Your basket is currently empty!
The Financial Advisory and Intermediary Services (FAIS) Act regulates and guides how Financial Service Providers (FSPs) should conduct their business activities and everyday relations with their customers. All FSPs who give financial advice or provide intermediary services to their customers must comply with the FAIS Act and its accompanying secondary regulations. The accompanying regulations are issued in the form of Board Notices, from time to time, by the Financial Sector Conduct Authority (FSCA) and are equally binding. In this summary, we also highlight relevant Board Notices issued in terms of the FAIS Act.
Base of law
Principle-based
ARMD.digital product match
Objectives of the Act
The objective of the FAIS Act is to protect all consumers who use financial products and services. It also ensures that any FSP that provides financial advice when selling a financial services product does so in line with the prescripts of the Act and its regulations.
For example, the Act helps ensure that FSPS provide consumers with comprehensive information about a financial product they plan to purchase. The Act also ensures that FSPs disclose material information about the financial product and the financial institution that sells them.
Who does it affect?
The Act has a high impact on FSPs and Intermediaries.
- An FSP is any person who renders financial advice.
- An Intermediary is any person who acts as an intermediary between a consumer and a financial services product supplier. In this scenario, the customer does not deal with the product supplier at all.
Relevant sections
Section 16 | Principles Of Code Of Conduct
Section 16(2) provides that the Code of Conduct must contain provisions relating to, among others, proper safe-keeping, separation and protection of funds and transaction documentation of clients.
This section also stipulates that FSPs and intermediaries must use resources, procedures and appropriate technological systems to perform their professional activities properly.
Relevant Board Notices issued in terms of the FAIS Act
Board Notices are issued by the Financial Sector Conduct Authority (FSCA) from time to time and the ones we’ve identified as relevant are listed here.
Board Notice 194 Of 2017 | Determination Of Fit And Proper Requirements For Financial Services Providers
Section 37 | Governance Requirements
An FSPs governance framework must include effective and adequate systems of corporate governance, risk management and internal controls that include risk management policies, procedures, and systems. The framework must also include:
- effective procedures for risk assessment, which identify the risks relating to the FSP’s activities, processes and systems, and where appropriate, set the level of risk tolerated by the FSP;
- systems and procedures that are adequate to safeguard the security, integrity, and confidentiality of information, including electronic data security and internal and external cybersecurity.
Board Notice 127 Of 2010 | Qualifications, Experience And Criteria For Approval As Compliance Officer
- Part III, Section 3(2)(B) | Criteria For Phase 1 Approval
- According to this subsection, a person applying for approval as an external compliance officer must maintain the operational ability to render compliance services efficiently. These include control structures, processes, and procedures with reference to access rights and data security on electronic data.
What happens if you don’t comply with the Act and relevant Board Notices?
In some instances, the Financial Services Conduct Authority (FSCA) may take action against a negligent FSP or Intermediary for flouting the provisions under the FAIS Act or its accompanying Board Notices. The biggest risk to FSPs and Intermediaries is losing their license to operate as an FSP or Intermediary.
Any consumer who suffers harm because of the actions or inactions of an FSP or Intermediary that results in a significant financial loss can lodge a complaint to the FAIS Ombudsman. Customers can complain to the FAIS Ombud for any number of reasons. For example, if an FSP or Intermediary does not provide adequate care in securing customer data to protect it from harm, it can result in a complaint.
Our courts have broadly said that if you work with data, organisations have a duty of care to establish and maintain appropriate measures to secure data. Customers can complain to the FSCA about Compliance Officers who fail to efficiently secure electronic data and ensure that access rights to electronic data are protected.
How does our Product help you comply?
The FAIS Act does not contain requirements for FSPs or intermediaries to put measures in place for cybersecurity; however, Board Notice 194 does so explicitly and Board Notice 127 references data security. These notices highlight security measures and requirements to ensure the safeguarding of systems and information.
Many FSPs and intermediaries work remotely or transact online. This places information at a greater risk of being intercepted by cyber criminals. With the increase in online transactions and the associated exchange of information, information security is fast becoming a business concern. Organisations should be more proactive to identify risks and put measures in place to protect their businesses and clients from falling prey to cyber-attacks.
The Fit and Proper Requirements mandate that FSPs should safeguard and protect the integrity and confidentiality of information. FSPs must also ensure electronic data security, and internal and external cybersecurity.
To perform their professional activities properly and safely, FSPs, Intermediaries, and Compliance Officers can comply with specific requirements as listed under the relevant Board Notices by obtaining and/or implementing the products provided by ARMD.digital.
CyberProfiler scan
By obtaining a CyberProfiler scan and implementing the remediation recommendations provided in its report:
FSPs and Intermediaries can:
- strengthen their governance framework by detecting any potential risks relating to their activities, processes, and systems;
- comply with their Fit and Proper Requirements by ensuring that confidential information and their systems are more secure from possible cyber-attacks;
- identify loopholes or vulnerabilities in their security systems;
- ensure risks arising from any vulnerabilities are addressed in a timely manner; and
- conduct ad hoc vulnerability assessments that match their risk profile and requirements.
Compliance Officers can:
- boost their control processes and procedures to periodically ensure that electronic data is secure and safe from being compromised by a security breach.
DMARC
Implementing DMARC on your company’s email domain can help you:
- To protect critical aspects of your email system by preventing any unlawful use of your domain;
- Ensure the security, integrity, and confidentiality of information sent and received from any of your company’s email;
- Maintain electronic data security and internal and external cybersecurity by validating the sender of the email thereby ensuring that the email has not been compromised when it reaches an inbox.
Useful resources
- The FSCA website
- Read the FAIS Act