Compliance obligations
Regulatory changes are a constant in the dynamic landscape of the insurance and financial advisory sectors, shaping industry practices and standards. Staying abreast of these changes and understanding their implications is essential for insurers, financial advisers, and industry professionals alike.
In this context, FAnews spoke to Lerato Lamola, Partner and Mateen Memon, Associate, at Webber Wentzel to navigate the regulatory maze and uncover how these changes are reshaping the insurance and financial advisory sectors.
Recent regulatory changes or updates
Here is a brief summary of the regulatory changes and updates in the insurance and financial advisory sectors, based on Lamola and Memon’s response:
- Information technology governance and risk management: Joint Standard 1 of 2023: Issued by the FSCA and PA on 15 November 2023, it mandates IT governance and risk management structures for financial institutions, effective from 15 November 2024.
- Outsourcing by insurers: Joint Standard 1 of 2024: Published on 17 May 2024, it replaces Prudential Standard GOI 5, adding new measures for insurers outsourcing material functions. It becomes effective on 1 December 2024, with a compliance deadline within 6 months of the commencement date.
- Cybersecurity and cyber resilience: Joint Standard 2 of 2024: Also released on 17 May 2024, this sets guidelines for managing cybersecurity risks, requiring notification of material incidents. It will commence on 1 June 2025, with the effective date announced on the authorities' websites.
- Climate-related governance and risk practices: Guidance Notice 1 of 2024: Issued on 8 May 2024, it assists insurers in managing climate-related risks in line with GOI 3 and GOI 3.1 standards. Guidance Notice 2 of 2024: This provides guidance on climate-related disclosures, which are expected to become mandatory over time, influenced by international standards and corporate disclosure requirements.
- National Financial Ombud Scheme (NFO): Recognised on 23 February 2024 and effective from 1 March 2024, the NFO replaces multiple previous ombudsman schemes, changing the complaint resolution process and requiring disclosure of NFO contact details to customers.
Requirements insurers and advisers must adhere to
According to Lamola, “the Joint Standard 1 of 2023 and Joint Standard 2 of 2024 information technology and cybersecurity-related compliance requirements must be implemented either by just insurers (in the case of Joint Standard 2 of 2024) or insurers and financial advisers (in the case of Joint Standard 1 of 2023). These compliance obligations are more specific to policy measures and processes. These are expected to impact industry practices related to technology infrastructure broadly.”
Memon added that the “Joint Standard 1 of 2024 is expected to impact the compliance obligations related to outsourcing by insurers. While this guidance notice still impacts the outsourcing of material functions, it may impact what considerations insurers must take into account when outsourcing these functions. In particular, there is now a requirement for insurers to assess contingency plans of third parties when outsourcing material functions.”
“Guidance Notice 1 of 2024 is expected to impact the already existing risk management and assessment obligations of insurers. This may require insurers to adapt their existing risk management and assessment practices to climate-related risks. Since this requirement is very recent, it remains to be seen what practical measures may be taken to adapt risk management and assessment practices,” continued Memon.
Insurers, Memon said, will have to disclose the contact details and availability of the NFO to customers in the manner set out in the NFO Rules. Aside from this, there are no additional compliance requirements that arise from the NFO.
Overarching trends regarding regulatory priorities
According to Lamola, there is a growing emphasis on enhancing protections and practices related to technology infrastructure, reflecting the advanced technologies used in the financial services sector. “Environmental obligations are also gaining focus, aligning with global initiatives to integrate Environmental, Social and Governance (ESG) and sustainable finance. The PA sees insurers as critical in managing climate-related risks.”
“South Africa's greylisting has heightened the focus on anti-money laundering (AML), leading to more stringent measures to combat money laundering and terrorist financing. Additionally, there is increased regulatory emphasis on consumer treatment, as seen in the FSCA's Statement on Consumer Vulnerability, which highlights the importance of understanding consumer vulnerability to embed Treating Customers Fairly (TCF) principles and drive positive consumer outcomes,” added Lamola.
The impact on daily operations
“Joint Standards 1 of 2023 and 2 of 2024 will require financial institutions to enhance their technology infrastructure, affecting system integration and daily operations to avoid service interruptions. Joint Standard 1 of 2024 will necessitate insurers to review their outsourced functions for compliance,” said Memon.
“Climate-related guidance notices may have a limited immediate impact on daily operations, but insurers and financial advisory firms will need to monitor developments closely. Evolving AML requirements will make insurers and financial advisory firms scrutinise client information more carefully, increasing caution in customer due diligence. Sanction screening guidance will also require close monitoring of compliance processes,” added Memon.
The NFO will impact insurers' complaints management processes, according to Memon, requiring them to follow NFO rules to ensure proper handling of complaints.
On a similar note, Memon added that since many of the requirements are recent, the impact on customers and policyholders remains to be seen. “The Statement on Consumer Vulnerability might lead to measures improving TCF outcomes, affecting consumer rights and protections, but concrete steps are not yet mentioned. A key development is the recognition of the NFO, which will require customers to be informed about it and insurance complaints to be resolved according to NFO rules.”
Speaking of technology and daily operations, Memon said that insurers and financial advisers are leveraging advanced technology, such as generative AI, to streamline processes. Automated transaction monitoring systems are also increasingly used to comply with AML obligations. Insurers are also adopting insurtech to diversify offerings and improve customer reach and convenience.
Responding to these changes and requirements
Lamola pointed out that insurers and financial advisers are aware of risk management related to their technology infrastructure, as highlighted by Joint Standard 1 of 2023 and Joint Standard 2 of 2024. They are enhancing their systems and compliance functions to meet these standards.
“Regarding Joint Standard 2 of 2024, insurers are reviewing outsourcing arrangements and key business relationships to ensure compliance. Many insurers and financial advisers have launched ESG initiatives and are considering the impact of climate change, aligning with the PA's guidance notices. Financial institutions are also adapting processes to comply with evolving AML requirements, especially following the greylisting, and will continue to do so as new measures are introduced by the FIC and other bodies,” said Lamola.
Challenges, opportunities and collaboration
“Cost-related concerns are a major challenge for insurers and financial advisers, especially smaller operations. Navigating uncertainty around new regulations requires ongoing engagement,” said Memon.
Lamola emphasised the importance of collaboration with regulatory authorities. “Industry associations, like the South African Insurance Association (SAIA), engage in consultations to communicate collective feedback and seek clarification on ambiguous requirements.”
Future regulatory developments to prepare for
Both Lamola and Memon stated that industry participants are closely monitoring the progress of the draft Conduct of Financial Institutions Bill (COFI). “In June 2023, the FSCA published its updated three-year Regulation Plan covering the period from 1 April 2023 to 31 March 2026. The plan highlights a key focus on developing a new regulatory framework under COFI, with the FSCA noting 'good progress' towards submission to Parliament. The outcome will depend on developments,” they said, jointly.
“While no other insurance-specific interventions are scheduled in the next three years, various insurance-related matters will be considered by the PA and FSCA during the transition of existing sectoral laws to the COFI framework,” they concluded.
Writer’s thoughts
Navigating the ever-changing regulatory landscape is a significant challenge that requires constant vigilance and adaptation from industry professionals. The ability to anticipate and respond to regulatory shifts, however, will not only safeguard operations but also enhance client trust and industry resilience in an increasingly complex environment. Please comment below, interact with us on Twitter at @fanews_online or email me - myra@fanews.co.za
