Act no: 37 of 2002

Type: Combination of Rules-based and Principle-based

Purpose: To regulate the rendering of financial advisory and intermediary services to clients, ensuring consumer protection and professional conduct within the financial services industry. While it contains specific, prescriptive requirements, it also relies on principles to guide conduct and allow for flexibility based on the size and complexity of financial services providers (FSPs).

All financial services providers (FSPs), their representatives, and key individuals who render financial advisory and intermediary services to clients.

Financial advisors, insurance brokers, investment managers, crypto asset service providers, and fintech platforms operating in South Africa.

• Use of Appropriate Technology: FSPs must use suitable technological systems to ensure proper performance of professional activities and to protect client funds and transaction documentation [Section 16(2), FAIS Code of Conduct]
• Governance Framework: FSPs must implement a governance framework with adequate systems of corporate governance, risk management, and internal controls, including cybersecurity measures [Section 37, Board Notice 194 of 2017]
• Electronic Data Security: FSPs must establish systems and procedures to safeguard the security, integrity, and confidentiality of information, including electronic data [Section 37, Board Notice 194 of 2017]
• Compliance Officer Systems: External compliance officers must demonstrate operational ability, including data access controls and electronic data security measures [Section 3(2)(b), Board Notice 127 of 2010]

The Registrar may impose administrative penalties on FSPs for non-compliance with the Act. [Section 36(1)]

An individual who contravenes or fails to comply with certain provisions of the Act may be liable on conviction to a fine not exceeding R1,000,000 or to imprisonment for a period not exceeding 10 years, or to both such fine and imprisonment. [Section 37(1)]

The Registrar has the authority to suspend or withdraw the authorization of an FSP that fails to comply with the Act. [Section 9(1)]

Any consumer who suffers harm because of the actions or inactions of an FSP or Intermediary that results in a significant financial loss can lodge a complaint to the FAIS Ombudsman. Customers can complain to the FAIS Ombud for any number of reasons. For example, if an FSP or Intermediary does not provide adequate care in securing customer data to protect it from harm, it can result in a complaint.

Trust in an organisation and its brand can be significantly damaged, leading to the potential loss of customers, contracts, and licence eligibility.

CyberProfiler: Your External Vulnerability Scan

Performs a safe, external scan of your public digital footprint to detect security weaknesses visible to attackers.

• Use of Appropriate Technology: Supports the use of appropriate technological systems to perform professional activities securely [Section 16(2), FAIS Code of Conduct]
• Governance Framework: Helps identify external risks, supporting an FSP’s risk management and cybersecurity framework [Section 37, Board Notice 194 of 2017]
• Compliance Officer Systems: Aids compliance officers in evaluating and documenting external risk exposure and cyber controls [Section 3(2)(b), Board Notice 127 of 2010]

DMARC: Stop Email Spoofing and Protect Your Brand

Enforces domain-based email authentication to block spoofing, stop phishing, and boost email deliverability.

• Use of Appropriate Technology: Ensures secure email infrastructure as part of proper professional performance [Section 16(2), FAIS Code of Conduct]
• Electronic Data Security: Enhances the confidentiality and integrity of email systems, a key component of data security frameworks [Section 37, Board Notice 194 of 2017]
• Compliance Officer Systems: Supports compliance officers in implementing data security measures, particularly for email communications [Section 3(2)(b), Board Notice 127 of 2010]

• Gov.za: Financial Advisory and Intermediary Services Act 37 of 2002
• FSCA: Legislation Administered by the FSCA

(Links verified and active as of May 2025)