EXPLANATORY NOTES
OPERATIONAL ABILITY AND FINANCIAL SOUNDNESS
A FSP must satisfy the registrar that the FSP complies with the fit and proper requirements in respect of:
- personal character qualities of honesty and integrity;
- the competence and operational ability of the FSP to fulfil the responsibilities imposed by the Act; and
- the FSP’s financial soundness
Where the FSP is a partnership, a trust or a corporate or unincorporated body, the FSP must, in addition, satisfy the registrar that any key individual in respect of the FSP complies with the requirements in respect of:
- personal character qualities of honesty and integrity; and
- competence and operational ability, to the extent required in order for a key individual to fulfil the responsibilities imposed by the Act.
In addition a FSP must at all times be satisfied that the FSP’s representatives, and key individuals of such representatives are also fit and proper and take such steps as may be reasonable in the circumstances to ensure that representatives comply with the applicable code of conduct as well as with other applicable laws on conduct of business .
An FSP must have:
- a fixed business address;
- adequate access to communication facilities including at least a fulltime telephone or cell phone service, and typing and document duplication facilities;
- adequate storage and filing systems for the safe-keeping of records, business communications and correspondence; and
- an account with a registered bank including, where required by the Act, a separate bank account for client funds.
The above requirements need no further explanation.
Financial Intelligence Centre Act
An FSP that is an accountable institution as defined in the Financial Intelligence Centre Act, 2001, must have in place all the necessary policies, procedures and systems to ensure full compliance with that Act and other applicable anti-money laundering or terrorist financing legislation.
Service Level Agreements
If a FSP utilises a third party to render administrative or system functions in relation to the rendering of financial services on its behalf it must have in place a detailed service level agreement, specifying the agreed services, time standards, roles and responsibilities and any penalties that might be applicable.
Although this specifically mentions administrative and systems functions, it extends to all ancillary services which directly relate to the provision of financial services. Therefore FSP’s that provide a ‘placing’ service to other FSP’s must have some form of service level agreement in place. This agreement should be quite clear as to which party is responsible for which sections of the code of conduct. Clearly the placing broker is offering an intermediary service only, and the regulations in sections 8 & 9 of the code of conduct (see lesson 11) must be properly followed by the appointed retail broker. The client must be made aware of the responsibilities of all parties, and it is the duty of the placing broker to ensure that this is properly done.
Internal Control Structures
An FSP must ensure that internal control structures, procedures and controls are in place which include at the least the following
Segregation of duties and roles and responsibilities where such segregation is appropriate from an operational risk mitigation perspective
We have already mentioned that some form of SLA has to be in place between a placing broker and a retail broker. In some cases, however, there are a number of ‘intermediaries’ involved in one transaction. A data base, for example, belonging to a brand owner could be used by a telesales company to sell a product, who in turn uses a retail broker to provide advice and who places the risk through an underwriting management company.
Clearly the client will be confused unless an appropriate explanation is provided, which must be supported by written contracts or agreements between the parties concerned.
Application of logical access security, access rights and data security on electronic data and physical security of the provider’s assets and records
It is essential that criminal activities in the information and communication technology environment be minimised, and that sensitive information in computer-based systems be safeguarded. This requires controlled access to networks and to shared data resources both in the private and public sectors.
There have been enormous losses suffered from crimes such as identity fraud and FSP’s are required to ensure that they are doing everything possible to eliminate the possibility of personal information being lost or stolen because of poor computer security.
There is a growing interest in the convergence of physical and logical access control as more companies and organisations realise the importance of securing not only physical access to computers, but also the data-sensitive information contained within. The convergence market is expected to grow at a phenomenal rate over the next five years as enterprise risk management points more companies to greater security efficiencies and effectiveness, and FSP’s are expected to be among the leaders in this respect.
Documentation relating to business processes, policies and controls, and technical requirements
All FSP’s are required to have written policies and procedures in place so that should a given event occur, a procedure to address the event is available.
Business Processes should be documented separately and be available to all persons who need to make reference to them during their normal course of employment.
Over and above this, there should be a financial and/or business plan which clearly identifies risks that the business may have to face and the proposed management thereof.
System application testing and disaster recovery and back-up procedures on electronic data, where applicable
This needs no further explanation. Nevertheless there should be a documented procedure as well as a management oversight policy.
Appropriate training for all key individuals and/or representatives regarding the requirements of the Act
Proper training is a key ingredient to ensuring a professional approach to the provision of advice and intermediary services. Every practitioner in the financial services sector should understand and comply with the specific regulation that applies to his/her specific duties. Compliance requirements originate in many different places from a variety of triggers, an example being internally driven initiatives which, in the absence of regulatory training, can negatively impact on the entire organization.
Training for all key individuals and/or representatives regarding the giving of advice and/or rendering of intermediary services by the provider
Although representatives may be experts in their field, nevertheless the large number of complaints that are lodged with the FAIS Ombud each year suggests that representatives do not always follow the correct procedure as demanded by the code of conduct.
A business continuity plan
A business continuity plan is not a single unified plan. It is a set of specialised team plans documenting the backup and continuity strategies decided upon, based on the company's needs collected through a strategy meeting or other method, and listing the actions required to implement that strategy to re-create/restore/relocate a business.
There are several types of plans, each with some differences in content. Each includes only that information necessary for that team to accomplish its functions such as IT recovery plans, business unit plans, logistics / communication plans and overall coordination.
In the financial services sector, there is an additional issue to address. Many companies have adequate top management resources, but the smaller the businesses the more difficult it becomes to ensure continuation. A key individual is the ‘trigger mechanism’ by which financial services can be provided. If there is only one key individual and something happens to that key individual, services will have to be suspended until another Key Individual has been approved. This could take many months and could be devastating for the business.
A business continuity plan taking cognizance of this latter issue, in writing, has to be kept so that it is readily accessible to an appointed caretaker.
System controls and compliance measures
An FSP must ensure that the necessary system controls and compliance measures are in place to manage and monitor the relevant system(s) in use.
Financial and system procedures
An FSP must record all financial and system procedures to ensure that the FSP is able to report in terms of applicable accounting requirements.
Section 19 of the FAIS Act deals with the accounting requirements and demands that an FSP must:
- maintain full and proper accounting records on a continual basis, brought up to date monthly;
- annually prepare, in respect of the relevant financial year of the FSP, financial statements reflecting -
(i)the financial position of the entity at its financial year end;
(ii)the results of operations, the receipt and payment of cash and cash equivalent balances;
(iii)all changes in equity for the period then ended, and any additional components required in terms of South African Generally Accepted Accounting Practices issued by the Accounting Practices Board or International Financial Reporting Standards issued by the International Accounting Standards Board or a successor body; and
(iv)a summary of significant accounting policies and explanatory notes on the matters referred to in paragraphs (i) to (iii);
- cause the statements referred to above to be audited and reported on in accordance with auditing pronouncements as defined in section 1 of the Auditing Professions Act, 2005 (Act No. 26 of 2005) by an external auditor approved by the registrar and must-
(i)fairly represent the state of affairs of the FSP’s business;
(ii)refer to any material matter which has affected or is likely to affect the financial affairs of the FSP; and
(iii)be submitted by the FSP to the registrar not later than four months after the end of the FSP’s financial year or such longer period as may be allowed by the registrar.
- maintain records in respect of money and financial products held on behalf of clients, and must, in addition to and simultaneously with the financial statements submit to the registrar a report, by the auditor who performed the audit, which confirms, in the form and manner determined by the registrar by notice in the Gazette for different categories of financial services providers-
(a)the amount of money and financial products at year end held by the FSP on behalf of clients;
(b)that such money and financial products were throughout the financial year kept separate from those of the business of the FSP, and report any instance of non-compliance identified in the course of the audit and the extent thereof; and
(c)any other information required by the registrar.
- not change a financial year end without the approval of the registrar.
General administration
An FSP must have general administration processing, accounting transactions and risk control measurements in place to ensure accurate, complete and timeous processing of data, information reporting and the assurance of data integrity.
Insurance protection and guarantees
An FSP must maintain in force suitable guarantees or professional indemnity insurance or fidelity insurance cover to cover the risks of losses due to fraud, dishonesty or negligence.
Key individuals
A key individual must have and be able to maintain the operational ability to fulfill the responsibilities imposed by the Act on FSPs, including oversight of the financial services (regarding the giving of advice and rendering of intermediary services) provided by the representatives of the FSP.
Financial Soundness
It is argued that an FSP can hardly look after the financial products of a client unless it can prove that it has total control over its own finances. For this reason an FSP cannot be an un-rehabilitated insolvent or under liquidation or in provisional liquidation.
There are two types of FSP’s, being those that collect premium or hold funds for clients and those that do not.
A FSP that does not hold client assets or receive premiums or money must comply with the requirement that the assets of the FSP (excluding goodwill, other intangible assets and investments in related parties) must at all times exceed the FSP's liabilities (excluding loans validly subordinated in favour of all other creditors).
An FSP that holds client assets or receive premiums or money must at all times comply with the following requirements:
- The assets of the FSP (excluding goodwill, other intangible assets and investments in related parties) must exceed the FSP's liabilities (excluding loans validly subordinated in favour of all other creditors);
- The FSP must maintain current assets which are at least sufficient to meet current liabilities; and
- The FSP must at all times maintain liquid assets equal to or greater than 4/52 weeks of annual expenditure.
In respect of the last requirement, the expenditure relates to fixed or standing costs, and will not refer to cost of sales.
A FSP must submit its financial papers to the FSB within four months of its financial year end.
1