On 29 March, Masthead hosted a Masterclass in Pretoria. During this event, titled Finding Opportunity in a Changing World, industry experts gave attendees greater insights into how they can successfully navigate important developments affecting FSPs. From advice on how to update your Risk Management and Compliance Programme (RMCP) for when the Financial Services Conduct Authority (FSCA) starts audits this month to why investing in skills will give you an edge, here are some of the main takeaways from the day.
FSCA talks customer due diligence, crypto assets and cybersecurity:
Michele Fourie, FSCA’s Senior Specialist in the FICA Supervision Department, discussed the challenges facing the industry in a digitalised world, and offered five steps that can help resolve these threats as it relates to customer due diligence (CDD). The steps include employing a risk-based approach, obtaining additional information on your customers, analysing the source of funds and ultimate beneficial ownership, implementing transaction monitoring, and additional screening requirements for employees and customers.
Michele stressed that when it comes to updating your RMCP, you have to be very honest and critical with yourself. “You have to look granularly at what you’ve done previously in business risk assessments that worked, what failed, and what you can do better.”
She added that last year’s FICA amendments require accountable institutions (AIs) to review their RMCPs. “We’re starting inspections now afresh in April. If we knock on your door, I can tell you that we’re going to ask for two RMCPs. I’m going to ask you for the one you have now, and I’m going to ask you for the previous one because I want to see whether you are reviewing. I want to see what you’ve changed. I want to see in terms of the FATF [Financial Action Task Force] standards whether your RMCP and business risk assessments are dynamic.”
Johann van der Lith, Regulatory Specialist from FSCA’s Regulatory Frameworks Department, gave insights into last year’s declaration of crypto assets as a financial product, plus how it will be dealt with when COFI repeals the FAIS Act. Currently, what FSPs need to be aware of is the fact that if they provide advice and/or intermediary services in relation to crypto assets, they will have to add it as a sub-category on their existing licence before 30 November 2023.
Johann warned that the definition of crypto assets is quite wide in the current FAIS framework. “That’s where the complexities come in.” Some FSPs may incorrectly think that their services fall outside the scope of the definition, which is why they need to really understand the definition and how it relates to the advice or services they offer.
Andile Mjadu, Senior Manager at the FSCA Regulatory Frameworks Department, covered cybersecurity risks faced by the financial industry, as well as what cybersecurity regulatory developments are expected to come into effect soon.
There are two interlinked standards – the Joint Standard on Cyber Risks and Cyber Resilience and the Joint Standard on IT Risk Management – and both put great emphasis on governance and oversight. Andile explained: “Whether it’s your board or your senior management, they’ve got to take responsibility for cybersecurity, as well as IT Risk Management, and there must be clearly defined roles and responsibilities in an entity.” Organisations must have robust cybersecurity and IT risk management frameworks that they can implement and maintain. In addition, cybersecurity frameworks must comply with an organisation’s operating procedures and be approved by its governing body or management.
The FSCA hopes that a standard on cybersecurity will come into effect by end of this year, however, there will be a 12-month transitional period from the effected date.
How South Africa got on the greylist – and how we can get off it:
Christopher Malan, the Executive Manager for Compliance and Prevention at the Financial Intelligence Centre (FIC), gave an account of how the country went from being a respected member of the FATF to being greylisted by this intergovernmental organisation. He also shone light on what steps the country is taking to get off the greylist, as well as what role FSPs can play in helping this process along.
According to Christopher, the financial sector is doing remarkably well when it comes to reporting suspicious activities that may be related to money laundering and terror financing, but there is room for improvement. “There is a huge amount for you to do to improve on your current systems,” he said, adding that FSPs can do more to understand their business risk, and that they should maintain and increase their FICA compliance. “Improve your RMCPs – and then implement it and ensure that you detect and report. If you can do all of that seamlessly on a risk-based approach collectively, we’ll all be better in your area.”
An area of concern, however, is the registration of new AIs, like high-value good dealers, that were added to the FIC Act on 19 December 2022. “The registration update is still not what it should be. The stats need to look better.”
New AIs are urged to register with the FIC, and this was also communicated in a media release issued by the FIC in March 2023.
Invest in yourself:
One of the main takeaways from the economist Dawie Roodt’s presentation was that most economic activities are taking place in the service part of the economy, including the financial services industry, and that modern economies are more digitised and technologically driven. “[You] need to make sure you have the necessary skills – not qualifications; it’s skills that matter – to participate in this wonderful service industry.” And with a proper computer and internet connection, you can be part of the modern economy and work from anywhere in the world.
Dawie also listed four growth industries: agriculture, education, personalised medicine and wearable devices, and the financial industry. “The world of finance is going to change, and it will be based on blockchain technology.” Because of this, it’s important to understand how cryptocurrencies and the underlying blockchain technology work.
“I’m very excited about the future because it’s going to be a future of plenty. It’s going to be a future of peace, despite what we see every now and then, and it’s going to be a future of real prosperity, but you need to make sure that you can participate in all these amazing things happening in the world,” he concluded.
Compliance is key:
Keith Engel, the CEO of the South African Institute of Tax, gave a very technical discussion about tax considerations on emigration. He explained that as in the financial services sector, compliance is playing an increasingly important role in the tax industry, and people who emigrate – or those who return after working abroad for a couple of years – will need a tax practitioner to help them get their paperwork in order. “SARS [South African Revenue Service] documentation is becoming a bigger thing. It’s increasingly about documentation and compliance.”
He added: “I don’t believe that if you emigrate, you can work it out on your own.” This is because many people don’t keep files or documents, and they’ll need these for when SARS and the revenue service in their new country of residence do a verification audit. “When I say you need a tax preparer, you’re not going there to file a return. You’re going there for the tax pack – all the documentation.”
Masthead’s next Masterclass will take place in Bloemfontein on 22 June 2023. Gqeberha, Cape Town, Johannesburg and Durban will also play host to Masterclass events later in the year, so keep a look out for date announcements.