COMPLIANCE
COMPLIANCE
8
31 May 2017
Financial services
sector needs to up
data protection
JAMES GEORGE
Compliance Manager, Compli-Serve SA
Key individuals
in the spotlight
T
aking on the
responsibility of being
a key individual (KI)
shouldn’t be done lightly, as
KIs carry an enormous load
of accountability in managing
and overseeing a Financial
Services Provider (FSP), and
ensuring that these duties
are performed with due care,
skill and diligence. Th ey also
have a fi duciary duty to the
customers of the FSP, which
means they have to ensure
that customers can trust
in and rely on the advice,
products and services the FSP
off ers, and that they achieve
the best possible outcomes.
With the proposed Conduct
of Business Returns (COBR)
set to come into play from
next year, key individuals need
to be even more in control
of their businesses as market
conduct risk increasingly
comes to the fore.
As a brief reminder, key
individuals need to ensure that:
• Th e FSP remains
fi t and proper
• Th e license conditions are
complied with
• Th e obligations on FSPs
as detailed in the Act
are complied with
• Th e key individuals remain
fi t and proper
• All persons falling
within the defi nition
of ‘representative’ are
registered as representatives
• Th e juristic representatives
remain fi t and proper
• Th e employed
representatives remain
fi t and proper
• Th e representatives comply
with all the requirements
of the Code of Conduct
• Th e appropriate returns are
lodged with the Financial
Services Board (FSB) prior to
the due date.
Recently Compli-Serve
completed its comments on
the proposed returns, which
all registered financial service
providers will need to complete
from 2018. KIs will need to play
a pivotal role in reporting to
the FSB.
Th e COBR will eff ectively
replace the existing FAIS
compliance report with eff ect
from the 2018 reporting
period. Th e COBR is a material
departure from the current tick-
box report that we have all got
used to over the last ten years
or so. Th e COBR requires far
more information from licensed
entities and it is likely that it
will require signifi cantly more
preparation to be undertaken by
KIs and management.
Th e 2017 compliance report
will be largely similar to those of
previous years, although some
questions have been amended and/
or removed to facilitate a more
streamlined document.
However, this is the last year
of this particular report format
and we will move forward into
the more principles-based
reporting that the FSB wishes to
implement as part of the wider
Treating Customers Fairly
(TCF) programme that has
been rolling forward for the
last few years.
In conclusion, being a KI in
today’s environment requires
commitment and time, and
anyone taking on this role needs
to have a full understanding of
the requirements, and the level
of accountability it entails.
Being one of the most highly
regulated industries, the fi nancial
services sector needs to improve
data protection more than ever
before. This industry is being
put under the microscope by
regulators, clients and investors
alike – especially with the imminent
introduction of the Protection of
Personal Information (PoPI) Act.
Data loss continues to make
headlines worldwide with fi nancial
institutions being the primary
target. Breaches include everything
from insider data theft to skimming
to stolen or missing hardware.
The vast range and volume of
new devices being deployed in
the marketplace makes it nearly
impossible for companies to safely
manage and dispose of excess
electronics. Most companies are
oblivious to the risks associated
with asset disposition and theft;
failure to mitigate the risks could
have dire consequences.
Xperien CEO, Wale Arewa says
fi nancial institutions off er a good
economic return for data thieves.
“Although data theft is a concern
across all industries, the fi nancial
services industry is a primary target
of fraudsters due to the inherent
value of the underlying data.
“For these organisations,
data breaches often mean a
public relations nightmare, a
distrustful customer base, a
disgruntled board and uneasy
stockholders. Regulatory non-
compliance is just as bigger risk
and can be devastating – it’s a huge
reputational risk,” he warns.
There is a deluge of personal
data that fi nancial institutions deal
with and possess as a part of their
day to day operations. They are
increasingly focusing on enhancing
their data privacy programmes
due to the rising threat of data
breaches, identity theft and
associated fraud.
Technology devices hold all
kinds of proprietary company data
as well as confi dential customer
and employee information. Data
breaches are hard enough to
control within any organisation, but
when old computers are tossed in
the trash without erasing the hard
drive of old laptops, they could be
releasing confi dential data into
the wild.
Data security laws mandate
that organisations implement
adequate safeguards to ensure
privacy protection of individuals.
Acknowledging the risks and inherent
confl icts-of-interest surrounding
retired assets will result in more
eff ective IT Asset Disposal (ITAD)
policies and adequate safeguards
being implemented.
Arewa says data loss prevention is
an executive level initiative that impacts
everyone, from HR to accounting
and legal. “In a fast paced and ever
evolving IT environment, management
continuously need to recognise new
methods for data protection, not only
on working devices but on retired IT
assets as well.”
There has been a huge shift in
the fi nancial services sector to
protecting data assets. This could
include personal information, medical
information and credit card numbers.
Financial institutions owe it to
their staff , clients and shareholders
to implement data protection
mechanisms to ensure privacy
and confi dentiality. However, most
fi nancial services organisations
no longer have a choice of
implementing privacy protection due
to the imminent implementation of
government regulations to which they
have to comply.
“Not only is the introduction of
mandatory protection of personal data
a huge challenge for companies, but
now organisations are being prompted
to rethink how they approach the
reuse, recycling or recovery of their
eWaste. The loss of confi dence that
they face from their suppliers and
customers could seriously jeopardise
their business,” he says.
Wale Arewa,
Xperien CEO