by Hilah Laskov, Director

Introduction

In this article series, we take a deep dive into the South African Conduct of Financial Institutions (COFI) Bill – a major financial sector regulatory reform – one theme at a time.

COFI was drafted in conjunction with the Financial Sector Regulation Act (FSRA), the two pillars of the Twin Peaks regulatory reform. The Twin Peaks regulatory reform is a response to financial system weaknesses identified by the 2008 Global Financial Crisis, such as the systemic risks of large insurers and inappropriate market conduct practices.

The FSRA has already been implemented. The FSRA introduced the Twin Peaks regulatory framework, bringing into existence two regulators for the industry. The first regulator is the Prudential Authority (PA) responsible for the prudential regulation of financial institutions, while the second is the Financial Sector Conduct Authority (FSCA) responsible for regulating market conduct.

COFI represents a major overhaul of how financial institutions will be regulated in South Africa. Currently, different financial institutions are regulated by different legislation. COFI will involve shifting to a harmonised, principles-based conduct regime focused on customer outcomes, transparency and inclusion. COFI also provides for a single licensing and supervision framework and stronger enforcement and standards across the financial sector. Its implementation will unfold over several years and reshape regulatory expectations for financial institutions and consumers alike.

National Treasury has indicated that COFI will be finalised in 2026. COFI has recently been adop­ted by Cab­inet for sub­mis­sion to Par­lia­ment.

COFI – What Really Changes?: Part 6

In our previous articles, we examined the Purpose and Application of COFI, the Licensing Framework, Consumer Protection and Transparency, the Principles and Conduct Requirements and the Governance and Accountability under COFI. In this article, we look at COFI versus the current regime, with a focus on FAIS and consider what the shift to COFI will mean in practice. That is, what really changes?

From sectoral to unified, activity-based regulation and licencing

The current regime is not governed by a single statute, but rather by a combination of laws, including FAIS, the Long-term and Short-term Insurance Acts, the Collective Investment Schemes Control Act (“CISCA”) and elements of the FSRA. While these frameworks have developed over time, they have resulted in a fragmented and sector specific approach to conduct regulation in the sense that under the current framework, financial institutions are regulated based on their legal form and sector. Different rules apply to financial advisors and managers, insurers, collective investment scheme administrators and other market participants, often resulting in overlapping or inconsistent requirements.

COFI introduces a single conduct framework that applies across the financial sector. Rather than regulating specific categories of institutions, COFI regulates financial activities, regardless of who performs them. This also means that entities that previously have fallen outside specific sectoral regimes are now to be brought within the regulatory net owing to the activities they perform (for example, “corporate advisory services”).

This shift permeates into the licencing framework. Under the current regime, licensing is largely entity based and sector-specific. Financial advisors and investment managers are licensed as FSPs under FAIS, insurers are licensed as such under insurance legislation, collective investment scheme managers are authorised under CISCA and so on. This means that one entity may require multiple licences in terms of multiple legislation.

In line with international trends, COFI replaces this with an activity-based licensing model, under which a financial institution holds a single licence with multiple activity authorisations linked to the activity/ies performed, the financial product involved and the category of customer served.

In short, it is not what you are, but what you do that counts.

From indirect to direct accountability

A defining feature of the current framework, particularly under FAIS, is its reliance on the concept of representatives, including both natural persons and juristic representatives, who act under the licence of an FSP.

COFI represents a shift towards increased accountability. This is seen by increasing transparency requirements through imposing greater disclosure requirements (such as, in some cases, making financial statements available to the public) but also in shifting the focus away from representatives and towards the person who actually performs the regulated activity.

This has potentially significant implications: First, certain entities that currently operate as juristic representatives may be required to obtain their own licences, particularly in areas such as discretionary investment management. Second, the continued role of juristic representatives in other contexts, such as the provision of financial advice, remains uncertain under the current draft, including in light of transitional provisions.

This represents a move towards increased accountability as well as direct accountability at the level at which the activity is performed, rather than reliance on layered licensing structures.

Ultimately, COFI signals a shift towards a regulatory regime in which it is not only what you do that counts, but how you behave while doing it.

From rules-based to outcomes-based conduct

The current regulatory framework is largely rules-based, supported by detailed subordinate legislation, codes of conduct and sector-specific requirements. Compliance is often demonstrated through adherence to prescribed rules and processes.

COFI introduces a principles- and outcomes-based framework, centred on the delivery of fair customer outcomes. Financial institutions must consider whether conduct has resulted in appropriate outcomes for customers. While this allows for greater flexibility, it also introduces interpretive uncertainty, particularly in the absence of detailed conduct standards at the outset.

It is not only what you do and how you behave while doing it, but also how it lands with consumers that counts.

From protective rules to increased governance and culture expectations

Under the current framework, governance requirements vary across sectors and are often indirect or embedded within broader prudential or operational requirements.

COFI places greater emphasis on governance, conduct culture and accountability. COFI requires that the governing body takes responsibility for conduct, institutions embed a conduct-oriented culture and that senior management actively oversees conduct risk.

This elevates conduct from a compliance issue “managed” by a compliance team to a core governance function across all financial institutions for which leadership is responsible. Conduct consideration is expected to be an integral part of the culture of every financial institution.

It is not only what a financial institution does that counts, but what its leadership does and what its culture is.

From reactive to proactive enforcement

Under the current regime, supervision is often focused on compliance with sector-specific rules and licensing conditions, with different regulators historically overseeing different parts of the market.

COFI empowers the FSCA to adopt a more proactive and judgement-based supervisory approach. The FSCA is empowered to issue binding conduct standards and monitor customer outcomes. Notably, the FSCA is empowered to intervene where there is a risk of harm, even in the absence of clear rule breaches.

This represents a shift towards more intrusive and risk-based (as opposed to breach-based) supervision.

What does this mean for financial institutions?

The existing legislative framework will not fall away immediately upon the introduction of COFI. Instead, there will be a phased transition, during which existing licences and authorisations will remain valid and institutions will be migrated to the COFI licensing framework over time.

Financial institutions should begin to align their businesses with the new regulatory philosophy encompassed by COFI.

In anticipation of COFI’s implementation, financial institutions should begin –

• mapping their activities against the proposed licensing categories;
• assessing whether any group entities or service providers may require separate licences;
• reviewing governance and operational structures to align with an activity-based regulatory framework;
• reviewing their financial reporting and audit processes and considering the potentially public positioning of their financial information;
• reviewing their product governance frameworks, assessing how customer outcomes are currently measured and monitored, strengthening conduct risk management processes and embedding conduct considerations into decision-making at all levels of the organisation;
• clarifying the roles and responsibilities of boards and senior management; and
• strengthening conduct risk governance frameworks, reviewing remuneration and incentive structures and ensuring that appropriate management information is available to monitor customer outcomes.

Early engagement and preparation will be key to navigating the transition to COFI.