As online communication with clients replaces face-to-face meetings, the risk of fraud, cyber threats and non-compliance with regulation increases.
It is important to decide how you will communicate with your clients, taking into consideration their preferences, ability, technology capability and access to a stable internet connection. Alternative options to face-to-face meetings include email, telephone or cell phone calls. You could also use WhatsApp with its text, call or video call functionality, or make video conference calls using an online platform like Microsoft Teams and Zoom.
When you meet virtually with clients or communicate in one of the alternative electronic ways, it may be a challenge to get documents signed. However, this process can be done electronically too. As electronic signatures are legally recognised, it is therefore no longer necessary to physically print, sign, scan and return signed documents to the sender. The Electronic Communications and Transactions Act of 2002 states that “an electronic signature is not without legal force and effect merely on the grounds that it is in electronic form.”
There are several advantages to signing documents electronically. It reduces paper usage and streamlines processes. It also saves time and money. Furthermore, you have a clear audit trail, as you can track when documents were sent and received, and store them electronically.
By activating two-factor authentication on documents, which require an SMS or One Time Pin (OTP) to access, you can add a level of security to protect the information sent to clients. With increased security, you reduce your risk of data theft. In addition, you are helping to educate clients in the use of technology.
Risk management is essential, especially when conducting business through electronic media. You can further reduce risks by using a password manager application to keep your passwords secure and obtain cyber risk liability insurance. You could also contract with a compliance company that advises specifically on risk, include IT risks in your risk management plan and train employees on how to combat cyber risks.
Data security regulation
It is also advisable to refresh your knowledge and understanding of the Protection of Personal Information Act (POPIA) and the FAIS General Code of Conduct requirements. These are important aspects to keep in mind when dealing with clients’ personal and confidential information.
In terms of the POPIA, personal information is valuable and must be protected, as a client’s data belongs to the client. Personal information should therefore always be used in a fair, reasonable, responsible and secure manner.
According to the FAIS General Code of Conduct, Section 3(3), “A provider may not disclose any confidential information acquired or obtained from a client or, subject to section 4(1), a product supplier in regard to such client or supplier, unless the written consent of the client or product supplier, as the case may be, has been obtained beforehand or disclosure of the information is required in the public interest or under any law.
Furthermore, Board Notice 194 of 2017 states that an FSP must at all times have “adequate storage and filing systems.” If you choose to outsource your record keeping function, consider entering into a Service Level Agreement with the service provider first. This will ensure they comply with the necessary data privacy requirements.
Importance of data privacy
Data privacy is becoming increasingly important, with legislation being developed and implemented across the world. Changes are constant and will also bring ongoing challenges. Embracing technology is a no-brainer, but be careful to do it responsibly. Be sure to implement the risk mitigation actions contained in your risk management plan and ensure that you review these regularly.
At a practical level, always strive to act professionally and with integrity. Treat all information as confidential and seek to stay compliant. Practice good business principles and update your software and antivirus programmes regularly. Furthermore, it is good to check that your Wi-Fi connections are encrypted.
By taking the necessary steps to protect your business data and clients’ data, you will ultimately protect your FSP’s brand.