🧭

South African Compliance Resources

Your all-in-one reference portal for COFI, TCF, POPIA, FAIS, FICA and more

8

Compliance Areas

40+

Official Resources

100%

Up to Date

2025

Current Year

📘

1. COFI – Conduct of Financial Institutions

Modern regulatory framework focused on fair outcomes, governance, client value & reporting

✨ Key Focus Areas

Client outcomes must be measurable and recorded
Strong governance & Key Individual accountability
Product suitability and target market definition
Compliance must be built into systems (not paperwork only)
Evidence-based recordkeeping and reporting

🔗 Official Documents / Resources

Draft COFI Bill

Full legal text of the Conduct of Financial Institutions Bill

COFI Policy Paper

Clear overview and policy explanations

Social Partner Review

NEDLAC comprehensive report on COFI Bill

Conduct Standards

Developer reference and regulatory framework

⚖️

2. TCF – Treating Customers Fairly

The backbone of COFI — all client interactions must produce fair, transparent outcomes

✨ Six Required Outcomes

Clients deal with fair firms
Products are designed for specific needs
Clear & transparent information
Product/service meets expectations
No barriers to switching/claiming/cancelling
Clients treated fairly when things go wrong

🔗 Official Documents / Resources

FSCA TCF Guidance Page

Official regulatory guidance on Treating Customers Fairly

Legal Guidance COFI vs TCF

What financial institutions need to know

TCF & COFI Market Pressure

Article on navigating regulatory heat in 2025

🔒

3. POPIA – Data Protection & Privacy

Controls how personal & financial data must be stored, protected, shared, and deleted

✨ What Businesses MUST Do

Only collect necessary client data
Client must consent before any processing
Store data securely — encryption recommended
Access logs & audit trails must be kept
Breach notification process must exist
Data must be deleted when no longer needed

🔗 Official Documents / Resources

POPIA Legal Resources & Tools

Comprehensive resource library for compliance

8-Point POPIA Compliance Checklist

Essential checklist for data protection compliance

Example POPIA-Compliant Privacy Policy

Template and guidance for privacy policies

FSCA Fast Payment System

POPIA API example for payment systems

📑

4. FAIS – Financial Advisory & Intermediary Services Act

Governs how advice may be given & ensures qualified, ethical advisers

✨ Key Requirements

Fit & Proper compliance (education, character, RE exams)
Advice process must be documented
Client disclosures mandatory
Advice file MUST contain audit trail
Conflict of interest avoidance
CPD & competency must be tracked

🔗 Official Documents / Resources

Fit & Proper Rules

FSCA official fit and proper requirements

FAIS Ombud

Official complaint process and resolutions

FSCA Licensing & Regulated Entities

Registry and licensing information

Tech/Legal Notifications

Developer and regulatory updates

🕵️

5. FICA / AML – Anti-Money Laundering & Client Risk

Required for identifying high-risk clients and suspicious transactions

✨ Required for FICA Readiness

Risk-based client classification
KYC & source of funds verification
Suspicious transaction flagging
STR (Suspicious Transaction Report) submission
AML training for all staff
Due diligence on third parties

🔗 Official Documents / Resources

FIC Document Library

Comprehensive documents and reports

STR Reporting Guidance

Suspicious transaction reporting procedures

FICA Changes 2025 – Guidance Note 7A

Revised guidance for accountable institutions

Legal FICA Compliance Overview

Comprehensive 2025 compliance guide

🧠

6. Fit & Proper / Competency Tracking

Ensures only qualified advisers and accountable individuals operate in financial services

✨ Must Prove

RE exams completed & updated
CPD credits tracked annually
Performance & ethics assessed
Skills matrix for all roles
"Key Individual" must accept responsibility

🔗 Official Documents / Resources

Fit & Proper Requirements

Official FSCA fit and proper framework

FSCA Licensing Portal

Entity registration and licensing

Guidance & Notices for KI / Compliance Officers

Key Individual regulatory updates

💬

7. Complaints & Ombud Processes

Required under COFI, FAIS & TCF — MUST have a recordable, trackable process

✨ Key Process Requirements

Written complaints policy
Response SLA / time limits
Written records of resolution
Root cause analysis
Ombud escalation procedure
Insights must feed back into operations

🔗 Official Documents / Resources

FAIS Ombud Official Site

Complaint lodging and resolution process

Enforcement & Fines

Real examples of enforcement actions

FSCA PAIA Manual

API/Data access rules (March 2025)

🧠

8. Cybersecurity & Data Governance

Increasingly important — now embedded into POPIA & COFI compliance

✨ Minimum Security Controls

Encrypted databases & backups
Password & access policy
Audit logs for data access
Multi-factor authentication
Data retention rules
Vulnerability assessments

🔗 Official Documents / Resources

FSCA Regulatory Strategy 2025–2028

Long-term regulatory framework and focus areas

POPIA in Payment Systems

Technical example and implementation guide

PAIA Manual – Data Access / API Structure

Technical guidelines for data access

Need Help With Compliance?

FSPbiz provides comprehensive tools, training, and support to help you navigate every aspect of South African financial services regulation with confidence.

🚀 Get Started Today 📊 Check COFI Readiness