1 Legal framework

1.1 Which legislative and regulatory provisions govern the banking sector in your jurisdiction?

The South African banking sector is primarily governed by the Banks Act, 1990 and its regulations. In terms of the Banks Act, no person may conduct "the business of a bank" unless it:

  • is a public company which is registered as a bank in terms of the Banks Act; or
  • has been authorised by the Prudential Authority (PA) to conduct the business of a bank by means of a branch of a foreign bank.

The legislation applicable to banks in South Africa relates to:

  • oversight of the banking industry – for example, the South African Reserve Bank Act, 1989 regulates the South African Reserve Bank (SARB) and the overall South African monetary system;
  • financial stability and soundness – for example, the Financial Markets Act, 2012 provides for the regulation of market infrastructure and securities trading in South Africa, among other things;
  • consumer protection and credit – for example, the purpose of the National Credit Act, 2005 (NCA) is to promote fair access to consumer credit and prevent unfair credit practices such as the granting of reckless credit to credit consumers in South Africa;
  • financial integrity and prevention of crime – for example, the purpose of the Financial Intelligence Centre Act, 2001 ('FIC Act') is to prevent money laundering and funding of terrorist activities through mandate reporting and other client-related due diligence duties from accountable institutions under the FIC Act; and
  • other issues – for example, in an effort to encourage South Africans to save, the South African Postbank Limited Act, 2010 established the Postbank Division of the Post Office, to undertake the functions of a bank.

1.2 Which bilateral and multilateral instruments on banking have effect in your jurisdiction? How is regulatory cooperation and consolidated supervision assured?

The PA represents South Africa on the Basel Committee on Banking Supervision as well as several subcommittees covering accounting, risk, anti-money laundering (AML), counter-terrorist financing (CTF), policy developments and supervision aspects.

In addition, the PA is:

  • an association member of the International Organisation of Securities Commissions;
  • a member of the Community of African Banking Supervisors (CABS). The main objective of CABS is to contribute to ongoing efforts to strengthen banking regulatory and supervisory frameworks on the African continent;
  • a member of the Committee of Insurance, Securities and Non-banking Financial Authorities. The PA plays an active role by contributing towards the harmonisation of prudential matters within South African Development Community member states and promoting sound corporate governance as well as AML supervision of financial institutions;
  • the representative of South Africa at the Financial African Task Force (FATF) through plenary discussions and meetings by FATF upon which standards the FIC Act are based;
  • a member of the Information Technology Supervisors Group (ITSG). The ITSG is an independent and cooperative international working group for prudential information technology supervisors that are not affiliated with the Basel Committee on Banking supervision or its subcommittees; and
  • a founding member of the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG). The purpose of the ESAAMLG is to ensure that its member countries:
    • implement FATF recommendations and coordinate with other international organisations concerned with AML/CTF;
    • coordinate technical assistance;
    • develop institutional and human resource capacity and capabilities; and
    • study emerging regional typologies.

In addition to the memoranda of understanding (MOUs) it has concluded (see the discussion regarding regulatory cooperation and consolidated supervision below), the PA also has a number of MOUs in place with foreign supervisory bodies. The purpose of these MOUs is to provide a bilateral working relationship and ensure cooperation across jurisdictions, including sharing of information and investigative assistance on matters. However, these MOUs do not supersede or modify any laws or regulatory requirements in force and applicable within the South African jurisdiction.

Regulatory cooperation and consolidated supervision: In South Africa, the Financial Sector Regulation Act, 2017, as amended ('FSR Act), requires mandatory cooperation between:

  • the SARB;
  • the PA;
  • the Financial Sector Conduct Authority (FSCA);
  • the Financial Intelligence Centre (FIC); and
  • the National Credit Regulator (NCR).

In terms of the FSR Act, MoUs need to be implemented and published. Thus far, the PA has signed and published MOUs with the SARB, the NCR, the FSCA and the FIC. In addition, the regulators have released standards on:

  • fit and proper person requirements for significant owners;
  • margin requirements; and
  • requirements in respect of central counterparty licence applications.

Insofar as cooperation is concerned, the FSR Act established four cooperating bodies with extensive but overlapping memberships. The four platforms (although without formal powers or decision-making responsibilities) for cooperation are:

  • the Financial Stability Oversight Committee (FSOC);
  • the Financial Sector Contingency Forum (FSCF);
  • the Financial System Council of Regulators (FSCR); and
  • the Financial Sector Inter-Ministerial Council (FSMC).

The FSMC facilitates cooperation and collaboration between Cabinet ministers and the FSCF identifies potential financial risks and coordinates and mitigates same. The FSOC is an advisory committee to the governor, the SARB and the minister of finance. Its mandate generally oversees financial stability and crisis management and prevention. The FSCR facilitates cooperation and collaboration between the institutions represented.

Consolidated supervision is further assured through the PA regulating banks and banking groups. Additionally, South African regulations relating to banks prescribe that all directives, instructions and requirements apply to a bank or its controlling company on a consolidated basis.

1.3 Which bodies are responsible for enforcing the applicable laws and regulations? What powers (including sanctions) do they have?

In South Africa, the SARB, as the central bank, is primarily responsible for:

  • supervising the banking sector; and
  • overseeing the functioning of the national payment system in terms of the SARB Act and National Payment Systems Act, 1998.

Other bodies responsible for banks include the following:

  • In terms of the FSR Act, the PA, which has been established within the administration of the SARB with the objective of:
    • protecting financial customers against the risk of financial institutions failing to meet their obligations; and
    • promoting and enhancing the soundness of financial institutions and market infrastructure;
  • In terms of the FIC Act, the FIC is responsible for enforcing and supervising compliance with the FIC Act by accountable institutions, such as banks; and
  • In terms of the NCA, the National Credit Regulator:
    • promotes and supports fair, transparent competitive, sustainable, responsible, efficient, effective and accessible credit markets; and
    • is responsible for regulating the consumer credit industry by, among other things, registering and suspending or cancelling the registration of credit providers, such as banks.

1.4 What are the current priorities of regulators and how does the regulator engage with the banking sector?

Regulators in the South African banking sector are focusing on:

  • streamlining the legal and regulatory framework for conduct regulation in the financial sector; and
  • ensuring the consistent application of consumer protection principles across the financial sector.

This is evident in the development of the Conduct of Financial Institutions Bill, which aims to establish a unified and comprehensive market conduct law in the financial sector in South Africa.

Currently, the SARB and FSCA are focusing on increased monitoring and reporting in relation to AML and CTF. This comes in light of the recent announcement by the FATF that South Africa has been 'greylisted' and therefore subjected to increased monitoring in the areas of AML and CTF. The SARB and the FSCA consequently issued press statements reiterating their commitment to:

  • addressing the deficiencies related to AML/CTF; and
  • reiterating the importance of compliance with AML/CTF laws.

The PA and the FSCA regularly publish media releases, strategic documents, directives, plans and papers on their websites for public comment, which is a primary method of engagement with the banking sector.

2 Form and structure

2.1 What types of banks are typically found in your jurisdiction?

The banking law in South Africa provides for a number of different types of banks to operate. They include:

  • retail banks;
  • commercial banks;
  • investment banks;
  • development banks;
  • cooperative banks;
  • mutual banks; and
  • Islamic banks.

2.2 How are these banks typically structured?

Retail banks: Retail banks are structured to provide financial services to individuals and small businesses. The financial services that they offer include:

  • savings and current accounts;
  • loans;
  • mortgages; and
  • credit card facilities.

They have a large network of branches and automatic teller machines so that their services are easily accessible to customers.

Commercial banks: Commercial banks provide financial services to businesses, corporations and other large organisations. The services provided by commercial banks include:

  • loans;
  • lines of credit;
  • cash management; and
  • investment services.

They also provide services to retail customers; however, much of their focus is on the needs of larger organisations.

Investment banks: Investment banks are structured in a way that facilitates services in respect of the management of financial assets, such as underwriting, mergers and acquisitions, and securities trading. They also provide advisory services to clients in respect of investment opportunities and risk management.

Development banks: Development banks generally engage in development finance activities such as infrastructure projects, as well as assisting small and medium-sized enterprises.

Cooperative banks: Cooperative banks are owned and operated by their members, who are typically small business owners, farmers or consumers. The services provided by cooperative banks are quite similar to those of retail banks as referred to above, but cooperative banks focus on serving their members' needs rather than maximising profits.

Mutual banks: Mutual banks in South Africa are structured similarly to other types of banks, with a few key differences. Unlike traditional banks, mutual banks are owned by their depositors, rather than by shareholders. Ownership in this type of bank is attained through opening an account with the bank and becoming a member. Mutual banks in South Africa are also subject to regulations and requirements set by the South African Reserve Bank (SARB), which oversees the country's banking industry. These regulations are designed to ensure that mutual banks:

  • operate in a safe and sound manner; and
  • protect the interests of their customers.

This structure is created to promote transparency and accountability, with a keen focus on the customer, as opposed to shareholders.

Islamic banks: Islamic banks are conventional banks for Islamic customers but are not structured to provide fixed interest on loans and deposits, unlike conventional banks. The returns from Islamic bank activities are distributed through profit sharing, meaning that each client is considered a shareholder in the bank.

2.3 Are there any restrictions on foreign ownership of banks?

There are restrictions in place and imposed by the Banks Act, which sets limits in respect of the extent to which non-residents can own shares in South African banks. A non-resident may not own more than 15% of the issued shares in a South African bank, unless permission is obtained from the PA. Furthermore, shareholding in a South African bank may not exceed 25% of the issued shares in total, unless permission is obtained from the minister of finance through the PA. These restrictions are put in place to ensure that the country's financial system is not overly dependent on foreign investors.

2.4 Can banks with a foreign headquarters operate in your jurisdiction on the basis of their foreign licence?

Banks with foreign headquarters cannot operate in South Africa solely on the basis of their foreign licence. In order for a foreign bank to operate as a bank in South Africa, it must:

  • establish a presence in South Africa; and
  • obtain a licence from the SARB.

Foreign banks wishing to operate in South Africa typically establish a subsidiary or branch in the country. The establishment of a subsidiary involves the incorporation of a separate legal entity in South Africa; while the establishment of a branch involves the registration of the foreign bank as a non-resident company with the Companies and Intellectual Property Commission. Once a foreign bank has established a presence in South Africa, it must apply to the SARB for a banking licence. The SARB will review the bank's application and assess whether it meets the necessary regulatory requirements, including capital adequacy, risk management and governance. If the bank meets these requirements, the SARB may grant it a banking licence, which will allow it to operate as a bank in South Africa.

In summary, a foreign bank cannot operate in South Africa on the basis of its foreign licence alone, but must:

  • establish a presence in the country; and
  • obtain a licence from the SARB in order to operate as a bank in South Africa.

3 Authorisation

3.1 What licences are required to provide banking services in your jurisdiction? What activities do they cover?

The type of licence required depends on the type of banking services that the bank intends to provide. The following are the main types of banking licences issued by the South African Reserve Bank (SARB):

  • Commercial banking licence: This type of licence allows a bank to engage in a range of banking activities, including:
    • accepting deposits;
    • granting loans and other forms of credit;
    • issuing credit cards; and
    • providing other financial services to consumers and businesses.
  • Investment banking licence: This type of licence allows a bank to engage in investment banking activities, such as:
    • underwriting securities;
    • providing advisory services; and
    • managing investment portfolios.
  • Mutual banking licence: This type of licence allows a bank to operate as a mutual bank, as defined above.
  • Development banking licence: This type of licence allows a bank to engage in development finance activities, such as providing funding and support for:
    • infrastructure projects;
    • small and medium-sized enterprises; and
    • other initiatives that promote economic development.

3.2 What requirements must be satisfied to obtain a licence?

Any entity which would like to conduct the business of a bank must apply to the Prudential Authority (PA) for authorisation to establish a bank or a mutual bank.

The Banks Act only allows public companies incorporated and registered under the Companies Act, 2008 to carry on the business of a bank in South Africa. However, mutual banks are recognised by the Mutual Banks Act, 1993 and need not be incorporated as a company under the Companies Act. An entity seeking authority to establish a bank should apply, in writing, to the PA, in accordance with Section 12 of the Banks Act. Alternatively, an applicant seeking authorisation to establish a mutual bank should apply, in writing, to the PA, in accordance with Section 10 of the Mutual Banks Act. The application and documents lodged in terms of an application must be signed by the chairman or the chief executive officer of the institution.

Subsequently, upon being granted authorisation to establish a bank, the applicant to which the authorisation has been granted should, at any time during the 12-month period commencing from the date of grant of authorisation, apply in writing to the PA for the registration of the institution as a bank or mutual bank, in accordance with either:

  • Section 16 of the Banks Act; or
  • Section 13 of the Mutual Banks Act.

3.3 What is the procedure for obtaining a licence? How long does this typically take?

The process for obtaining a banking licence is overseen by the SARB, which is responsible for regulating and supervising the banking sector. The application process typically involves the following steps:

Pre-application phase: The SARB encourages potential applicants to engage in pre-application discussions to understand the regulatory requirements and assess the feasibility of the proposed banking business. During this phase, the applicant must submit a comprehensive business plan, which should cover:

  • the nature and scope of the proposed banking business;
  • the proposed ownership and management structure;
  • the proposed products and services; and
  • the financial projections.

Formal application phase: Once the SARB is satisfied with the applicant's business plan, the applicant may proceed to submit a formal application for a banking licence. The application should include detailed information on:

  • the proposed shareholding structure;
  • the proposed directors and senior management team;
  • the proposed business operations; and
  • the proposed systems and controls and the financial projections.

The application must also include a range of supporting documents, such as:

  • financial statements;
  • legal opinions; and
  • regulatory clearances.

Assessment and evaluation phase: The SARB will conduct a thorough assessment of the application, which may include:

  • on-site inspections;
  • interviews with key personnel; and
  • reviews of the applicant's systems and controls.

The SARB will also assess:

  • the applicant's suitability and integrity; and
  • the adequacy of the applicant's capital and liquidity.

Decision phase: Based on the results of the assessment, the SARB will either grant or refuse the banking licence. If the licence is granted, the applicant will be required to comply with a range of ongoing regulatory requirements, including:

  • regular reporting;
  • capital adequacy requirements; and
  • risk management requirements.

The length of time it takes to obtain a banking licence in South Africa can vary depending on a range of factors, such as:

  • the complexity of the proposed banking business;
  • the completeness of the application; and
  • the workload of the SARB.

In general, the process can take between 10 months and a year, although it may take longer. Generally speaking, the PA will provisionally register an applicant as a bank and issue it with a certificate of registration, once its application succeeds and the prescribed fees are paid. Registration can also be made subject to certain prescribed conditions.

4 Regulatory capital and liquidity

4.1 How are banks typically funded in your jurisdiction?

Banks in South Africa are funded through a variety of sources, including:

  • customer deposits;
  • borrowing from other banks and financial institutions; and
  • the issue of debt and equity securities.

Customer deposits are a primary source of funding for banks in South Africa. Banks offer a range of deposit products to customers, including:

  • savings and transaction accounts;
  • fixed deposits; and
  • money market accounts.

These deposits provide banks with a stable source of funding, as customers typically keep their money with the bank for an extended period. Banks in South Africa also borrow funds from other financial institutions, both domestically and internationally. This borrowing can take the form of:

  • interbank loans;
  • repurchase agreements; and
  • other short-term funding arrangements.

In addition to customer deposits and borrowing from other banks, South African banks also issue debt and equity securities to investors. Debt securities include bonds and commercial paper; while equity securities include shares in the bank. These securities allow banks to raise additional funds to support their lending and other activities. Overall, banks in South Africa use a combination of funding sources to support their operations and grow their balance sheets.

4.2 What minimum capital requirements apply to banks in your jurisdiction?

The minimum capital requirements for banks in South Africa are based on a risk-based approach, as the level of required capital is linked to the risks that the specific bank faces in its operations. The risk-based approach takes into account factors such as:

  • the type of assets held by the bank;
  • the creditworthiness of its borrowers; and
  • the overall economic environment.

The minimum capital requirements for banks in South Africa is set out in Section 70A of the Banks Act as:

  • ZAR 250 million; or
  • a percentage amount relating to the different categories of assets and other risk exposures which is calculated in a manner prescribed by the Banks Act.

4.3 What legal reserve requirements apply to banks in your jurisdiction?

Banks must maintain a legal reserve requirement with the South African Reserve Bank (SARB) in terms of Section 10A of the SARB Act. The legal reserve requirement is reflected as a percentage of the bank's deposit liabilities that must be held in the form of reserves with the SARB.

The legal reserve requirement for banks in South Africa is 3.5% of their deposit liabilities as set by the SARB. Banks must maintain their legal reserve requirement on a daily basis and may face penalties for failing to do so. The SARB pays interest on the reserves held by banks, although the interest rate is generally lower than the rates that banks can earn on their lending and investment activities.

5 Supervision of banking groups

5.1 What requirements apply with regard to the supervision of banking groups in your jurisdiction?

The South African Reserve Bank (SARB) is responsible for ensuring that banking groups comply with prudential standards and regulations aimed at promoting the stability of the financial system. In order to supervise banking groups, the SARB conducts regular on-site inspections and off-site monitoring of their operations, financial condition and risk management practices. These inspections and monitoring activities are designed to assess the adequacy of:

  • risk management frameworks;
  • governance practices;
  • capital adequacy; and
  • liquidity.

Banking groups must also submit regular financial reports to the SARB, which are used to monitor their financial condition and compliance with prudential standards. The SARB also has the power to conduct special investigations and audits of banking groups if it deems this necessary. In addition, banking groups must have independent external auditors who report to the SARB on the adequacy of their financial reporting and internal controls.

5.2 How are systemically important banks supervised in your jurisdiction?

Systemically important banks (SIBs) in South Africa are subject to additional supervision and regulatory requirements compared to other banks. The SARB is responsible for supervising SIBs in accordance with the Banks Act and the Financial Sector Regulation Act. The SARB designates banks as SIBs based on their size, interconnectedness and complexity. Once designated as an SIB, a bank is subject to more intensive supervision and regulation, including:

  • additional capital and liquidity requirements; and
  • enhanced risk management and governance standards.

SIBs must also submit regular reports to the SARB on their risk profile, capital and liquidity positions, and compliance with prudential standards. Regular on-site inspections and off-site monitoring of SIBs are conducted in order to:

  • assess their compliance with regulatory requirements; and
  • identify potential risks to financial stability.

In addition, SIBs are subject to regular stress tests and scenario analyses to assess their ability to withstand adverse economic conditions. The results of these tests are used to assist in the SARB's supervisory approach and to identify areas where additional regulatory action may be necessary.

5.3 What is the role of the central bank?

The role of the SARB is to oversee and regulate the country's monetary and financial system. The SARB is responsible for:

  • implementing monetary policy;
  • maintaining financial stability; and
  • promoting economic growth.

Key functions of the SARB as central bank include the following:

  • Monetary policy: The SARB is responsible for implementing monetary policy, which involves controlling the supply and cost of money in the economy. This is typically done through the use of interest rates and other monetary tools.
  • Bank supervision: The SARB is responsible for overseeing the operations of banks and other financial institutions to ensure that they are operating safely and soundly.
  • Financial stability: The SARB is responsible for maintaining financial stability in the economy by monitoring and managing systemic risks.

6 Activities

6.1 What specific regulations apply to the following banking activities in your jurisdiction: (a) Mortgage lending? (b) Consumer credit? (c) Investment services? and (d) Payment services and e-money?

(a) Mortgage lending?

In South Africa, mortgage lending is regulated by the National Credit Act (NCA), which sets out the rules and requirements that lenders must adhere to when providing mortgage loans to consumers. The NCA has several key regulations that apply to mortgage lending in South Africa which include the following:

  • Affordability assessments: Before a lender can approve a mortgage loan, it must conduct an affordability assessment in terms of Section 81(2) of the NCA to ensure that the borrower can afford to repay the loan.
  • Disclosure requirements: Lenders must provide borrowers with clear and concise information about the terms and conditions of the mortgage loan, including the interest rate, fees, charges and repayment schedule as envisaged in terms of Section 92(2) of the NCA, which sets out the pre-agreement disclosure.
  • Early settlement penalties: In terms of Section 125(2)(ii) of the NCA, if a borrower wants to pay off his or her mortgage loan early, the NCA allows lenders to charge a penalty fee.

Additionally, the Home Loan and Mortgage Disclosure Act, 2000 (HLAMDA) is another key regulation in respect of mortgage lending in South Africa, by requiring mortgage lenders to provide certain information to borrowers. It also provides for the establishment of a central database of mortgage lending information. The HLAMDA ensures fair lending practices in respect of the provision of mortgage loans.

In terms of Section 5 of the HLAMDA, mortgage lenders must provide borrowers with a pre-agreement statement and quotation that sets out the terms and conditions of the proposed loan, including the interest rate, fees, and charges. Section 7 of the HLAMDA requires mortgage lenders to provide borrowers with a statement of account at least once a year, which sets out:

  • the balance of the loan;
  • the amount of each payment made; and
  • the amount of interest charged.

Mortgage lenders are also prohibited from discriminating against borrowers on the basis of race, gender or any other prohibited grounds, as per Section 10 of the HLAMDA.

(b) Consumer credit?

The NCA governs all forms of consumer credit in South Africa. It sets out the rules and requirements that lenders must adhere to when providing credit to consumers. The key regulations that apply to consumer credit in South Africa include the following:

  • Affordability assessments: Before a lender can approve the provision of credit to a consumer, the lender must conduct an affordability assessment in terms of Section 81(2) of the NCA to ensure that the borrower can afford to repay the loan.
  • Interest rate caps: The NCA sets a maximum interest rate that lenders can charge on credit. In terms of Section 5(2) of the NCA, the maximum interest rate that can be charged on credit is currently 17.5% per annum.
  • Cooling-off period: Section 14 of the NCA provides for a five-day cooling-off period for consumers who have entered into credit agreements. There are no penalties or charges during the cooling-off period. However, the cooling-off period is limited to the following instances in which the credit agreement was granted:
    • through direct marketing, where the consumer did not have a face-to-face meeting with the credit provider;
    • at the consumer's home or place of work;
    • at a location that is not the credit provider's business premises; or
    • at a public event, such as a trade fair or exhibition.
  • Debt counselling: In terms of Section 86 of the NCA, if a borrower is struggling to repay his or her debts, he or she can apply for debt counselling, where a debt counsellor assists the borrower in negotiating more affordable repayment terms with his or her creditors.

These are just a few examples of the sections of the NCA that govern consumer credit in South Africa. The NCA is a comprehensive piece of legislation that covers all aspects of consumer credit.

(c) Investment services?

In South Africa, investment services are regulated by the Financial Sector Conduct Authority (FSCA) under the FSRA. The FSCA sets out the rules and requirements that financial services providers must adhere to when providing investment services to consumers. Some of the key regulations that apply to investment services in South Africa include the following:

  • Licensing and registration: Financial services providers must be licensed and registered with the FSCA before they can provide investment services.
  • Disclosure requirements: Financial services providers must provide consumers with clear and concise information about the investment products they offer, including:
    • the risks involved;
    • fees;
    • charges; and
    • other relevant information.
  • Suitability assessments: Before recommending an investment product to a consumer, financial services providers must conduct a suitability assessment to ensure that the product is appropriate for the consumer's needs, investment objectives and financial situation.
  • Best interest obligations: Financial services providers must act in the best interests of their clients when providing investment advice or recommending investment products.
  • Complaints and dispute resolution: Financial services providers must have a complaints and dispute resolution process in place to handle any complaints or disputes that may arise between them and their clients.
  • Market conduct: Financial services providers must adhere to market conduct standards to ensure that their conduct:
    • is fair and transparent; and
    • does not harm consumers.

(d) Payment services and e-money?

In South Africa, payment services and e-money are regulated by the Payment System Management Act, 2003 (PSMA) and the Financial Intelligence Centre Act ('FIC Act'). The PSMA sets out the rules and requirements that payment service providers must adhere to when providing payment services; while the FIC Act sets out the rules and requirements that apply to anti-money laundering (AML) and counter-terrorist financing (CTF) measures. Some of the key regulations that apply to payment services and e-money in South Africa include the following:

  • Licensing and registration: Payment service providers must be licensed and registered with the South African Reserve Bank before they can provide payment services or issue e-money.
  • Capital requirements: Payment service providers must meet certain capital requirements to ensure that they are financially sound and can meet their obligations to their customers.
  • Security requirements: Payment service providers must have adequate security measures in place to protect their customers' funds and personal information.
  • Disclosure requirements: Payment service providers must provide consumers with clear and concise information about the payment services and e-money products they offer, including fees, charges and other relevant information.
  • AML/CTF measures: Payment service providers must comply with the FIC Act regulations, which require them to verify their customers' identities and report any suspicious transactions to the relevant authorities.
  • Complaints and dispute resolution: Payment service providers must have a complaints and dispute resolution process in place to handle any complaints or disputes that may arise between them and their customers.

7 Reporting, organisational requirements, governance and risk management

7.1 What key reporting and disclosure requirements apply to banks in your jurisdiction?

Section 53 of the Banks Act provides that a bank or a controlling company shall, in such a form and at such intervals as may be prescribed, furnish the Prudential Authority (PA) with the prescribed particulars relating to its shareholding or other interest in its subsidiaries, any joint ventures, undertakings or trust or financial or other business as contemplated and described in Section 52 of the Banks Act.

Regulation 43 of the Banks Act Regulations 1029, published on 12 December 2012, provides that a bank must disclose in its annual financial statements and other disclosures to the public, reliable, information that enables users of that information to make an accurate assessment of the bank's financial condition, including the following:

  • capital adequacy position;
  • liquidity position;
  • financial performance;
  • leverage ratio;
  • ownership;
  • governance;
  • business activities;
  • risk profile; and
  • risk management practices.

7.2 What key organisational and governance requirements apply to banks in your jurisdiction?

According to the Banks Act and its regulations, the board of directors and executive officers of a bank must establish and maintain a strong corporate governance process with the goal of efficiently and ethically achieving the bank's business objectives with applicable laws and managing risk. This is provided for in Sections 60B(1) and (2) of the Banks Act. Regulation 39(1) of the Banks Act Regulations provides that the board is also responsible for ensuring effective risk and capital management and can appoint committees to assist with this. The process must:

  • be consistent with the nature, complexity and risk inherent to a bank's on-balance sheet and off-balance sheet activities; and
  • be able to respond to changes to a bank's environment and conditions.

The PA prescribes the composition of the board of directors of a bank or controlling company. It imposes restrictions on who can serve as the chairman and on the audit committee. At least two board members must be bank employees unless the PA allows for exceptions due to special circumstances.

7.3 What key risk management requirements apply to banks in your jurisdiction?

Regulation 39(3) of the Banks Act Regulations acknowledges that managing risks is an integral part of running a bank. To address these risks, the bank must establish comprehensive risk-management processes, along with board-approved policies and procedures (as noted in Regulations 39(4) and (5) of the Banks Act Regulations). Bank management must ensure that risks are managed properly, including:

  • setting capital targets that align with the bank's risk profile and control environment;
  • implementing effective risk management and internal control processes; and
  • developing a strategy that maintains adequate capital and responds to changes in the business cycle (as stated in Regulation 39(6)(b)(ii)-(iv)(A) of the Banks Act Regulations).

Stress tests must also be conducted to identify potential negative impacts on a bank resulting from events or market changes (as per Regulation 39(6)(b)(vi) of the Banks Act Regulations). Bank directors:

  • are expected to have a basic understanding of bank operations, relevant laws and customs; and
  • are responsible for ensuring that risks are managed prudently, given that banks handle public money (as noted in Regulations 40(1) to (3) of the Banks Act Regulations).

Annual reports to the PA must also be submitted by the directors, addressing factors such as:

  • the integrity of internal controls;
  • ethical standards;
  • material malfunctions; and
  • continued viability (as outlined in Regulations 40(4) (a) to (c) of the Banks Act Regulations).

Additionally, domestic contingency planning frameworks have been established, such as the Financial Sector Contingency Forum, which facilitates collaboration between sectors to identify and mitigate threats to financial stability in South Africa.

7.4 What are the requirements for internal and external audit in your jurisdiction?

In terms of the regulations under the Banks Act, a bank must establish an independent and objective internal audit function headed by a senior executive officer with direct access to the board of directors, audit committee and external auditor.

The internal audit function must conduct its duties in terms of a documented internal audit charter that must be reviewed periodically and communicated throughout the bank. The internal audit function must:

  • under Regulation 48(1)(d) of the Banks Act Regulations:
    • be based on the nature and extent of the bank's operations and exposure to risk; and
    • report directly to the chief executive officer and audit committee; and
  • under Regulation 48(1)(e) of the Banks Act Regulations;
    • report directly to the chief executive officer and audit committee;
    • have sufficient resources allocated to it;
    • be functionally independent from the activities audited and from the day-to-day internal control processes; and
    • be able to operate freely.

Section 64(1) of the Banks Act provides that the board of directors of a bank or controlling company must appoint at least three of its members to form and serve on an audit committee. The audit committee's functions include:

  • assisting the board of directors in its evaluation of internal control systems, accounting practices, information systems and auditing processes;
  • facilitating and promoting communication between management, auditors and employees charged with internal auditing; and
  • introducing measures to enhance the credibility and objectivity of financial statements and reports prepared with reference to the affairs of the bank or controlling company.

The audit committee must also nominate an internal auditor to be appointed as an auditor of the bank or controlling company. The bank is not obliged to accept the nomination but the audit committee must be satisfied that the auditor that is appointed is independent.

Regulation 48(1)(s) of the Banks Act Regulations provides that the internal audit function:

  • may meet with the external auditor, provided that the latter remains solely responsible for the audit opinion in respect of the bank's financial statements; and
  • is obliged to provide the external auditor with access to any relevant internal audit report.

According to Regulation 45 of the regulations, the auditor of a bank must provide a report every year within 120 days of the bank's financial year-end. This report should include information on the bank's financial position and performance, as shown in all the returns submitted to the registrar as of the bank's financial year-end, in addition to any other reports required by law.

8 Senior management

8.1 What requirements apply with regard to the management structure of banks in your jurisdiction?

In South Africa, banks are companies which are registered and licensed to operate as banks, and therefore the management structure of a bank is for the most part subject to the Companies Act. Chapter 5 of the Banks Act provides for the functioning of banks and controlling companies with reference to the Companies Act. According to Section 51 of the Banks Act, a company registered as a bank or as a controlling company continues to be a company in terms of the Companies Act. The Companies Act will continue to apply to any such company that is registered as a bank, provided that the relevant provisions of the Companies Act are not inconsistent with any provision of the Banks Act.

Some examples of provisions of the Companies Act that will not apply to a bank are:

  • those governing the conversion of public companies into other forms of companies; and
  • the provisions in Sections 128 to 154 of the Companies Act relating to business rescue.

The minister of finance, in conjunction with the minister of trade and industry, can declare any of the provisions of the Companies Act not applicable to banks or applicable only subject to certain conditions.

8.2 How are directors and senior executives appointed and removed? What selection criteria apply in this regard?

Section 60 of the Banks Act sets out the duties and appointment of directors of a bank.

No more than 49% of the directors of a bank may be employees of:

  • the bank or its subsidiaries; or
  • the bank's controlling company or its subsidiaries.

When appointing persons to the position of chief executive officer (CEO), director or executive officer, banks in South Africa must provide the Prudential Authority (PA) with written notice of the nomination of such person for appointment to the position, together with the prescribed information of the nominee. The PA can oppose the appointment of the nominated person and the bank can appeal such rejection,

There is no specific registration requirement for senior bank staff members; but as a record-keeping requirement, Section 58 of the Banks Act provides that every bank and controlling company must, within 30 days of its registration as such, furnish the registrar with a copy of its record of directors and officials. In addition, Form BA 020 must be completed by individuals who are holding or proposing to hold the office of a director or executive director of a bank or controlling company.

The removal of directors of banks is generally dealt with in the same manner as the removal of directors of other forms of companies, in terms of the Companies Act. However, if the PA wishes to terminate the appointment of or remove a CEO, director or executive officer of a bank, it must notify the affected parties in writing of its intention and include the grounds for the proposed termination. The affected parties include the director concerned, the CEO of the bank and the chairman of the board of directors of the bank. The notified parties may provide written representations to the PA objecting to the termination/removal and the matter may be referred to arbitration if no resolution is reached.

8.3 What are the legal duties of bank directors and senior executives?

According to Section 60 of the Banks Act, in conjunction with the duties of a director of a company as set out in Sections 77 and 78 of the Companies Act, each director, CEO and executive officer of a bank has the following duties:

  • the duty to act in a bona fide manner for the benefit of the bank;
  • the duty to avoid any conflict between the bank's interests and his or her personal interests;
  • the duty to maintain the knowledge and skill that may reasonably be expected of a person holding a similar appointment and carrying out similar functions as are carried out by the director, CEO or executive officer of that bank; and
  • the duty to exercise a level of care in the carrying out of his or her functions in relation to that bank as may reasonably be expected of a diligent person who holds the same appointment under similar circumstances.

8.4 How is executive compensation in the banking sector regulated in your jurisdiction?

Section 64C of the Banks Act provides that the board of directors of a bank must establish a remuneration committee, consisting only of non-executive directors of the bank. The functions of the remuneration committee include:

  • assisting the board of directors in exercising competent and independent judgement on compensation policies, processes and practices and the incentives created for managing risk, capital and liquidity;
  • ensuring that all relevant decisions are consistent with an assessment of the bank or controlling company's financial condition and future prospects; and
  • conducting an annual independent compensation review in order to assess the bank's compliance with any relevant regulations published in terms of the Banks Act.

9 Change of control and transfers of banking business

9.1 How are the assets and liabilities of banks typically transferred in your jurisdiction?

Section 54(3) of the Banks Act regulates the transfer of assets and liabilities and rights and obligations by a bank to another bank or to a person approved by the registrar of banks. As currently worded, Section 54(3) refers to the transfer of all assets and liabilities, rights and obligations to the amalgamated bank or person taking over the assets and liabilities, and does not address actualities such as a partial transfer of assets and liabilities or a lapse necessitated by the terms and conditions of the relevant amalgamation or transfer of rights, obligations or other legal relationships. Additionally, Section 54(8) provides for the endorsement of title deeds, bonds or other documents recording rights and for the alteration of registers to record the transfer of rights, in the event of an amalgamation of banks or the transfer, by a bank, of all or part of its assets and liabilities. The officials charged with the duty of effecting such endorsements or alterations are the Companies and Intellectual Property Commission, the masters of the High Court and officers in charge of deeds registries.

9.2 What requirements must be met in the event of a change of control?

If a public company wants to control a bank or is a holding company of a company applying for bank registration, it can apply to the Prudential Authority (PA) to become a controlling company. However, the minister of finance's permission is required for any person or entity to hold more than 49% of shares or voting rights in a bank or controlling company. The Banks Act sets out several requirements that the Prudential Authority (PA) must satisfy before granting an application to become a bank's controlling company, such as:

  • ensuring that the registration will not be against the public interest;
  • verifying that every director or executive officer is fit and proper; and
  • ensuring compliance with the Banks Act.

The minister of finance can only grant permission for the acquisition of shares in a registered bank if it will not be against the public interest or the interests of the relevant bank or its depositors or controlling company.

To merge or amalgamate public companies, the Companies Act requires:

  • a compliance certificate from the Takeover Regulation Panel; and
  • a notice, fee and confirmation to be filed with the Companies and Intellectual Property Commission.

Approval under the Competition Act, 1998 and the consent of the minister of finance under the Banks Act are also necessary; and there should be no further approval or unfulfilled conditions imposed by a regulatory authority. If a bank merger requires approval, the South African competition authorities must approve the merger unless the minister of finance certifies that the merger should be subject to the Banks Act.

10 Consumer protection

10.1 What requirements must banks comply with to protect consumers in your jurisdiction?

South Africa has various pieces of consumer protection legislation which may find application to banks in their dealings with their customers:

  • The Consumer Protection Act, 2008 (CPA) applies to all transactions, promotion of goods and/or services and the supply or performance of goods and services within South Africa, unless otherwise exempted by Section 5(2), 5(3) or 5(4) of the CPA.
  • For the purposes of banking services to the general public, the most relevant exemptions include:
    • goods and services supplied to a juristic person whose asset value or annual turnover equals or exceeds ZAR 2 million; and
    • any transactions that constitute a credit agreement under the National Credit Act (NCA).
  • The CPA affords various protections to consumers, including:
    • a restriction on unwanted marketing;
    • a prohibition against discriminatory marketing;
    • the right to disclosure of information;
    • the right to fair and reasonable terms and conditions; and
    • the right to fair and honest dealing.

The rights of consumers in terms of the CPA, where applicable to a transaction, must be upheld by banks by ensuring the provisions of the CPA are adhered to.

  • The NCA applies to all credit agreements concluded on an arm's-length basis in South Africa with various exceptions as contained in Section 4 of the NCA – for example, where the consumer is a juristic person whose annual turnover equals or exceeds ZAR 1 million.
  • As part of this consumer credit regulation and ultimately the protection of consumers who enter into credit agreements (as defined in the NCA), credit providers (as defined in the NCA) must register as such with the Credit Regulator; these often include banks.
  • A recent development is the Conduct of Financial Institutions Bill, which aims to streamline the legal and regulatory framework for conduct regulation in the financial sector and, if passed into law, will put in place a single comprehensive market conduct law in the financial sector, which will allow for the consistent application of consumer protection principles across the financial sector.

Over and above the legislative consumer protection measures mentioned above, the Banking Association of South Africa has published the Code of Banking Practice. The code is adhered to on a voluntary basis and outlines the minimum standards for service and conduct that consumers can expect from their bank in relation to the services and products it offers. However, the code only finds application to personal and small business clients of banks.

10.2 How are deposits protected in your jurisdiction?

In South Africa, deposits are protected by the government through the South African Reserve Bank (SARB). This is achieved through the SARB's subsidiary, the Corporation for Deposit Insurance (CODI), which recently established a Deposit Insurance Scheme (DIS) for South Africa. CODI became a legal entity on 24 March 2023 and is developing secondary legislation which will specify the cover limit for depositors. The secondary legislation will be passed through a parliamentary process, and it is envisaged that CODI will become operational in 2024 and provide the necessary protection to depositors. The DIS is created to protect depositors against the failure of their bank. This is achieved through an insurance cover of up to ZAR 100,000 per depositor, per institution. If a bank fails, depositors will therefore be compensated for up to ZAR 100,000 of their deposits.

11 Data security and cybersecurity

11.1 What is the applicable data protection regime in your jurisdiction and what specific implications does this have for banks?

The Protection of Personal Information Act, 2013 (POPIA) is the main statute that regulates data protection in South Africa. The purpose of POPIA is:

  • to give effect to the constitutional right to privacy; and
  • to regulate the processing of personal information by public and private bodies (defined as responsible parties in POPIA).

POPIA has established minimum requirements for the processing of personal information which includes the personal data of financial services consumers.

POPIA applies to the processing of personal information entered in a record by or for a responsible party by making use of automated or non-automated means, and where the responsible party is domiciled in South Africa.

Banks, as responsible parties must comply with the eight conditions for the lawful processing of personal information, which are briefly summarised as follows:

  • Accountability: The responsible party must comply with the provisions of POPIA.
  • Processing limitation: The data collected must be limited to only the data required for a specified purpose and data subjects must give their consent.
  • Purpose specification: The collection of data must be for a specific and lawful purpose.
  • Further processing limitation: Any further processing of initially collected data must be in line with the initially specified purpose.
  • Information quality: The data collected must be accurate and up to date.
  • Openness: Data subjects must be notified when their personal information is collected.
  • Security safeguards: A responsible party must:
    • secure the integrity of personal information in its possession or under its control; and
    • take steps to prevent unauthorised destruction of and unlawful processing of personal information.
  • Data subject participation: Data subjects have the right to request access to their personal information that is held by a responsible party.

In terms of Section 107 of POPIA, any person convicted of an offence may be liable for a fine of up to ZAR 10 million and/or imprisonment for a period not exceeding 10 years (depending on the circumstances and the severity of the contravention).

11.2 What is the applicable cybersecurity regime in your jurisdiction and what specific implications does this have for banks?

The Cybercrimes Act, 2020 came into effect on 1 December 2021. It creates various offences and penalties, and provides for certain investigation, search and seizure powers of the South African Police Service (SAPS) in relation to such offences.

The offences created by the Cybercrimes Act include:

  • unlawful access of a computer system or computer data storage medium;
  • cyber fraud;
  • unlawful interception of data;
  • unlawful acquisition of passwords/access codes or similar data; and
  • cyber extortion.

Section 54 of the Cybercrimes Act provides for the reporting obligations of electronic communications service providers and financial institutions. Section 54 imposes the obligation on financial institutions to report any offences in terms of the Cybercrimes Act within 72 hours of becoming aware of such offence and preserve any information which may be of assistance to SAPS in their investigation. Non-compliance with this section will result in a fine of up to ZAR 50,000. However, Section 54 of the Cybercrimes Act does not:

  • impose a requirement to actively monitor data that is processed or transmitted by an electronic communications service provider or financial institution; or
  • require them to actively seek facts that indicate unlawful activity in terms of the Cybercrimes Act.

Section 34 of the Cybercrimes Act provides that electronic communications service providers and financial institutions which are in control of any data, computer system or computer programme which is subject to SAPS investigation must provide technical and any other relevant assistance to police officials. In practice, the assistance required by this section may involve the handover of data from an electronic communications service provider or financial institution.

12 Financial crime and banking secrecy

12.1 What provisions govern money laundering and other forms of financial crime in your jurisdiction and what specific implications do these have for banks?

In South Africa, money laundering and other forms of financial crime are governed by the Financial Intelligence Centre Act ('FIC Act') and related regulations. The FIC Act requires financial institutions – including banks – to implement anti-money laundering (AML) and counter-terrorist financing (CTF) measures to prevent their services from being used for illicit purposes.

Under the FIC Act, banks must:

  • implement a risk-based approach, which involves identifying and assessing the money laundering and terrorist financing risks associated with their customers, products, services and geographical locations; and
  • implement customer due diligence measures, which involve:
    • verifying the identity of customers;
    • assessing the purpose and intended nature of the business relationship; and
    • monitoring transactions for suspicious activity.

Banks must further:

  • report suspicious transactions to the Financial Intelligence Centre (FIC); and
  • maintain records of transactions for a period of five years.

Failure to comply with the FIC Act can result in significant penalties, including:

  • fines;
  • imprisonment; and
  • revocation of banking licences.

Lastly, banks are also subject to the Prevention and Combating of Corrupt Activities Act, 2004 (PCCA), which criminalises bribery, corruption and other forms of financial crime. The PCCA imposes both criminal and civil liability on banks and their employees that engage in corrupt activities.

12.2 Does banking secrecy apply in your jurisdiction?

Banking secrecy is applicable and is protected by law; but this protection is not absolute. The confidentiality of banking information is governed by the Protection of Personal Information Act and the FIC Act. Under the POPIA, banks must:

  • protect the personal information of their customers; and
  • obtain their consent before disclosing any such information to third parties.

However, there are several exceptions to this requirement, including instances where disclosure:

  • is required by law; or
  • is in the public interest.

Under the FIC Act, banks must disclose certain information to the FIC for the purposes of preventing money laundering and terrorist financing. This includes information on suspicious transactions and the identity of customers involved in such transactions. Banks must also provide information to law enforcement agencies and other competent authorities in certain circumstances, such as when a court order is obtained. In addition, the South African Revenue Service has the power to request information from banks for tax purposes, including information on the financial affairs of individuals and companies.

13 Competition

13.1 What specific challenges or concerns does the banking sector present from a competition perspective? Are there any pro-competition measures that are targeted specifically at banks?

The main competition challenges include:

  • the high concentration of market power among the dominant banks;
  • barriers to entry for new players; and
  • limited access to financial services for low-income individuals and small businesses.

The South African banking sector is dominated by a few large banks, which have a significant market share and considerable influence over pricing and product offerings.

Barriers to entry for new players also present a challenge for competition in the South African banking sector. These barriers include:

  • high capital requirements;
  • regulatory hurdles; and
  • limited access to distribution channels.

As a result, it can be difficult for new entrants to compete with established players, which can stifle innovation and limit consumer choice.

Finally, limited access to financial services for low-income individuals and small businesses is a concern for competition in the South African banking sector. This can result in exclusion from the formal financial system, which can hinder economic growth and development.

To address these challenges, the government has implemented several pro-competition measures such as the establishment of the Competition Commission and Competition Tribunal, which have the power to investigate and prosecute anti-competitive behaviour.

14 Recovery, resolution and liquidation

14.1 What options are available where banks are failing in your jurisdiction?

In recent years, the South African banking resolution regime has seen significant changes through the Financial Sector Regulation Act ('FSR Act'). These changes were recently expanded by the Financial Sector Laws Amendment Act, 2021 (FSLAA). One such change is the introduction of Chapter 12A, which deals with the resolution of designated institutions, and came into effect on 1 June 2023. 'Designated institutions' are defined in Section 29A to include:

  • banks;
  • systematically important financial institutions;
  • the payment system operator;
  • participants of a systemically important payment system; and
  • holding companies of the aforementioned entities.

In terms of these recent legislative amendments, the South African Reserve Bank (SARB) is responsible for managing the resolution procedure for designated institutions and has been granted extremely wide powers in this regard. The objective of the new amendments to the banking resolution regime in South Africa is to assist in maintaining financial stability and protecting the interests of depositors through the orderly resolution of designated institutions that are in resolution.

When a designated institution, such as a bank, is experiencing financial difficulties and, in the opinion of the SARB, is or will likely be unable to meet its obligations, irrespective of whether the designated institution is insolvent, the SARB may recommend to the minister of finance that the designated institution be placed in resolution. The minister of finance may, after considering a recommendation made by the SARB, make a written determination, addressed to the governor of the SARB, placing the bank in resolution. The amendment further provides that once a designated institution has been placed in resolution, and to the extent that the SARB considers it necessary for the particular designated institution to enter into a specific transaction, the designated institution must enter into that transaction, despite any law or agreement.

If a bank is unable to recover through the resolution process, the SARB may place the bank under curatorship. This involves the appointment of a curator in terms of Section 166D(1)(d) of the FSLAA to manage the bank's affairs and take steps to stabilise its financial position. The curator may have the power to restructure the bank's operations, sell assets, and negotiate with creditors.

In addition to the abovementioned options, the Deposit Insurance Scheme will be able, from a date yet to be determined, to provide limited insurance coverage for deposits held by member banks in the event of a bank failure, as discussed above.

14.2 What insolvency and liquidation regime applies to banks in your jurisdiction?

If a bank is unable to recover through the resolution or curatorship processes, it may be placed under liquidation. This involves:

  • the orderly winding up of the bank's affairs;
  • the sale of its assets; and
  • the distribution of its proceeds to creditors.

The liquidation process is overseen by a liquidator appointed by a court, following an application, by the SARB, for the winding up of the bank in terms of Section 166H of the FSLAA and subject to:

  • the bank in question having been placed in resolution; and
  • there being no reasonable prospects that such bank will cease to be in resolution.

Section 5(4) of the Companies Act read with Section 51(1) of the Banks Act stipulates that:

  • a company registered as bank or controlling company in South Africa will continue to be a company in terms of the Companies Act; and
  • the provisions of the Companies Act will continue to apply to it to the extent that these provisions are not inconsistent with the Banks Act.

As such, the insolvency and liquidation regime is governed by the Banks Act and the FSR Act read with the Companies Act.

15 Trends and predictions

15.1 How would you describe the current banking landscape and prevailing trends in your jurisdiction? Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?

Banks operate under the 'twin peaks' regulatory model, which was introduced in 2018 in terms of the Financial Sector Regulation Act ('FSR Act'). Under the twin peaks model:

  • the Prudential Authority is responsible for regulating banks, insurers, cooperative financial institutions, financial conglomerates and securities and derivatives market infrastructure; and
  • the Financial Sector Conduct Authority (FSCA) is responsible for regulating market conduct (including the conduct of banks).

In its Regulation Plan for 1 April 2022–31 March 2025, the FSCA indicated that following the publication of the conduct standards for banks in 2020, its focus will be on implementing and supervising the banking standards rather than developing further regulatory framework interventions.

In February 2023, the Financial African Task Force (FATF) placed South Africa on the 'grey list'. The impact is that South Africa is subject to increased monitoring – in particular, monitoring in respect of the areas of anti-money laundering/counter-terrorist financing (AML/CTF) deficiencies, as identified by the FATF. Following the grey listing, South African Reserve Bank (SARB) and the FSCA issued press statements reiterating their commitment to addressing the deficiencies in the AML/CTF and reiterating the importance of compliance with AML/CTF laws. Most noteworthy, the FSCA further stated in its press release that accountable institutions (including banks) must increase their reporting of suspicious and/or unusual transactions to the Financial Intelligence Centre (FIC). The process to address the AML/CTF deficiencies is already underway, with significant amendments to the FIC Act:

  • expanding the number of entities regarded as accountable institutions;
  • expanding on the powers of the FIC; and
  • enhancing reporting and 'know your customer' obligations of accountable institutions.

The FSCA, though its strategy documents, also provides insight into the regulator's areas of focus:

  • The Conduct of Financial Institutions Bill ('COFI Bill') envisages that the FSCA be empowered to regulate transformation in the finance sector (eg, setting standards for transformation, issuing of directives etc). The FSCA's draft Financial Sector Transformation Strategy, published for public comment in February 2022, sets out the FSCA's objectives relating to, among other things:
    • providing support to the Financial Sector Transformation Council; and
    • developing regulatory framework for monitoring and enforcing compliance with transformation laws and standards.
  • Empowered by the FSR Act and guided by the National Treasury's draft policy on financial inclusion, the FSCA's strategy for financial inclusion is detailed in its 2020-2023 strategy document, focusing on access, quality and usage of financial services and products. The FSCA has set out principles for financial inclusion which include, among other things:
    • promoting financial education;
    • supporting technological innovation that enables inclusion; and
    • promoting the supply of appropriate financial products and services to small and medium-sized enterprises.

15.2 Does your jurisdiction regulate cryptocurrencies? Are there any legislative developments with respect to cryptocurrencies or fintech in general?

Yes. Cryptocurrencies are not regarded as valid legal tender in South Africa. The SARB Act defines 'legal tender' as banknotes and coins issued by SARB. Cryptocurrencies (referred to in legislation as 'crypto assets') are currently designated as 'financial products' under the e Financial Advisory and Intermediary Services Act (FAIS). Therefore, any person that provides advice or financial services (as defined in the FAIS) in relation to crypto assets will be regarded as a financial services provider and will be required to register with the FSCA and comply with the FAIS. Additionally, in terms of the FIC Act, persons that exchange, administer or safe keep crypto assets or conduct transactions involving crypto assets are regarded as accountable institutions. Accordingly, such persons will be required to register as accountable institutions with FIC and comply with the FIC Act's requirements.

The Crypto Assets Regulatory Working Group of the Intergovernmental Fintech Working Group – a body comprised of various financial sector regulators, including the National Treasury, the FIC, the FSCA, the National Credit Regulator, SARB and the South African Revenue Service – issued a policy paper in June 2021 which sets out 25 recommendations for a revised South African policy, legal and regulatory position on crypto assets and related activities. Some recommendations have already been implemented, such as including crypto assets service providers (CASPS" in the AML/CTF regulatory framework and the financial service provider regulations framework under the FAIS. The other recommendations are as follows:

  • regulating the exposure of prudentially regulated financial institutions and financial market infrastructures to crypto asset;
  • providing for the regulation of cross-border financial flows in respect of crypto assets and CASPS, which includes, among other things:
    • amending the exchange control regulations to include crypto assets in the definition of 'capital'; and
    • amending the Currency and Exchanges Manual for Authorised Dealers to enable authorised dealers to facilitate and report transactions in respect of the transfer of cross-border crypto assets; and
  • inclusion of crypto assets in the FSR Act and the COFI Bill.

Currently, there is no legislation governing fintech specifically (with the exception of the FAIS and the FIC Act). The products and services created and supported by fintech are governed by the financial sector legislation to the extent that they fall under the scope of the existing legislation.

Furthermore, on 24 May 2023 the International Organisation of Securities Commissions initiated public consultation through its detailed recommendations entitled Policy Recommendations for Crypto and Digital Asset Markets to jurisdictions across the globe. These recommendations:

  • seek to improve global standards of regulation of crypto assets;
  • set out how clients should be protected and how crypto trading should meet the standards that apply in public markets; and
  • set out the expectation and manner in which crypto-asset markets should be regulated and supervised.

The public consultation process is expected to be finalised by the end of 2023. Thereafter, it is anticipated that the various jurisdictions will review their current regulatory frameworks to ensure that the standards set out are adhered to.

16 Tips and traps

16.1 What are your top tips for banking entities operating in your jurisdiction and what potential issues would you highlight?

Banks continue to face issues surrounding:

  • data protection and cybersecurity;
  • fair treatment and protection of consumers; and
  • anti-money laundering and counter-terrorist financing.

While these issues are not new, there is:

  • increased focus by regulators on the enforcement of legislation; and
  • an increased focus on developing and implementing regulatory frameworks aligned with the policy position of authoritative bodies and regulators.

Banks and other financial institutions are therefore subject to increased scrutiny and can expect to be subject to enhanced supervision. These issues are exacerbated when dealing with crypto assets and digital financial services. Until a uniform approach is adopted by regulators in this regard, banks and other financial institutions should keep abreast of policy positions, strategy documents, press releases and other such documents to remain informed on the regulators' approach to compliance.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.