The Banking Regulation Review: South Africa

Introduction

South Africa has an advanced banking system, backed by a sound legal and regulatory framework that aims to secure systemic stability in the economy, to ensure institutional safety and soundness, and to promote consumer protection.

Notwithstanding the turmoil experienced in international financial markets, the South African banking sector has remained sound and adequately capitalised, and new legislation is being promulgated to ensure the continuing stability of the financial sector. The South African Reserve Bank (SARB), which is the central bank in South Africa, is closely involved in international forums, particularly the G20. In addition, the SARB continues to focus on domestic financial stability2 by ensuring the orderly functioning of financial markets with a view to mitigating systemic vulnerabilities.3

The five largest banks in South Africa by total assets are Absa Bank Limited, FirstRand Bank Limited, Investec Bank Limited, Nedbank Limited and The Standard Bank of South Africa Limited.

The regulatory regime applicable to banks

The following primary statutes and regulations govern the banking sector:

  1. the Banks Act 94 of 1990 (the Banks Act) and regulations published in terms thereof, that provide for the regulation and supervision of the deposit-taking activities;
  2. the South African Reserve Bank Act 90 of 1989 (the SARB Act), that regulates the SARB and the monetary system;
  3. the Financial Sector Regulation Act 9 of 2017 (the FSR Act), which establishes a system of financial regulation by the Prudential Authority (PA) and the Financial Sector Conduct Authority (FSCA) and confers certain powers on these entities and the SARB to:
    • preserve and enhance financial stability in South Africa;
    • regulate and supervise financial product providers and financial services providers to improve market conduct for the benefit of financial customers; and
    • provide for coordination, cooperation, collaboration and consultation among the SARB, the PA, the FSCA, the National Credit Regulator (NCR), the Financial Intelligence Centre (FIC) and other organs of state in relation to financial stability and the functions of these entities;
  4. the National Payment Systems Act 78 of 1998 (the NPS Act), which provides for the management, administration, operation, regulation and supervision of payment, clearing and settlement systems in South Africa;
  5. the Inspection of Financial Institutions Act 80 of 1998, which provides for the inspection of the affairs of financial institutions (such as banks) and of unregistered entities conducting the business of financial institutions;
  6. the Currency and Exchanges Act 9 of 1933 (the Currency Act), which regulates legal tender, currency, exchanges and banking;
  7. the Financial Intelligence Centre Act 38 of 2001 (the FIC Act), which establishes the FIC and a Money Laundering Advisory Council to combat money laundering activities and the financing of terrorist and related activities, and imposes certain duties on institutions and other persons who might be used for such activities;
  8. the Financial Advisory and Intermediary Services Act 37 of 2002 (the FAIS Act), regulates the rendering of financial advisory and intermediary services to clients and potential clients;
  9. the Electronic Communications and Transactions Act 25 of 2002, which provides for the facilitation and regulation of electronic communications and transactions;
  10. the Prevention of Organised Crime Act 121 of 1998, which introduces measures to combat organised crime, money laundering and criminal gang activities, and prohibits certain activities relating to racketeering activities;
  11. the Home Loan and Mortgage Disclosure Act 63 of 2000, which promotes fair lending practices and sets out the disclosure requirements for financial institutions who grant home loans;
  12. the Mutual Banks Act 124 of 1993 (the Mutual Banks Act), which provides for the regulation and supervision of the activities of mutual banks;
  13. the Co-operative Banks Act 40 of 2007 (the Co-op Banks Act), which provides for the regulation and supervision of cooperative banks. The legislation acknowledges member-based financial services cooperatives as a separate tier of the official banking sector;
  14. the National Credit Act 34 of 2005 (the NC Act), which regulates consumer credit and the standards of consumer information. It also:
    • prohibits certain unfair credit and credit-marketing practices and reckless credit granting;
    • provides for debt reorganisation in cases of over-indebtedness;
    • regulates the disclosure of credit information; and
    • provides for the registration of credit bureaux, credit providers and debt-counselling services;
  15. the Consumer Protection Act 68 of 2008 (the CP Act), which protects certain fundamental consumer rights and applies to banking services provided to consumers, unless exempted, except to the extent that any such service constitutes advice or intermediary services regulated by the FAIS Act, or is regulated in terms of the Long-term Insurance Act of 1988 or the Short-term Insurance Act of 1988 (the provisions of which have been largely superseded by the Insurance Act 18 of 2017);
  16. the Financial Markets Act 19 of 2012 (the FM Act), which provides for, inter alia, the regulation of financial markets, the custody and administration of securities and prohibits insider trading;
  17. the Financial Institutions (Protection of Funds) Act 28 of 2001 (the FIPF Act), which provides for and consolidates the laws relating to the investment, safe custody and administration of funds and trust property by financial institutions;
  18. the Protection of Personal Information Act 4 of 2013 (the POPI Act), which regulates the minimum threshold requirements for the lawful processing of personal information; and
  19. the Cybercrimes Act 19 of 2020 (the Cybercrimes Act), which:
    • creates offences that have a bearing on cybercrime;
    • criminalises the disclosure of data messages that are harmful and provides for interim protection orders;
    • regulates jurisdiction in respect of cybercrimes;
    • regulates the powers to investigate cybercrimes;
    • regulates aspects relating to mutual assistance in respect of the investigation of cybercrimes;
    • provides for the establishment of a designated point of contact;
    • provides for the proof of certain facts by affidavit;
    • imposes obligations to report cybercrimes;
    • provides for capacity building; and
    • provides that the executive may enter into agreements with foreign states to promote measures aimed at the detection, prevention, mitigation and investigation of cybercrimes.

The following regulatory authorities are responsible for overseeing banks:

  1. the SARB, as the central bank, and more particularly the Registrar of Banks (Registrar), who is an officer of the SARB, are primarily responsible for protecting and enhancing financial stability in South Africa.4 The primary objective of the SARB is to protect the value of the local currency in the interest of balanced and sustainable economic growth in South Africa. The SARB, in terms of the NPS Act, also recognises the Payment Association of South Africa as a payment system management body tasked with organising, managing and regulating the participation of its members (i.e. banks) in the payment system;5
  2. the PA, whose objective is to:
    • promote and enhance the safety and soundness of financial institutions that provide financial products and securities services;
    • promote and enhance the safety and soundness of market infrastructures;
    • protect financial customers against the risk that those financial institutions may fail to meet their obligations; and
    • assist in maintaining financial stability;
  3. the FSCA, established in terms of the FSR Act, whose objective is to:
    • enhance and support the efficiency and integrity of financial markets;
    • protect financial customers by promoting fair treatment of financial customers by financial institutions;
    • provide financial customers and potential financial customers with financial education programmes; promote financial literacy and the ability of financial customers and potential financial customers to make sound financial decisions; and
    • assist in maintaining financial stability;
  4. the FIC, who monitors and provides banks with guidance as accountable institutions regarding the performance of their duties and their compliance with the FIC Act;
  5. the NCR, established in terms of the NC Act, whose responsibilities include registering credit providers and monitoring the consumer credit market and industry to ensure prohibited conduct is prevented, detected and prosecuted;
  6. the National Consumer Commission, established in terms of the CP Act, whose responsibilities include enforcing the CP Act; and
  7. the Information Regulator, established under Section 39 of the POPI Act, whose responsibilities include monitoring and enforcing compliance with the provisions of the POPI Act.

Prudential regulation

i Relationship with the prudential regulator

The SARB, as the central bank of South Africa, is responsible for bank regulation and supervision in South Africa; promoting the soundness of the domestic banking system through the effective and efficient application of international regulatory and supervisory standards; and minimising systemic risk. The SARB issues banking licences to banking institutions and monitors their activities in terms of either the Banks Act or the Mutual Banks Act.

On 21 August 2017, the FSR Act was signed into law. The passing of the FSR Act was the culmination of the collaboration on financial sector reform by the SARB, National Treasury and the Financial Services Board (the FSCA's predecessor) and marked an important milestone in South Africa's journey towards a safer and fairer financial system that is able to serve all citizens.

The FSR Act introduced three important changes to the regulation of the financial sector:

  1. it granted an explicit mandate to the SARB to maintain and enhance financial stability;
  2. it created a prudential regulator, the PA, which is responsible for regulating banks, insurers, cooperative financial institutions, financial conglomerates and certain market infrastructures; and
  3. it established a market conduct regulator (the FSCA, which is separate from SARB).6

The PA is a juristic person operating within the administration of the SARB and comprises four departments:

  1. the Financial Conglomerate Supervision Department;
  2. the Banking, Insurance and Financial Market Infrastructure Supervision Department;
  3. the Risk Support Department; and
  4. the Policy, Statistics and Industry Support Department.7

Banks are subject to inspection by the regulatory authorities listed in Section II. Official inspections may take various forms. Banks are requested and required by various statutes to submit, at regular intervals, specific financial and other reports, which are then analysed by the regulatory authorities with a view to identifying undesirable developments, such as potential default trends.

In addition, banks are subjected to on-site inspections, in which the authorities undertake a type of external audit of the bank, but with specific reference to the prudential and conduct-of-business requirements. Regulatory bodies may also conduct inspections when complaints are received by the public. Informally, supervisors may also engage in presentations to and meetings with any bank's board of directors (board).

ii Management of banks

The board of a bank is ultimately responsible for ensuring that an adequate and effective process of corporate governance, which is consistent with the nature, complexity and risk inherent in the bank's on-balance sheet and off-balance sheet activities, and which responds to changes in the bank's environment and conditions, is established and maintained.8

The process of corporate governance includes the maintenance of effective risk and capital management by a bank.9 The overall effectiveness of the processes relating to, inter alia, corporate governance, internal controls, risk management, capital management and capital adequacy must be continually monitored by the bank's board.10 The board of a bank, or a committee appointed by the board for that purpose, must at least once a year assess and document whether the processes relating to corporate governance, internal controls, risk management, capital management and capital adequacy implemented by the bank successfully achieve the objectives specified by the board; and at the request of the Registrar, provide the Registrar with a copy of the report compiled by the board or committee in respect of the adequacy of the processes relating to corporate governance, risk management, capital management and capital adequacy.11

In addition, the external auditors of a bank must annually review the process followed by the board in assessing its corporate governance arrangements, including the management of risk and capital, and the assessment of capital adequacy, and report to the Registrar whether any matters have come to their attention to suggest that they do not concur with the findings reported by the board, provided that when the auditors do not concur with the findings of the board, they provide reasons for their non-concurrence.12

Every director of a bank or controlling company is required to acquire a basic knowledge and understanding of the conduct of the business of that bank, and of the laws and customs that govern the activities of such an institution. Although not every member of the board of a bank or controlling company is required to be fully conversant with all aspects of the conduct of the business of a bank, the competence of every director of a bank must be commensurate with the nature and scale of the business conducted by that bank and, in the case of a director of a controlling company, as a minimum must be commensurate with the nature and scale of the business conducted by the banks in the group.13

In view of the fact that the primary source of funds administered and utilised by a bank in the conduct of its business are deposits loaned to it by the general public, it is further the duty of every director and executive officer of a bank to ensure that the risks assumed by a bank, in the conduct of its business, are prudently managed.14

The board must establish, inter alia, a remuneration committee consisting only of non-executive directors of the bank or controlling company.15 The functions of the remuneration committee include working closely with the bank or controlling company's risk and capital management committee in the evaluation of the incentives created by the compensation system, and ensuring that performance measures are based principally on the achievement of the board-approved objectives of the bank or controlling company and its relevant functions.

iii Regulatory capital and liquidity

A bank must manage its affairs in such a way that the sum of its Common Equity Tier 1 capital, additional Tier 1 capital and Tier 2 capital, and its Common Equity Tier 1 unimpaired reserve funds, additional Tier 1 unimpaired reserve funds and Tier 2 unimpaired reserve funds in South Africa does not at any time amount to less than the greater of 250 million rand, or an amount that represents a prescribed percentage of the sum of amounts relating to the different categories of assets and other risk exposures of the bank, calculated as prescribed in the regulations relating to banks, where the business of the bank includes trading in financial instruments.

A bank must furthermore hold in South Africa liquid assets amounting to not less than the sum of amounts, calculated as prescribed percentages not exceeding 20 per cent, of such different categories of its liabilities as may be prescribed in the regulations relating to banks. A bank may not pledge or encumber any portion of these liquid assets. The Registrar is empowered to exempt the bank from this prohibition on such conditions, to such an extent and for such a period as he or she may determine.

A controlling company must further manage its affairs in such a way that the total of its Common Equity Tier 1 capital, additional Tier 1 capital and Tier 2 capital, and its Common Equity Tier 1 unimpaired reserve funds, additional Tier 1 unimpaired reserve funds and Tier 2 unimpaired reserve funds, does not at any time amount to less than an amount that represents a prescribed percentage of the sum of the amounts relating to the different categories of assets and other risk exposures, and calculated in such a manner as prescribed. In addition, the capital and reserve funds of any regulated entity included in the banking group and structured under the controlling company must not at any time amount to less than the required amount of capital and reserve funds determined in respect of the relevant regulated entity, in accordance with the relevant regulator responsible for the supervision of the relevant regulated entity.16

iv Recovery and resolution

The SARB has issued a directive that specifies the minimum requirements for the recovery plans of banks, controlling companies and branches of foreign institutions. The level of detail and range of recovery options must be commensurate with the risk profile of the relevant bank or institution. These requirements are in line with the international standard for resolution planning set by the Financial Stability Board in its 'Key attributes of effective resolution regimes for financial institutions' released on 4 November 2011.

The directive sets out the following governance requirements:

  1. the development, maintenance, approval and annual review of the recovery plan should be subject to an appropriate governance process with clearly assigned roles and responsibilities for operational staff, senior management and the board (or committee of similar standing in the case of a locally registered branch of a foreign bank);
  2. the board should express its view on the recoverability of the bank from severe financial stress based on the options identified in the recovery plan; and
  3. an overview of any material changes or updates made since the previous version of the bank's recovery plan needs to be included in the recovery plan.

If the Registrar is of the opinion that a bank will be unable to repay deposits made with it or will probably be unable to meet any other obligations, the Minister of Finance (Minister) may appoint a curator to the bank, if he or she deems it desirable in the public interest, by notifying the chief executive officer or chair of the board of that bank in writing.17 If such an appointment is made, the management of the bank vests in the curator, subject to supervision by the Registrar, and those who until then were vested with its management are divested of it. The curator must recover and take possession of all the assets of the bank.18 The appointment of a curator does not amount to the bank being wound up or liquidated.

Subject to the supervision of the Registrar, the curator must conduct the management of the bank in such a manner as the Registrar may deem to best promote the interests of the creditors of the bank concerned and of the banking sector as a whole, and the rights of employees in accordance with the relevant labour legislation.19 The curator may dispose of all or part of the business of a bank to enable an effective resolution of a bank under curatorship.20 If, at any time, the curator is of the opinion that there is no reasonable prospect that the continuation of the curatorship will enable the bank to pay its debts or meet its obligations and become a going concern, the curator must inform the Registrar in writing forthwith.21

The curator is empowered to cancel any guarantee issued by a bank prior to its being placed under curatorship, excluding a guarantee that the bank is required to make good within a period of 30 days of the date of the appointment of the curator. A claim for damages in respect of any loss sustained by or damage caused to any person as a result of the cancellation of a guarantee may be instituted against the bank after the expiry of a period of one year from the date of the cancellation.22 A curator is further empowered to raise funding on behalf of the bank from the SARB, or any entity controlled by the SARB and, notwithstanding any contractual obligations of the bank, but without prejudice to real security rights, to provide security over the assets of the bank in respect of that funding. Any claim for damages in respect of any loss sustained by or damage caused to any person as a result of such security may be instituted against the bank after the expiry of a period of one year from the date of the provision of security.23 A curator may also propose and enter into an arrangement or compromise between the bank and all its creditors, or all the members of any class of creditors, in terms of Section 155 of the Companies Act 71 of 2008 (the Companies Act).24

Notwithstanding the foregoing, the Registrar has the right to apply to a court for the winding up of any bank under the Companies Act. The Registrar also has the right to oppose any such application made by any other party.25 Only a person recommended by the Registrar may be appointed as provisional liquidator or liquidator of a bank.

The introduction of the FSR Act provides for the establishment of an explicit deposit insurance scheme for banks.26 Together, the resolution chapter of the FSR Act and the Financial Sector Laws Amendment Act 23 of 2021 (the FSLA Act), which was promulgated on 28 January 2022 but is not yet in force, provide that the resolution of designated institutions falls squarely within the ambit of the SARB as the resolution authority.

Conduct of business

Under Section 78 of the Banks Act, a bank is not permitted to:

  1. hold shares in any company of which the bank is a subsidiary;
  2. lend money to any person against security of its own shares or of shares of its controlling company;
  3. grant an unsecured loan or a loan against security that, in the opinion of the Registrar, is inadequate for the purpose of furthering the sale of its own shares;
  4. show bad debts, losses or certain costs as assets in its financial statements or returns;
  5. pay out dividends on its shares, or open any branch or agency, before provision has been made out of profits for any such bad debts, losses and certain costs;
  6. act as an agent for the purpose of a money-lending transaction between a lender and a borrower, except in terms of a written contract of agency that confirms that the bank acts as the agent of the lender, that the lender assumes all risks and related responsibilities, and that payment is not guaranteed by the bank;
  7. record in its accounting records any asset at a value increased by the amount of a loss incurred upon the realisation of another;
  8. conclude a repurchase agreement in respect of a fictitious asset or an asset created by means of a simulated transaction;
  9. purport to have concluded a repurchase agreement without the agreement being substantiated by a written document signed by the other party, and the details of the agreement being recorded in the accounts of the bank as well as in the accounts that may be kept by the bank in the name of the other party; and
  10. pay out dividends from its share capital without the prior written approval of the Registrar.

A bank must hold all its assets in its own name, excluding any asset that is bona fide hypothecated to secure an actual or potential liability; in respect of which the Registrar has approved in writing that the asset may be held in the name of another person; or falling within a category of assets designated by the Registrar as an asset that may be held in the name of another person.

A bank owes a duty of confidentiality and secrecy to its customers.27 Banking secrecy is founded on legislation, contract and the protection of privacy.28 The contractual foundation of banking secrecy is regarded as an express or implied term of a contract between a bank and its customer. However, contractual obligations are not the only foundation of bank secrecy, because a bank may also not reveal information concerning a prospective or a past customer to a third party unless permitted by statute or consented to by the customer. Banks are, in fact obliged to keep all confidential information secret, whether it relates to a customer or anyone else.29 According to Malan, '[a] bank is obliged to keep all information concerning a customer confidential including the fact, it is submitted, that he is or was a customer'.30

This duty is not absolute, as certain circumstances may justify a bank disclosing confidential information. The following grounds of justification were identified in Tournier v. National Provincial & Union Bank of England:31

  1. where disclosure is under compulsion by law;32
  2. where there is a duty to the public to disclose;
  3. where the interests of the bank require disclosure; and
  4. where the disclosure is made by the express or implied consent of the customer.

The Code of Banking Practice (the Code) issued by the Banking Association of South Africa (BASA) also recognises the duty to respect privacy and confidentiality. Although it is voluntary, all member banks of BASA abide by the Code. The Code applies to the relationships between personal and small business customers and their banks. The Code confirms that banks will treat all the personal information of a customer as private and confidential, and that, as a general rule, banks will not disclose any personal information about a customer or his, her or its accounts, including to other companies in any bank's group, even when that person is no longer a customer.

Funding

Banks are required to maintain a minimum reserve balance in accounts with the SARB.33 The credit balance in those accounts must comply with certain prescribed percentages.

The Basel III liquidity framework requires banks to adhere to a new liquidity coverage ratio (LCR). The LCR was introduced in South Africa as a minimum liquidity requirement from 1 January 2015. The SARB has approved the provision of a committed liquidity facility (CLF) to commercial banks to assist them in meeting their LCR. The CLF essentially enables banks to unlock liquidity from otherwise illiquid, but nevertheless high-quality, assets. A number of directives have been issued by the SARB setting out requirements for compliance with the LCR, including national discretion as allowed for in the LCR framework and how compliance with the LCR should be measured.

Control of banks and transfers of banking business

i Control regime

No entity other than a bank or institution that has been approved by the Registrar and that conducts business similar to the business of a bank in a country other than South Africa may exercise control over a bank, unless the entity is a public company and is registered as a controlling company in respect of such bank.34 A person is deemed to exercise control over a bank if the bank is a subsidiary of the controlling company, or if that person, alone or together with his or her associates:

  1. holds shares in the bank of which the total nominal value represents more than 50 per cent of the nominal value of all the issued shares of the bank, unless he or she, or he or she together with his or her associates, is unable to influence decisively the outcome of the voting at a general meeting due to limitations on the voting rights attached to the shares;
  2. is entitled to exercise more than 50 per cent of the voting rights in respect of the issued shares of the bank; or
  3. is entitled or has the power to determine the appointment of the majority of the directors of that bank.35

An application for registration as a controlling company must be made to the Registrar on the prescribed form. The Registrar may grant or refuse the application, or make the granting thereof conditional. The Registrar shall not grant an application for registration as a controlling company unless he or she is satisfied that:

  1. the registration of the applicant as a controlling company will not be contrary to the public interest;
  2. in the case of an applicant intending to control any bank, the applicant will be able to establish control;
  3. no provision of the memorandum of incorporation of the applicant and no interest that any person has in the applicant is inconsistent with the Banks Act;
  4. every director or executive officer of the applicant is a fit and proper person, and has sufficient knowledge and experience; and
  5. the applicant is in a financially sound condition.

Restrictions are also in place for shareholding in banks. In general, a shareholder may not acquire or hold more than 15 per cent of the shares of a bank or controlling company without the permission of the Minister or the Registrar. In considering the requisite permission, the Registrar or Minister may consult the Competition Commission, established and constituted in accordance with the provisions of the Competition Act 89 of 1998. The Registrar or the Minister must be satisfied that the proposed acquisition of shares will not be contrary to the public interest, or to the interests of the bank, its depositors or the controlling company.

A bank further requires the prior written approval of the Registrar to:

  1. establish or acquire a subsidiary within or outside South Africa;
  2. invest in a joint venture within or outside South Africa if the investment exceeds certain thresholds;
  3. establish, open or acquire a branch office or representative office outside South Africa;
  4. create, establish or acquire a trust outside South Africa of which the bank is a major beneficiary, or any financial or business undertaking outside South Africa under the bank's direct or indirect control;
  5. acquire an interest in any undertaking with a registered office or principal place of business outside South Africa; or
  6. create a division within or outside South Africa where another person conducts his or her business through that division.

Banks are also required to furnish the Registrar with particulars relating to their shareholding or other interest in their subsidiaries. Furthermore, no reconstruction of companies within a group of which a bank or a controlling company or subsidiary of a bank is a member may be effected without the prior written approval of the Registrar.

ii Transfers of banking business

The Minister must consent in writing, and convey consent through the Registrar, to any arrangement for the transfer of more than 25 per cent of the assets, liabilities, or assets and liabilities, of a bank to another person. The 25 per cent rate is calculated by aggregating the amount of the transferred assets, liabilities, or assets and liabilities, with any previous transfer of assets, liabilities, or assets and liabilities, within the same financial year of the bank concerned.36

In the event that only assets are transferred, and the amount of the transferred assets, with any previous transfer of assets within the same financial year, aggregates to an amount that is less than 10 per cent of the total on-balance-sheet assets of the transferring bank, no consent is required.

These provisions do not apply to the transfer of assets effected in accordance with a duly approved securitisation scheme.

The year in review

In 2021, the South African economy continued to rebound from the 2020 recession despite different sectors having different growth rates,37 but the rising level of public debt remains of concern.

On 11 March 2020, the World Health Organisation Director General characterised covid-1938 as a pandemic and on 15 March 2020 the outbreak of covid-19 in South Africa was declared a national disaster in Government Notice No. R 313 under the Disaster Management Act 57 of 2002 and a national lockdown from 11.59pm on 26 March 2020 was imposed on all persons in South Africa, subject to a closed list of exceptions. Lockdown measures continued intermittently throughout 2021 due to the emergence of a number of covid-19 variants.

During 2021, the SARB relaxed or withdrew the following temporary policy decisions implemented in March 2020:

  1. the temporary relief measure relating to the reduction of the liquidity coverage ratio (implemented with effect from 1 April 2020) was withdrawn. Banks are now required to hold a minimum of 100 per cent liquidity coverage ratio from 1 April 2022;39
  2. the temporary treatment measures relating to restructured credit exposures attributable to the covid19 pandemic were withdrawn, effective 1 April 2022;40
  3. the Pillar 2A capital buffer was reinstated at 1 per cent of the riskweighted average from 1 January 2022;41 and
  4. the guidance measures relating to the payment of dividends by banks were relaxed.42

On 11 June 2021, the Crypto Assets Regulatory Working Group (CAR WG) of the Intergovernmental Fintech Working Group (IFWG) published a revised position paper43 that recognises the requirement for crypto-assets to be included in the South African financial sector to, inter alia, protect South African consumers from unscrupulous service providers and sets out the following three primary recommendations for regulating crypto-asset service providers (CASPs):

  1. including the CASPs as 'accountable institutions' under the FIC Act to ensure that CASPs, inter alia, adhere to the legislative requirements pertaining to anti-money laundering measures and the combating of the financing of terrorism;
  2. amending Regulation 10(4) of the Exchange Control Regulations 1961 to include crypto-assets in the definition of 'capital' so that the Financial Surveillance Department of the SARB is able to, inter alia, supervise and regulate cross-border financial flows in respect of crypto-assets; and
  3. amending the definition of a 'financial product' under the FAIS Act to include crypto-assets.

The position paper has been endorsed by the National Treasury, the SARB, the FSCA, the FIC, the NCR, the South African Revenue Service and the Competition Commission, all of whom are members of the IFWG and, once finalised and published, will be the mandate given to the individual financial sector regulators for implementation in the financial sector.

On 28 January 2022, the FSLA Act was proclaimed by the President of South Africa. The purpose of the FSLA Act is to, inter alia:

  1. establish a framework for the resolution of designated institutions to ensure that the impact or potential impact of a failure of a designated institution on financial stability is managed appropriately;
  2. designate the SARB as the resolution authority;
  3. establish a deposit insurance scheme, including a Corporation for Deposit Insurance and a Deposit Insurance Fund;
  4. provide for coordination, cooperation, collaboration and consultation between the Corporation for Deposit Insurance and other entities in relation to financial stability and the functions of these entities; and
  5. make provision for designated institutions in connection with resolution matters.44

Once in force, the FSLA Act will amend the Insolvency Act 24 of 1936, the FSR Act, the SARB Act, the Banks Act, the Mutual Banks Act, the Competition Act 89 of 1998, the FIPF Act, the Co-op Banks Act, the Companies Act 71 of 2008, the FM Act and the Insurance Act 18 of 2017. The FSLA Act is part of the Twin Peaks reform of the financial regulatory system applicable to the financial sector.

In December 2021, the FSCA published the draft Joint Standard under the FSR Act relating to the Cybersecurity and Cyber Resilience Requirement, which will apply to certain financial institutions45 to ensure that they are, inter alia, prepared for any cyberattacks that may occur (the Draft Joint Standard).46 The Draft Joint Standard sets out the minimum requirements for the practices and procedures of cybersecurity and cyber resilience that financial institutions, are required to adopt. The Draft Joint Standard requires financial institutions to, inter alia, ensure that any or all potential risks relating to cybersecurity47 and cyber resilience48 are catered for; and mitigate the impact of a breach of a financial institution's cybersecurity systems.

In the second edition of the November 2021 Financial Stability Review, the SARB identified several key risks to financial stability, including covid-19 and economic activity in South Africa, the increasing domestic government debt, a rapid tightening of financial conditions and climate change. These risks are being monitored very closely by the SARB and we anticipate the introduction of further legislation or amendments to existing legislation to mitigate such risks, where possible.

Outlook and conclusions

South Africa remained under national lockdown during 2021.

The SARB's November 2021 resilience statement49 stated that:

  1. overall, the South African financial system has displayed a relatively high level of resilience under challenging conditions;
  2. the South African financial markets experienced bouts of volatility and sharp sell-offs in asset prices at times, but have held up relatively well; and
  3. on the banking and insurance side, both sectors have, in aggregate, maintained sizable capital buffers throughout the covid19 pandemic, demonstrating a high level of resilience.

The SARB further stated that the results of the stress tests performed on South Africa's six SIFI banks confirmed that the 'six SIFI banks hold sufficient capital buffers to withstand severe, yet plausible, macroeconomic shocks contained in the adverse scenario'.50

On 11 February 2022, the Deputy Governor and CEO of the PA issued Directive D1/2022 in terms of Section 6(6) of the Banks Act to all banks, branches of foreign institutions, controlling companies, eligible institutions and auditors of banks of controlling companies wherein it set out the scope and application of, and matters relating to the calculation and disclosure of, the LCR. Directive D1/2022 replaced Directive D11/2014.

On 25 February 2022, the Deputy Governor and CEO of the PA issued Directive D2/2022 in terms of Section 6(6) of the Banks Act to all banks, controlling companies, representative offices of foreign banking institutions conducting business in South Africa, representative offices of South African banks conducting business outside of South Africa and auditors of banks, controlling companies or representative offices of foreign banking institutions conducting business in South Africa. Directive D2/2022 requires representative offices of foreign banking institutions that are conducting business in South Africa and representative offices of South African banks conducting business outside of South Africa to establish and maintain a robust system of internal controls that are consistent with the nature, complexity and risk inherent in the representative office's activities, and that responds to the changes in the representative office's environment and conditions and that includes the maintenance of effective risk management by the representative office.

Footnotes

1 Natalie Scott is a director at Werksmans Attorneys. The author would like to thank Kyra South, a senior associate at Werksmans Attorneys, for her help with the preparation of this chapter.

2 In its November 2021 Financial Stability Review, the SARB states that financial stability 'refers to a financial system that espouses confidence through resilience to systemic risks and its ability to efficiently intermediate funds'.

3 Financial Stability Review, second edition, November 2021.

4 Sections 3 and 4 of the Banks Act. Financial Stability Review, second edition, November 2021.

5 Section 3 of the NPS Act.

7 ibid.

8 Section 60B(1) of the Banks Act.

9 Regulation 39(2).

10 Regulation 39(17).

11 Regulation 39(18).

12 Regulation 39(19).

13 Regulation 40(1).

14 Regulation 40(3).

15 Section 64C of the Banks Act.

16 See, in general, Sections 70A and 72 of the Banks Act.

17 Section 69(1) of the Banks Act.

18 Section 69(2A) of the Banks Act.

19 Section 69(2B) of the Banks Act.

20 Section 68(2C) of the Banks Act.

21 Section 69(2D) of the Banks Act.

22 Section 69(3)(i) of the Banks Act.

23 Section 69(3)(j) of the Banks Act.

24 Section 69(3)(k) of the Banks Act.

25 Section 68(1) of the Banks Act.

26 A critical feature of the resolution framework is to establish an explicit deposit insurance scheme to ensure that depositors who are most exposed to an asymmetry of information and thus least likely to hedge or mitigate against financial loss in the event of a bank failure are protected against losses and hardship that may stem from a bank failure (Financial Stability Review, second edition).

27 See Tournier v. National Provincial & Union Bank of England 1924 1 KB 461; Abrahams v. Burns 1914 CPD 452 456; Cambanis Buildings (Pty) Ltd v. Gal 1983 (2) SA 128 (NC) 137E-F; GS George Consultants and Investments (Pty) Ltd v. Datasys (Pty) Ltd 1988 (3) SA 726 (W); FirstRand Bank Ltd v. Chaucer Publications (Pty) Ltd 2008 (2) SA 592 (C).

28 Malan on Bills of Exchange, Cheques and Promissory Notes, fifth edition, F R Malan et al., LexisNexis South, Paragraph 223.

29 Cambanis Buildings (Pty) Ltd v. Gal 1983 (2) SA 128 (N) at 137; GS George Consultants and Investments (Pty) Ltd v. Datasys (Pty) Ltd 1988 (3) SA 726 (W) at 736. Malan on Bills of Exchange, Cheques and Promissory Notes, third edition, F R Malan and J T Pretorius, LexisNexis South, Paragraph 212.

30 Malan on Bills of Exchange, Cheques and Promissory Notes, fifth edition, F R Malan et al., LexisNexis South, Paragraph 223.

31 1924 1 KB 461 at 473. See also Cywilnat (Pty) Ltd v. Densam (Pty) Ltd 1989 (3) SA 59 (W); Densam (Pty) Ltd v. Cywilnat (Pty) Ltd 1991 (1) SA 100 (A); FirstRand Bank Ltd v. Chaucer Publications (Pty) Ltd 2008 (2) SA 592 (C).

32 See, for example, Section 371 of the FIC Act, which provides in general that no duty of secrecy or confidentiality or any other restriction on the disclosure of information, whether imposed by legislation or arising from common law or agreement, affects compliance by an accountable institution such as a bank, or any other person with a provision of Parts 3 and 4 of Chapter 3 and with Chapter 4; and the Promotion of Access to Information Act 2 of 2000, which aims, inter alia, to give effect to the right of access to any information that is held by another person and that is required for the exercise or protection of any rights.

33 See, in general, Section 10A of the South African Reserve Bank Act 90 of 1989.

34 Section 42(1) of the Banks Act.

35 Section 42(2) of the Banks Act.

36 Section 54 of the Banks Act.

37 The South African Reserve Bank Press Release dated 27 May 2021 issued by the South African Reserve Bank Media Relations.

38 Covid-19 is defined in regulations published under Section 27(2) of the Disaster Management Act 57 of 2002 as the 'Novel Coronavirus (2019-nCOV) which is an infectious disease caused by a virus, which emerged during 2019 and was declared a global pandemic by the WHO during the year 2020 that has previously not been scientifically identified in humans'.

39 Directive 8/2021 issued by the Deputy Governor and CEO of the PA on 29 October 2021.

40 Directive 7/2021 issued by the Deputy Governor and CEO of the PA on 28 October 2021.

41 Financial Stability Review, first edition, May 2021 and Directive 5/2021 2021 issued by the Deputy Governor and CEO of the PA on 20 May 2021.

42 Financial Stability Review, first edition, May 2021 p.19.

43 IFWG Crypto Asset Regulatory Working Group, Position Paper on Crypto Assets, dated 11 June 2021.

44 The 'long title' of the Financial Sector Laws Amendment Act 23 of 2021.

45 The financial institutions referred to in the Draft Joint Standard include banks, mutual banks, market infrastructures, managers of collective investment schemes, insurers, financial service providers, pension funds and over the counter derivative providers.

46 The Draft Joint Standard was drafted in accordance with the provisions of the FSR Act, and was published for comment by the FSCA on 15 December 2021.

47 'Cybersecurity' is defined in paragraph 4.1 of the Draft Joint Standard as 'the preservation of confidentiality, integrity and availability of information and/ or IT Systems through the cyber medium'.

48 'Cyber resilience' is defined in paragraph 4.1 of the Draft Joint Standard as 'the ability of a financial institution to continue to carry out its mission by anticipating and adapting to cyber threats and other relevant changes in the environment and by withstanding, containing and rapidly recovering from cyber incidents'.

49 Financial Stability Review, second edition, November 2021.

50 Financial Stability Review, second edition, November 2021.

The Law Reviews content