditions for living annuities in an annuity strategy: this Conduct Standard is undergoing final refinements and will be submitted to the National Treasury to provide to Parliament during the last quarter of 2022.
    • Conduct Standard – communication of benefit projections to members: this Conduct Standard is undergoing final refinements and it is expected that it will be submitted to the National Treasury to provide to Parliament during the last quarter of 2022.

Other FSCA Sectoral Developments

The FSCA is working on several cross-sector regulatory developments, which will be prioritised in the next three years. These include those set out below.

The FSCA and Prudential Authority (“PA”) are currently developing a high-level Joint Standard relating to culture and governance of financial institutions which will be published for public consultation during 2023.

A draft Joint Standard relating to information technology governance and risk management has been published. The FSCA and PA are busy with final refinements to the Joint Standard, and it is expected that it will be submitted to National Treasury to provide to Parliament by the end of 2022 or beginning of 2023.

The draft Joint Standard relating to cyber security and cyber resilience requirements was published for public comment in December 2021. Further refinement of the Joint Standard is taking place, and it is envisaged that a second version of the draft Joint Standard will be published for public consultation.

The FSCA and PA are also working on other IT-related topics, such as cloud computing and outsourcing of IT functions, which may lead to further proposals for legislation.

The treatment of lost accounts and unclaimed assets in the financial sector remains a significant concern. The FSCA will be developing policy proposals for the treatment of lost accounts and unclaimed assets with the ultimate goal of proposing legislative interventions through a Conduct Standard. Formal draft legislative proposals are expected during the first quarter of 2024 and should be finalised during mid-2025.

To ensure a consistent approach to licensing and in anticipation of the licensing framework under the COFI Bill, the FSCA will be developing cross-sector licensing forms. The cross-sector licensing forms are expected to be finalised during 2023. 

Implementation Timetable

The Plan includes a table that outlines the various projects forming part of the Plan, as well as the implementation timetable of each project.

Importance of the FSCA Regulation Plan

The FSCA’s Plan is important to the industry. Financial institutions and customers require an efficient regulator that delivers and is structurally prepared for the upcoming changes. In addition, understanding the Plan puts financial institutions in a better position to engage with the developments as well as to work the timelines and requirements into plans and projects to ensure compliance with the upcoming developments as and when they are rolled out.

Contact Us

FSCA Regulation Plan 2022 – 2025 Read More »

FSCA Omni-CBR

FSCA Draft Omni-CBR

Benefits

FSCA Draft Omni-CBR

FSCA Omni-CBR

Recently the Financial Sector Conduct Authority (FSCA) published Communication 16 of 2022, about the Omni Conduct of Business Return (Omni-CBR). The roadmap for the roll-out and implementation of the Omni-CBR and the draft Omni-CBR template (an excel spreadsheet) was also published.

FSCA Omni-CBR Communication 2022

The Communication included information about various industry engagements planned by the FSCA to provide explanatory guidance and solicit initial feedback on the draft Omni-CBR template.

YouTube videos (recorded by the FSCA) are available as an introduction to the Omni-CBR. Links to the YouTube videos are contained in the Communication, which is available on the FSCA website.

Written commentary was invited on the draft Omni-CBR template.

What is the Omni-CBR?

The idea is that from a future date most financial institutions (see below) will be required by law to submit online quarterly information to the FSCA. Thus, the term “Omni” as it applies to many types of financial institutions. This provision of information will entail answering questions prescribed by the FSCA. The FSCA will then use the information financial institutions give to them (and other information) to supervise the financial institution in relation to whether it treats its customers fairly and how it conducts itself.

The main supervisory tool

The Omni-CBR will be the main (not the only) supervisory tool for the FSCA to obtain information from financial institutions. It will be compulsory, statutory reporting. It will form the “cornerstone of the FSCA’s off-site supervisory toolkit”.

The following financial institutions will have to submit the Omni CBR quarterly:

FSCA Omni-CBR

Timeline for the implementation of the Omni-CBR

Consultation and implementation of the Omni-CBR will take several years. By June 2026, all the relevant financial institutions will be required to be accurately and fully reporting on a quarterly basis in compliance with the Omni-CBR.

There are implementation steps laid out in the roadmap, including testing and compliance on a best effort basis. The four phases of roll-out are summarised in the roadmap as follows:

FSCA Omni-CBR

What information will financial institutions be required to provide in the Omni-CBR?

The draft excel spreadsheet includes the information that the FSCA requires and can be obtained on the FSCA’s website. This spreadsheet is part of the consultation process and will still, therefore, undergo change. The spreadsheet consists of instructions, a declaration, definitions, a general section (which all the types of financial institutions will answer), customisable sections, and a number of tabs that include questions that are specific to the particular type of financial institution completing the spreadsheet.

The Omni-CBR includes current regulatory requirements as well as new requirements that are still in the pipeline. The FSCA states that the Omni-CBR takes into account key financial sector regulatory reforms currently underway, such as the FSCA’s sector-based regulatory harmonisation project, the Conduct of Financial Institutions Bill, and outstanding proposals from the Retail Distribution Review.

The following are the themes around which information will be requested:

FSCA Omni-CBR

More information on the Omni-CBR categories of information can be found in the videos on the FSCA website.

The information that is required under the Omni-CBR will be refined during the consultation and test phases.

Engaging

The Omni-CBR still has a long way to go. Once finalised, it will become a vital supervisory tool for the FSCA. Thus, it is in the interests of financial institutions and their customers to understand and engage in the Omni-CBR as it is developed and executed. Management information, systems, and reporting will become even more essential for financial institutions. This is particularly true for retirement funds, as this is mostly new reporting for them.

Contact Us

FSCA Draft Omni-CBR Read More »

Medical Insurance that won't break the bank

Medical Insurance that won’t break the bank

Benefits

Medical Insurance that won’t break the bank

Medical Insurance that won't break the bank

The COVID-19 outbreak is a stark reminder of the importance of health care especially for the less fortunate and underprivileged.

Currently, only 9 million of the total South African population of 58 million people are currently covered by medical schemes – 15% of the population. That means 85% of the population had to face this pandemic uncovered and reliant on the public healthcare system!

The COVID- 19 pandemic has also clearly illustrated that employers do have a Duty of Care towards their employees to provide adequate and appropriate health care benefits. However, the problem is that the cost of medical aid is exorbitant, and given the current economic climate, most employers do not have the financial resources to offer such expensive benefits.

Public sector healthcare facilities are poorly managed, under strain, and with the implementation of National Health Insurance still, years away, employers do need to provide some health benefits.

Fortunately, there is an alternative option in the form of primary health-care insurance.

PRIMARY COVER

  • Unlimited GP Visits
  • Specialist Benefit
  • HIV Treatment
  • Pathology & Radiology
  • Optometry & Dental
  • Chronic Medication

ACCIDENTAL COVER

  • Private Hospital Cover for accidents
  • Ambulance Cover
  • Funeral Cover
  • Private Casualty for emergencies
  • Optional pregnancy & childbirth
  • Accidental Death Cover

A SMALL PRICE TO PAY FOR YOUR DUTY OF CARE

Accepted such plans do not afford as comprehensive cover as medical aid,  they do however provide workers with access to unlimited private doctor visits, specialist visits, acute medicines, chronic medication cover, basic tests, optometry, dentistry, emergency services, and private hospital cover for trauma and accidents according to specified limits, at much-reduced contribution rates. Dependent on the plan selected by the employer, these health insurance solutions can be secured for as little as R285 per month.

Salient differences between Health Insurance and Medical Aid

“Health Insurance” and “Medical Aid” are often used interchangeably but they are significantly different. Medical Aid is a more comprehensive form of health cover and the two offerings are subject to different legislation and regulators.

If your employees are among the 85% of the population who are not covered, are you furnishing your Duty of Care? Especially considering the low cost of providing some entry-level health benefits.

If you would like some additional information on the low-cost medical insurance or want a quote, please

Contact Us

Medical Insurance that won’t break the bank Read More »

The Protection of Personal Information Act

The Protection of Personal Information Act

Benefits

The Protection of Personal Information Act

The Protection of Personal Information Act

Finally, as of 1 July 2020, the remaining provisions of the Protection of Personal Information Act (POPIA) have become effective. We all now have one year to reach a state where we are compliant with this legislation. This period could possibly be extended, but we cannot rely on this occurring.

When does POPIA apply?

POPIA applies (with exceptions) to the processing of personal information in a record by, or on behalf of, a responsible party.

It is important to understand the meaning of the words: ‘processing’, ‘personal information, ‘record’, and ‘responsible party.

Personal information is widely defined and includes almost all information about a living, identifiable person (and where applicable juristic persons), including race, gender, pregnancy, marital status,  medical history, contact details, biometric information, their personal opinions amongst other information (note for POPIA purposes, personal information about a deceased person is not personal information). It does not include de-identified information.

Processing is also widely defined and includes almost anything one does with personal information, including, receiving or collecting it, storing it (electronically or physically), filing it, or destroying it.

record means any recorded information regardless of the form in which it is recorded. So a record includes electronic and paper information, x-rays, photos, labels, drawings, graphs, maps, etc which is in the possession of the responsible party (whether or not they created it).

Example

A retirements fund's administrator (operator) processes personal information for and on behalf of a retirement fund (responsible party).

responsible party means the person who determines the purpose and means for processing information. In the retirement funds context, it will be mainly retirement funds (and employers) that are responsible parties. Their service providers, such as administrators and consultants will be operators. Operators process information for, or on behalf of, responsible parties. As an example, a retirement fund determines how its operators will process the personal information of the fund’s members (and others). Thus, the fund enters into an administration agreement with the administrator determining the purposes for which that administrator will process personal information on its behalf.

The Eight Conditions

Responsible parties are required to comply with the Eight Conditions when they process personal information for the first time and every time.  Importantly, they must also ensure that their operators comply with the Eight Conditions. Thus, it becomes important for responsible parties to ensure they are contracting with operators that are POPIA compliant. Many responsible parties will seek to contractually tie in their operators to ongoing POPIA compliance.

While POPIA provides us with Conditions it also provides a number of ‘exceptions’ or ‘authorisations’. If your processing falls into one of these ’exceptions’ or ‘authorisations’ the Condition then does not apply. This makes POPIA fairly complex to implement as one needs to understand the Conditions as well as the ‘exceptions’ or ‘authorisations’ that apply to the Conditions or one of the Conditions.

This does not give us much information about each Condition. It is necessary to dig a little deeper to understand the Eight Conditions. The Eight Conditions consist of more than eight requirements which are just grouped into the Eight Conditions. In the diagram below the number corresponds to the Condition number and there is often more than one requirement per Condition.

So, in more detail, the Eight Conditions with which responsible parties must comply when processing personal information appear below.

*PI refers to Personal Information
**RP refers to Responsible Person

There are more requirements in POPIA than just the Eight Conditions

It is not enough to simply comply with the Eight Conditions. There are many other provisions of POPIA, which we need to understand and with which we need to comply, for example:

  • Children’s information
  • Special personal information
  • Account numbers
  • Direct marketing
  • Prior authorisation of processing
  • Automated processing
  • Information Officers
  • Personal information leaving the country

With the exception of a brief discussion concerning special personal information and Information Officers, we have not discussed these other requirements in this note.

Special personal information

Special personal information is personal information that is very confidential and requires special protection.

The classes of special personal information are:

  • Religious/Philosophical Beliefs
  • Race/Ethnic Origin
  • Trade Union Membership
  • Political Persuasion
  • Health
  • Sex Life
  • Biometric Information
  • Criminal Behaviour

The general rule, under POPIA, is that the responsible party must not process special personal information. However, they may process special personal information if one of the following applies to us:

  • The list of general authorisations that apply to all special personal information (for example they have consent from the data subject or the processing is necessary for the establishment, exercise or defence of a right or obligation in law); or
  • One of the specific authorisations set out in POPIA which applies to a specific class of special personal information applies to the responsible party. For example: for the class of health information, pension funds (and their administrators) may process health information if the processing is necessary for the implementation of laws (e.g. the Pension Funds Act), pension regulations, etc. Thus, if we are a pension fund processing health information because we are required to do so by law, then we may process it.

It is probable that in the future the Information Regulator will consider setting further rules with respect to these specific authorisations, especially with respect to the class of health and sex life.

Information Officers

Every responsible party must have an Information Officer. The Information Officer is automatically the head of a juristic person (like a company or a fund). The head of a juristic person is generally the Chief Executive Officer (CEO) or someone the CEO has authorised to be the Information Officer. In a retirement fund context, this may be the Principal Officer of a fund or whomever the Principal Officer has authorised to hold this position.

Information Officers have to be registered with the Information Regulator and the Information Regulator has issued a draft notice concerning registration requiring these registrations to be done by 31 March 2021 on prescribed forms. The Information Officer can appoint Deputy Information Officers but remains responsible for his/her statutory obligations. Information Officers and Deputy Information Officers must receive appropriate training and keep abreast of the latest developments in POPIA and the Promotion of Access to Information Act.

The draft notice referred to above sets out some of the statutory duties of Information Officers, which are:

  • The encouragement of compliance by the body with the Eight Conditions for the lawful processing of personal information. For example, an Information Officer may develop a policy on how employees should implement the Eight Conditions for the lawful processing of personal information;
  • Dealing with the various requests that can be made to the body pursuant to POPIA. Internal measures are developed together with adequate systems to process requests for or access to information;
  • Submission of a detailed report about requests to the Information Regulator;
  • Working with the Information Regulator in relation to investigations in relation to the body (including prior authorisations);
  • A personal information impact assessment is done to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information;
  • manual is developed, monitored, maintained and made available as prescribed in section 51 of PAIA, as amended by POPIA (this must be provided on request for a fee);
  • compliance framework is developed, implemented, monitored and maintained; and
  • Internal awareness sessions are conducted regarding the provisions of POPIA, regulations made in terms of POPIA, codes of conduct, or information obtained from the Information Regulator.

Implementation

Assuming the Fund is the responsible party, the following actions are required to be compliant with POPIA on an ongoing basis:

1. There must be a written contract between the responsible party and all identified operators to, among other things, ensure that the operator/s establishes and maintains security measures (s19).

2. In terms of S5(a)(i) members must be notified that their personal information is being collected. The member (data subject) has the right to be aware of:

  • the information being collected and where the information is not collected from the data subject, the source from which it is collected;
  • the name and address of the responsible party;
  • the purpose for which the information is being collected;
  • whether or not the supply of the information by that data subject is voluntary or mandatory;
  • the consequences of failure to provide the information;
  • any particular law authorising or requiring the collection of the information.

3. S19 states that the responsible party must review and implement security measures to:

  • Secure integrity and confidentiality of the personal information
  • Take appropriate, reasonable, technical, and organizational measures to: assess risks, implement safeguards, test, and update.

4. Appoint an Information Officer. The default would be that the Principal Officer would be the Information Officer.

Contact Us

The Protection of Personal Information Act Read More »

Paid-up Members and Section 37C lump sum benefits

Paid-up Members and Section 37C lump sum benefits

Benefits

Paid-up Members and Section 37C lump sum benefits

Paid-up Members and Section 37C lump sum benefits

The Financial Sector Conduct Authority (FSCA) on 13 November 2019 issued:

  • FSCA Communication 6 of 2019 (the Communication),
  • Notice of publication of an Interpretation Ruling which contained the draft Interpretation Ruling (the draft Interpretation),
  • An extension notice for compliance with Regulation 38; and
  • A comments template for the draft Interpretation.

The Communication explains the background to the draft Interpretation.

Firstly, what is an Interpretation Ruling?

The idea behind an Interpretation Ruling (which is provided for in the Financial Sector Regulation Act) is that the FSCA, through an Interpretation Ruling, promotes clarity, consistency, and certainty in the interpretation and application of financial sector laws, in this case, the Pension Funds Act.

The FSCA is required to issue a draft of the Interpretation Ruling and call for public comment.

Once an Interpretation Ruling is issued by the FSCA, it must then act in accordance with the Interpretation Ruling until such time, to paraphrase, as a court gives a different interpretation to the Interpretation Ruling or the particular provision of the legislation is done away with. 

Why was the Communication and draft Interpretation issued?

For some time there has been debate around whether or not section 37C applies to the lump sum death benefits of paid-up members and in what circumstances. We are referring to paid-up members as provided for in the default regulations. That is members that have left service of the employer but have not instructed the fund in writing as to payment or transfer of their benefit.

Some of this debate was centered on the conflicting wording of the FSCA and old Financial Services Board notes.

So, the question has arisen: if paid-up members die, must the fund payout lump sum death benefits in terms of section 37C or not? The rules of funds submitted to the FSCA for registration have differed in this regard.

  1. A benefit due to a paid-up member [who has died];
  2. A benefit due to a paid-up member where the fund received written instruction from the paid-up member before they died (to pay or transfer the benefit) but the fund had not yet paid or transferred the benefit before the member died, and
  3. A retirement benefit due and payable to a member but had not yet been paid to the member before the member died.

The above applies whether or not the fund benefit is insured (by the policy of insurance) or not.

Funds will be allowed 6 (six) months from the date of the Interpretation Ruling (whenever it is published in final form) to ensure that their rules comply with the Interpretation Ruling.

Extension Notice

Due to the draft Interpretation not being finalised as yet, the FSCA has given funds an extension for compliance with the preservation and portability default regulations (Regulation 38) until 29 February 2020. The extension appears to only apply to funds that have already submitted rule amendments to comply with the preservation and portability default regulations (Regulation 38). The wording of the extension is a bit confusing, but the above interpretation appears to be the intention.

Contact Us

Paid-up Members and Section 37C lump sum benefits Read More »

COOKIE POLICY

Welcome to our website.

1. Introduction

This Cookie Policy explains how we use cookies and similar technologies on our website axioconsult.com. This policy is designed to help you understand what cookies are, how we use them, and the choices you have regarding their use.

2. What Are Cookies

Cookies are small text files that are stored on your device (computer, tablet, or mobile phone) when you visit certain websites. They are widely used to enhance your online experience by remembering your preferences and actions over time. Cookies are not harmful and do not contain personal information like your name or payment details.

3. How We Use Cookies

We use cookies for various purposes, including:

    • Essential Cookies: These cookies are necessary for the basic functioning of our website. They enable you to navigate our site, use its features, and access secure areas.
    • Analytical/Performance Cookies: These cookies help us understand how visitors use our website. They provide information about which pages are visited most frequently, how long visitors stay on each page, and whether they encounter any error messages. This data helps us improve the performance and usability of our website.
    • Functionality Cookies: These cookies allow our website to remember choices you make (such as your username, language, or region) and provide enhanced, personalised features.
    • Targeting/Advertising Cookies: These cookies are used to deliver advertisements that are relevant to your interests. They may also limit the number of times you see an ad and help measure the effectiveness of ad campaigns.

 

4. Your Cookie Choices

You have the option to manage your cookie preferences. You can usually modify your browser settings to accept, reject, or delete cookies. Please note that if you choose to block or delete cookies, some features of our website may not function properly.

5. Third-Party Cookies

We may allow third-party service providers to use cookies on our website for the purposes outlined in Section 3. These providers may also collect information about your online activities over time and across different websites.

6. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in technology, law, or our data practices. Any changes will become effective when we post the revised policy on our website.

7. Contact Us

If you have any questions about our Cookie Policy or how we use cookies on our website, please contact us at

By continuing to use our website, you consent to the use of cookies as described in this Cookie Policy.