OMNI-CBR on pause as FSCA rebuilds the framework
The one thing you cannot accuse South Africa’s financial sector regulators of is being idle. They churn out conduct standards, guidance notices, integrated reports and comprehensive multi-layered updates on their regulatory strategy like clockwork. And the hard-working employees at financial services providers (FSPs) are struggling to keep up.
Plan versus strategy
A perfect illustration of the challenge that industry stakeholders face emerged during the recent SAUMA Conference 2025, when an audience member was chided for confusing the FSCA Regulatory Strategy 2025-2028, published in May this year, with the then soon-to-be released FSCA Three-year Regulation Plan. Both of these documents are produced annually, to update the regulator’s rolling three-year view. The strategy document offers a strategic blueprint containing the authority’s five key priorities, while the plan is an operational document to complement the strategy.
If you want to take a swipe at the financial sector regulators, then you could complain about how long it takes for clarity to emerge around important compliance matters. The slow meander of the Conduct of Financial Institutions (COFI) Bill through the law-making process is an obvious example, but so is the implementation and roll-out of the cross-sectoral Conduct of Business Return (OMNI-CBR) for financial institutions. Yes, dear reader, OMNI-CBR has been on the cards for years. And now there is a good chance it will be cast aside.
So much time has passed between its conceptualisation and its still-not-yet-anywhere-near-implemented reality that the authority had to send another notice for the industry to re-familiarise itself with the matter. FSCA Communication 12 of 2025 (GENERAL), issued 11 June 2025, includes links to no fewer than three prior comms, a video and a couple of supporting publications. To wrap your mind around this issue, you may wish to revisit Communication 22 of 2021; Communication 16 of 2022; and Communication 33 of 2023 (GENERAL).
In Communication 22 of 2021, issued way back in December 2021, the regulator announced its intention to undertake a robust consultation process on the content and implementation of conduct of business reports, starting in 2022. This led to the 8 June 2022 release of Communication 16 of 2022, which included a detailed roadmap for the roll-out and implementation of the OMNI-CBR, plus a first draft of the OMNI-CBR template for stakeholder comment.
Concerns over format and complexity
An uncomfortable 18-month-long lag ensued before the 4 December 2023 arrival of Communication 33 of 2023. Per the FSCA’s latest update, that document “provided a summary of stakeholder engagements as well as a consolidation of industry comments received in response to the first version of the OMNI-CBR.” The FSCA said it had fielded a flood of concerns about the structure, format and complexity of the proposed reporting template, as well as the volume of data being requested.
The complexity of the requirements and the sheer volume of industry comment prevented the FSCA from publishing a revised OMNI-CBR by its July 2024 deadline, which quietly slipped off the radar. “Due to several highly fluid and fast moving strategic and operational developments within the FSCA in the past year, [the July 2024] update was not practically possible until the present,” the regulator explained, a full year later. Over six pages, the latest communication promises “further information regarding the developments alluded to in Communication 33 of 2023 [and] the impact of these developments on the future roll-out and implementation of the OMNI-CBR.” A mouthful, but not entirely unexpected.
At least the FSCA is aware of the uncertainty that lengthy implementation delay has caused. “We have noted a certain level of apprehension by some market participants regarding the prolonged absence of feedback regarding the status of the OMNI-CBR, particularly those financial institutions that have proactively commenced work to ensure readiness for its future implementation,” they wrote, promising to clear up expectations around “the progressing of any internal OMNI-CBR related initiatives by financial institutions at this stage.” Instead of a one-size-fits-all approach, the FSCA says it now favours an incremental approach that will allow for simpler, smarter and lighter compliance loads.
Sometimes, you have to play the waiting game
Shame, the firms that went all in on pre-complying with an in-process requirement must be cursing under their breath, a bit like that lot that built the Foreshore Freeway Bridge in Cape Town, circa 1977. It took the FSCA no fewer than 17 paragraphs to interrogate the issues that have dragged on its attempts to fast-track the OMNI-CBR. Your writer has done the hard yards to reduce this list to a handy half-dozen reasons.
In short: strategic reprioritisation; internal restructuring; a new COFI-aligned strategy; digital transformation; a shift to the Integrated Regulatory Solution (IRS) and OMNI-Risk Return; and a phased rollout to reduce regulatory burden all took the regulator’s eye off the CBR ball. Of the six, two developments stand out for their structural impact. First, the shift to a new supervisory technology (sup-tech) framework; and second, the regulator’s digital transformation journey as a whole.
According to the FSCA, previous versions of the OMNI-CBR were “designed for a largely manual, less modernised supervisory environment”, which introduced considerable complexity in both structure and data volume. Rapid and widespread tech adoption over the past five years has changed the landscape at both financial institutions and the regulator. The big shift from a regulatory perspective is the adoption of IRS, a new supervisory tech platform that will sit at the heart of future supervision.
Centralised data for efficient supervision
From the latest GENERAL notice, you will learn that the IRS offers “a central data repository allowing all supervisory information to be stored and accessed in one place, ensuring the quality and consistency of data used for supervisory purposes”. The platform will also “offer a 360-degree view of each supervised entity available in real time to all relevant teams across the FSCA.”
The OMNI-CBR, which predated the IRS, has been largely subsumed into this new framework, and will now re-emerge as a modular set of returns starting with the OMNI-Risk Return. The FSCA describes this return as “a standardised, system-driven mechanism for calculating risk scores uniformly across all supervised entities.” This approach allows for BREAK data consolidation and streamlined, risk-based oversight across the sector.
“The implementation of the IRS and the introduction of the new FSCA Risk Model will significantly re-shape the manner in which the FSCA interacts with supervised entities going forward,” wrote the FSCA. The focus will therefore switch from CBR to the consultations necessary to get the IRS bedded down, culminating in an industry pilot testing phase, likely late 2025 or early 2026. So, what does this mean for advisers, brokers and other financial intermediaries?
Put your OMNI-CBR efforts on hold, for now
Per the FSCA, “financial institutions are not expected to initiate or progress any internal OMNI-CBR related initiatives or system development and implementation efforts until further communication is issued on the roll-out of the IRS and OMNI-Risk Return.” Upon a moment’s reflection, your writer was perplexed by the promised simplification of a ‘too complex’ OMNI-CBR by replacing it with an unknown raft of future returns. Today, you will be cracking away at a risk return, but tomorrow? The burden has, again, shifted squarely onto financial services providers.
As for those who started building compliance mechanisms based on the original OMNI-CBR framework; your compliance team is left straddling the pre- and post-digital regulatory eras. The FSCA’s pivot to an “incremental approach” is framed as an effort to reduce regulatory duplication and promote simplicity, but much depends on how agile you can be in retrofitting your systems to match a moving target.
Writer’s thoughts:
After years of preparation, the FSCA has gone back to the drawing board on its conduct of business (CBR) requirements. Is your compliance team prepared to reframe everything they thought they knew about OMNI-CBR? Please comment below, interact with us on X at @fanews_online or email us your thoughts [email protected].
