by Hilah Laskov, Director

Introduction

In this article series, we take a deep dive into the South African Conduct of Financial Institutions (COFI) Bill – a major financial sector regulatory reform – one theme at a time.

COFI was drafted in conjunction with the Financial Sector Regulation Act (FSRA), the two pillars of the Twin Peaks regulatory reform. The Twin Peaks regulatory reform is a response to financial system weaknesses identified by the 2008 Global Financial Crisis, such as the systemic risks of large insurers and inappropriate market conduct practices.

The FSRA has already been implemented. The FSRA introduced the Twin Peaks regulatory framework, bringing into existence two regulators for the industry. The first regulator is the Prudential Authority (PA) responsible for the prudential regulation of financial institutions, while the second is the Financial Sector Conduct Authority (FSCA) responsible for regulating market conduct.

COFI represents a major overhaul of how financial institutions will be regulated in South Africa. Currently, different financial institutions are regulated by different legislation. COFI will involve shifting to a harmonised, principles-based conduct regime focused on customer outcomes, transparency and inclusion. COFI also provides for a single licensing and supervision framework and stronger enforcement and standards across the financial sector. Its implementation will unfold over several years and reshape regulatory expectations for financial institutions and consumers alike.

National Treasury has indicated that COFI will be finalised in 2026. COFI has recently been adop­ted by Cab­inet for sub­mis­sion to Par­lia­ment.

Governance and Accountability: Part 5

In our previous articles, we examined the Purpose and Application of COFI, the Licensing Framework, Consumer Protection and Transparency and the Principles and Conduct Requirements under COFI. In this article, we consider COFI’s approach to governance and accountability and the extent to which COFI seeks to influence not only what financial institutions do, but how they are run.

Conduct as a governance issue
A defining feature of COFI is that it elevates market conduct from a compliance function to a governance responsibility.

Under the current regime, conduct risk is often managed within legal or compliance teams. COFI, however, makes it clear that responsibility for delivering fair customer outcomes rests with the leadership of the institution itself.

This reflects a broader international regulatory trend: poor conduct is increasingly seen not as a failure of rules, but as a failure of governance, oversight and culture.

The role of the “governing body”

COFI places primary responsibility for conduct on an institution’s “governing body”. The governing body is expected to ensure that the institution conducts its business in a manner that delivers fair customer outcomes, oversee the effectiveness of conduct risk management frameworks and embed appropriate policies, processes and controls across the organisation.

This represents a shift from oversight of compliance to active accountability for conduct outcomes.

Conduct culture

COFI introduces a focus on “conduct culture”, being the values, behaviours and incentives that shape how an institution interacts with its customers. Financial institutions will be expected to demonstrate that their culture supports fair treatment of customers, responsible product design and distribution and ethical decision-making at all levels of the organisation.

This will impact expectations pervasively. For example, remuneration structures will need to be reevaluated to ensure that they do not incentivise poor customer outcomes.

Senior management accountability

While COFI does not introduce a formal individual accountability regime equivalent to those seen in some international jurisdictions (such as the United Kingdom’s Senior Managers and Certification Regime), it nonetheless places heightened expectations on senior management.

In practice, this is likely to lead to a more structured allocation of responsibilities within institutions, even if not formally prescribed in the legislation.

Key challenges

While the governance framework under COFI is conceptually aligned with international best practice, it
raises several practical and conceptual challenges.

Concepts such as “conduct culture” and “fair outcomes” are inherently difficult to define, much less measure and evidence. These concepts require institutions to make qualitative judgments about behaviours and outcomes. The reliance on broad, principles-based obligations introduces interpretive uncertainty, (particularly, before any conduct standards are issued – see our article: Principles and Conduct Requirements). In addition, it is unclear how the FSCA and PA will distinguish between genuine conduct failures and reasonable differences in business judgment. This begs the question: Will the emphasis on governing bodies, senior management and conduct culture lead to better customer outcomes on the ground? Without clear guidance on quantifiable outcomes and how they should be assessed and evidenced, there is a possibility that institutions will prioritise regulatory defensibility over substance.

Smaller institutions may face disproportionate challenges in implementing governance frameworks that are sufficiently robust to meet regulatory expectations. Concepts such as a “governing body”, formal conduct risk frameworks and sophisticated monitoring systems may not align neatly with the structures of smaller firms (see our comments about proportionality in our previous article: Purpose and Application). This, in turn, may serve as a disincentive for market entrants, scuppering objectives of inclusivity in the financial services sector.

Practical implications

COFI’s governance requirements will require financial institutions to reassess not only their policies and procedures, but also their decision-making structures and organisational culture.

In preparation, institutions should consider –

• clarifying the roles and responsibilities of boards and senior management;
• strengthening conduct risk governance frameworks;
• reviewing remuneration and incentive structures; and
• ensuring that appropriate management information is available to monitor customer outcomes.

COFI represents a ramping up in accountability. It is not only what a financial institution does that counts, but what its leadership does and what its culture is.