FSRA Conduct Standard 2018 on Delegation of Administration Functions for Collective Investment Schemes

Page 1 of 28 CONSULTATION REPORT: FSRA CONDUCT STANDARD * OF 2018 (REQUIREMENTS FOR DELEGATION OF ADMINISTRATION FUNCTIONS BY A MANAGER OF A COLLECTIVE INVESTMENT SCHEME) COLLECTIVE INVESTMENT SCHEMES CONTROL ACT NO 45 OF 2002

1. In this consultation report, the following definitions apply: “Authority” means the Financial Sector Conduct Authority; “Collective Investment Schemes Control Act” means the Collective Investment Schemes Control Act, 2002 (No. 45 of 2002); “Financial Sector Regulation Act” means the Financial Sector Regulation Act, 2017 (Act No. 9 of 2017); “FSRA Conduct Standard * of 2018” means Conduct Standard 1 of 2018: Requirements for delegation of administration functions by a manager of a collective investment scheme;

2. The Authority, hereby under section 104(1) of the Financial Sector Regulation Act, publishes this report on consultation undertaken during the making of FSRA Conduct Standard * of 2018 as set out in the comment matrix in the Schedule.

3. The Financial Services Laws General Amendment Act, No 45 of 2013 (“the FSLGAA”) was assented to on 14 January 2014 and commenced, with the exception of certain provisions, on 28 February 2014. The FSLGAA amended several financial services laws including the Collective Investment Schemes Control Act (“CISCA”). The amendment (insertion) of particular significance for this draft Conduct Standard is Section 4(5), which addresses the delegation of

Page 2 of 28 administration functions, as defined. On the 14th of March 2014, the former Financial Services Board (“FSB”) published Guidance Note 4, titled “Guidance Note on applications for approval of delegation of administration functions in accordance with the Collective Investment Schemes Control Act, 2002”. The objective of the Guidance Note was to provide guidance to industry on the new provision and set out the process for obtaining the approval of the Authority for delegation arrangements. In addition, the Guidance Note addressed transitional issues to assist industry in their efforts to ensure compliance with section 4(5). The regulatory framework for development of this draft Conduct Standard is therefore Sections 106(1) and 106(3)(e) of the FSRA read with Section 114(4)(b) of the CISCA, in terms of section 4(5) of the CISCA and Guidance Note 4 issued in 2014. 4. Following the overview of the history underlying the issuance of this instrument contained in the statement in support of the draft Conduct Standard, the first draft of the Conduct Standard was published during November 2015, included as a paragraph in the revised Board Notice for determination of the conditions for registration of collective investment scheme managers and determination of fit and proper requirements for directors and management. After the initial commentary was received, the (then) Registrar for Collective Investment Schemes was of the view that it is more appropriate given the widespread practice of delegation in the collective investment schemes industry, that a separate notice be issued to determine requirements for delegation arrangements. The revised standalone notice titled “the delegation of administration functions by collective investment scheme managers” was published on or about 30 November 2016. The Association for Savings and Investment South Africa (“ASISA”) was informed of this revised notice and alerted to publication thereof and commentary was invited. ASISA as well as representatives of the trustees of various collective investment schemes provided comments during 2017 and the first half of 2018.

Page 3 of 28 5. From the above it is evident that an extensive consultative process was followed and engagement with industry has taken place to address their comments. To the extent that the Authority was in agreement with commentary received and where it warranted amendments, the comments were accommodated in the draft Conduct Standard. There were no substantive policy issues to be addressed in the commentary received. The comment matrix as per the Schedule includes the comments from industry, the Authority’s (then FSB’s) response to the comments and further commentary from ASISA to the Authority’s responses.

Page 4 of 28 SCHEDULE “COMMENTS FROM MEMBERS OF ASISA  ‐  IN COMPARISON TO UPDATED DRAFT RECEIVED FROM FSB  DRAFT CISCA DETERMINATION OF REQUIREMENTS APPLICABLE TO THE DELEGATION OF ADMINISTRATION FUNCTIONS  ASISA submission 31 January 2017 on 1st Draft vs FSB 2nd Draft 23 June 2017”  Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss GENERAL

1. Clarification and alignment Most of the comments from ASISA members are to clarify the intention of the proposed requirements. We believe that the proposals for the amendment of the Draft Notice will align with other similar regulatory requirements, enhance transparency and provide legal certainty and therefore also strengthen the regulatory framework applicable to the delegation of functions. No FSB response necessary
2. Trustee consent for delegation ASISA members do not agree that a manager must obtain the prior written consent of the trustee or custodian for the delegation of a function. Section 4(5) of CISCA does not contemplate this additional requirement. At best the trustee or custodian could be notified of a delegation. A manager remains accountable and fully responsible for discharging its regulatory obligations if a function is delegated. FSB agreed.
3. Quarterly disaster recovery testing Disaster recovery testing on a quarterly basis is unduly onerous and will significantly increase costs with little or no concomitant benefit. The current practice of disaster recovery testing on an annual basis should be regarded as sufficient. FSB agreed to an extent - see notes on paragraph 10.
4. Transitional arrangements and effective date The Draft Notice does not contain transitional arrangements. It is essential that the Notice should adequately provide for existing

Page  5 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss delegation arrangements to ensure that managers continue to meet the regulatory requirements. ASISA members suggest a one year period in respect of existing delegation arrangements. A date on which the requirements become effective should also be included. In this respect ASISA members suggest a period of at least 6 months from the date of publication. FSB agreed. 5. Applications for approval It is suggested that the Registrar should publish an application form for the approval of a delegation to enhance transparency and consistency in the application of the regulatory framework in respect of delegations. ASISA members will also appreciate an indication of the expected FSB turnaround times for applications for approval, whether an application fee will be charged and if a fee will be charged, the expected amount of the fee. FSB response to application fee? FSB agreed to an extent on other - see notes on new paragraphs 4(3), 4(4) and 4(5). 6. Alignment with Notice 778 We are aware that the Registrar is in the process of reviewing the requirements in respect of third party named portfolios contained in Notice 778. It is suggested that this review should take the requirements for delegation into consideration to avoid any duplication of similar regulatory requirements. FSB response? BACKGROUND New 1. Background The delegation (outsourcing) of functions to third parties increases risk to managers and investors and could adversely affect the managers’ ability to manage the risks and meet regulatory obligations. The requirements applicable to the ASISA members suggest the Notice should contain the background to the requirements applicable to the delegation of functions. This inclusion will enhance transparency and assist with the interpretation of the requirements. FSB agreed. Included as per ASISA proposal. Purpose - paragraph 2 in FSB Draft June 2017.

Page  6 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss delegation of functions as determined in this Notice are aligned with international standards and aim to ensure proper management of risks that result from the delegation of functions. DEFINITIONS 1 “delegation” means the process where a person appoints a third party to perform the functions on a continuing basis where the functions would ordinarily have been performed by that person means an arrangement of any form between a manager and another person, whether that person is supervised under any law or not, in terms of which that person performs a function, whether directly or by sub-delegating, which could otherwise be performed by the manager itself, and delegates and delegating have corresponding meanings; It is suggested that the definition of delegation be rephrased to – (a) align with the definition of outsourcing as contained in Directive 159.A.i. issued under the Long Term Insurance Act, 1998; (b) clarify that the reference to “that person” at the end of the proposed definition, is a reference to the manager; (c) clarify that sub-delegation is also a delegation and subject to the same requirements; and (d) include references to “delegates” and “delegating” as those terms are also used in the Notice. FSB agreed. Definition amended as per ASISA’s proposal.

Page  7 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss APPLICATION 2 3. This Notice applies to a manager that appoints a delegated person or delegates any of its administration functions for purposes of administering a scheme in accordance with the Act in respect of – (a) any delegation of a function to a delegated person; and (b) any sub-delegation of a function by a delegated person. FSB Draft June 2017 – par 3(1): This Notice applies to any delegation or sub-delegation arrangement made by a manager for the purposes of the administration of a scheme. “Function” is defined as any function listed in the definition of administration, therefore the reference to “administration functions for purposes of administering a scheme in accordance with the Act” is superfluous. ASISA members suggest that the paragraph be simplified to indicate that the Notice applies to a manager in respect of a delegation and any sub￾delegation. Please refer to the proposed inclusion of a paragraph setting out the legislative framework in respect of delegations below. If the legislative framework is set out in a paragraph in the Notice, it is not necessary to duplicate the references in the Notice. FSB agreed to an extent – did not separate sub-delegation. Drafting suggestion “applies to any delegation by a manager of a function” Delegation is defined as an arrangement and also to include sub-delegation. Not necessary to duplicate references to arrangement or sub-delegation. Function is defined as a function listed under the definition of administration, thus not necessary to refer to “for the purposes of the administration of a scheme”, reference to function will include this. Only one subparagraph, so no need for (1).

Page  8 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss LEGISLATIVE FRAMEWORK New 4. Legislative framework (1) Section 5 of the Act prescribes that no person other than a manager or an authorised agent can enter into a transaction or perform any act in respect of a collective investment scheme. The term “authorised agent” is defined in the Act to include a delegated person. (2) Section 4(5)(a) of the Act provides that a manager may in writing delegate any function listed in the definition of “administration” to any person (the delegated person) and that a manager requires the approval of the Registrar to effect any delegation (outsourcing) of functions. (3) The Act defines “administration” as any function performed in connection with a collective investment scheme including - (a) the management or control of a collective investment scheme; (b) the receipt, payment or investment of money or other assets, including income accruals, in respect of a collective investment scheme; For the sake of clarity and to assist with consistent interpretation, it is suggested that the Notice should contain a paragraph setting out the legislative framework in respect of the delegation of functions. FSB disagreed. Paragraph not included. Reason for disagreement? It is included in Long-term Insurance Directive 159.A.i. Understand that it is not common practice, but members thought it would add value. On the side – has there been any consideration of a standard format for conduct standards to be issued by the FSCA? With future conduct legislation, a description of the legislative framework applicable in the case of a specific conduct standard will enhance transparency and aid consistent interpretation. Increases access to inexperienced employees whose first language is not necessarily English.

Page  9 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss (c) the sale, repurchase, issue or cancellation of a participatory interest in a collective investment scheme and the giving of advice or disclosure of information on any of those matters to investors or potential investors; and (d) the buying and selling of assets or the handing over thereof to a trustee or custodian for safe custody. (4) Section 4(5) of the Act further stipulates that – (a) anything done or omitted to be done by the delegated person in the performance of a function so delegated, must be regarded as having been done or omitted by the manager; and (b) the Registrar has, in respect of a delegated person, all the powers and duties conferred or imposed upon the Registrar in respect of a manager.

Page 10 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss GENERAL REQUIREMENTS FOR DELEGATION OF FUNCTIONS 3(1) A manager may delegate any function in accordance with the provisions of section 4(5) and subject to section 5 of the Act, but the manager remains accountable and fully responsible for discharging its regulatory obligations. The proposed paragraph duplicates the provisions of the Act and does not set any general requirement. It is suggested that it should be deleted. Please also refer to the proposed inclusion of a paragraph setting out the legislative framework in respect of the delegation of functions. FSB agreed. Paragraph deleted. 3(2) A person must obtain the consent of the Registrar prior to entering into a delegation arrangement. FSB Draft June 2017 par 4(1): A manager must obtain approval of the registrar prior to delegating a function for purposes of administration of a scheme to any person in accordance with requirements set in this Notice and section 4(5) of the Act. Drafting suggestions if retained Delete “for purposes of administration of a scheme” - included in definition of function. Delete “in accordance with requirements set in this Notice and section 4(5) of the Act”, it is superfluous. The proposed paragraph duplicates the provisions of the Act and does not set any general requirement. A manager should be able to enter into an agreement on condition that it will only be effective when the Registrar approves the delegation. The current proposed wording of the paragraph may be read to mean that an agreement may not be entered into unless the Registrar approved the delegation. It is suggested that the paragraph should be deleted. Please also refer to the proposed inclusion of a paragraph setting out the legislative framework in respect of the delegation of functions. FSB disagreed. Rationale for disagreement? Duplicates section 4(5) of CISCA. Practical matter – is it possible to enter into an agreement subject to the FSB approval? Agreement will only be effective once approved by FSB? Process will be more efficient. Could be moved to a separate paragraph for the application for approval?

Page 11 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss 3(3) A person may only delegate functions to a delegated person. The proposed paragraph appears to restrict delegation to a delegated person (which is also an authorised agent as defined in the Act). The references seem circular if the definition of “delegated person” is considered. As the paragraph does not set a general requirement, it is suggested that it should be deleted. Please also refer to the proposed inclusion of a paragraph setting out the legislative framework in respect of the delegation of functions. FSB agreed. Paragraph deleted. 3(4) In the event of a sub-contracting arrangement, the delegated person must consider the appropriateness of sub￾delegating and must, in its application for approval, provide the Registrar with a clear motivation for the sub-delegation Section 4(5) of the Act assigns authority to delegate functions to a manager only. No other person may delegate (or sub￾delegate) the manager’s functions. The proposed paragraph indicates that a delegated person must consider the appropriateness of a sub-delegation and apply for the Registrar’s approval. This seems contrary to section 4(5) of the Act. The agreement between the manager and the delegated person must provide for limitations on the delegated person’s ability to sub-delegate as set out in paragraph 5(1)(c) of the Draft Notice. This aligns with section 4(5) of the Act. FSB agreed. Paragraph deleted.

Page 12 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss As the paragraph does not set a general requirement, it is suggested that it should be deleted. A motivation for any delegation or sub-delegation must form part of requirements for an application for the Registrar’s approval. 4(2) FSB New A manager who intends to delegate or sub-delegate a function for purposes of administration of a scheme to any person must make an application for approval of delegation or sub-delegation to the registrar. Suggest that requirements for application should be moved so that it follows after the requirements for the delegation. Drafting suggestions: Delete sub-delegation - included in definition of delegation. Delete “for purposes of administration of a scheme” – included in definition of function. 4(3) FSB New The application for approval of delegation or sub-delegation must be submitted to the registrar with the following supporting documents: (a) clear and concise motivation for such delegation or sub-delegation; (b) a delegation policy approved the company’s board of directors; (c) where applicable, proof that the manager notified the scheme’s trustee or custodian of any delegation of functions listed in Suggest that requirements for application should be moved so that it follows after the requirements for the delegation. {must map back to requirements} Drafting suggestion: Delete sub-delegation - included in definition of delegation.

Page 13 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss paragraph (b) and ( c) of the definition of “administration” in the Act. (d) due diligence report; and (e) a valid written agreement setting out rights and obligations of the manager and the delegated person; 4(4) FSB New The registrar may within a reasonable time from the date of receipt of the application and where all requirements are met approve the delegation or sub￾delegation on such terms and conditions the registrar deems appropriate. ASISA members had SLA timeframes in mind when commenting on turnaround times. Will this not limit the FSB in its approval decision? Recent market example? Does section 4(5) authorise the registrar to approve delegations subject to terms and conditions? What would be the objective of conditional approval? Perception of unfettered discretion and potential unlevel playing fields? 3(5) A delegated person may only once further sub-contract a function to a third party. FSB Draft June 2017 par 4(7): A manager may upon obtaining approval from the registrar enter into a sub-delegation arrangement only once. The rationale for limiting sub-delegation to once further is not evident. ASISA members believe that any delegation and sub-delegation must be judged on its merit. There may well be proper motivation for further sub-delegation in certain business circumstances. An upfront blanket prohibition does not FSB disagreed. Paragraph not deleted. Rationale for disagreement? Why should each case not be judged on its merit?

Page 14 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss seem reasonable. It is therefore suggested that the paragraph should be deleted. New 5(1) A manager must, in the context of the nature, scale and complexity of the business of the manager, exercise due skill, care and diligence when considering the delegation of a function and when entering into, managing and terminating a delegation arrangement. FSB Draft June 2017 par 4(9) A manager must exercise due skill, care and diligence when considering the delegation of a function and when entering into, managing and terminating a delegation arrangement. ASISA members propose that an overarching requirement of due skill, care and diligence (in the context of the nature, scale and complexity of the manager’s business) in respect of the delegation of functions should be included in the Notice. FSB agreed to an extent - did not include “in the context of the nature, scale and complexity of the business of the manager”. Rationale for excluding context of business consideration? It supports proportionality and will amplify the onus to exercise due skill, care and diligence. Rationale for the overarching requirement to be relegated to the last item on the list of general requirements? In retrospect, this is also partly a duplication of legislation – section 2(1) of CISCA

Page 15 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss New 5(2) A manager may not delegate any function if such delegation may materially – (a) increase risks to the manager or the scheme; (b) impair the quality of the governance framework of the manager; (c) impair the ability of the manager to manage its risks and meet its legal and regulatory obligations; (d) impede the ability of the Registrar to monitor the manager’s compliance with its regulatory obligations; and (e) compromise the fair treatment of or continuous and satisfactory service to investors. It is suggested that the example of the Long-term Insurance Directive 159.A.i in respect of outsourcing be followed and that a paragraph should be included to incorporate principles for when functions should not be delegated. FSB agreed to an extent – included as par 4(5) as factors to be considered by FSB for approval. “The registrar may not approve an application if it does not meet the prescribed requirements or if the registrar is of the view that such delegation may materially –“ Rationale for inclusion as considerations for approval? Risk of it being interpreted as requirement on application and not a continuous requirement? Consider rephrase to “The delegation of a function by a manager may not materially –“? 3(6) When delegating any function a manager must ensure that it manages the extent to which such delegation may result in increased or increasing operational risk for the manager or the scheme. It would be more appropriate and comprehensive to include requirements in respect of the management of risks (not only operational risks) in the delegation policy. It is suggested that this paragraph should be incorporated in paragraph 3(7). FSB disagreed. Paragraph not deleted. Par 4(8) in FSB Draft June 2017 Rationale for disagreement? Manco to manage all risks including operational risk as required by Delegation Policy. Rationale for separate paragraph?

Page 16 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss 3(7) Where a manager intends delegating any of its functions, it must: (a) have an appropriate board approved delegation policy in place,; (b) establish methods for assessing the standard of performance of the delegated person on an on-going basis. 5(3) A manager that delegates a function must have an appropriate delegation policy approved by its board of directors. 5(4) A delegation policy must at least – (a) give effect to the requirements referred to in paragraph 5(2) of this Notice; (b) set limits on the types and overall level of delegated functions at the manager and the extent to which functions can be delegated to the same person; (c) provide guidance on the contractual risks and any other risk issues to be assessed, monitored and managed in delegation (Annexure A provides guidance on the types of risks that could be It is suggested that the example of the Long-term Insurance Directive 159.A.i in respect of outsourcing be followed and that the paragraph should be rephrased to require a delegation policy which should contain certain minimum elements. FSB agreed to an extent – par 5 included but the requirement to have an appropriate delegation policy approved by the board of directors has been deleted. Deletion of the requirement for board approval requirement - an oversight? Drafting – intro paragraph of par 5 does not read into subparagraphs. “Contain the following information” as opposed to “must at least”.

Page 17 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss considered); (d) provide for the internal review and approval of any delegation of a function; and (e) provide for the appropriate management and regular review of any delegation of a function, in particular to assess the impact on operational risk, and any issues that may arise from such delegation with respect to the market conduct and fair treatment of investors. 3(8) 5(5) A manager must ensure that it advises notify the scheme’s trustee or custodian of any intention to delegate any delegation of its functions and to obtain the trustee or custodian’s prior written consent to such delegation. FSB Draft June 2017 par 7: A manager must notify the scheme’s trustee or custodian of any delegation of functions listed in paragraph (b) and (c) of the definition of “administration” in the Act. ASISA members re-submit that section 4(5) of CISCA does not contemplate the additional requirement for the trustee or custodian to consent to any delegation. The rationale for the proposed requirement is unknown. There is also no indication of the basis on which a trustee or custodian should consent or not. A manager remains accountable and fully responsible for discharging its regulatory obligations if a function is delegated. A trustee or custodian should not be required to consent to a manager’s delegation which is approved by the Registrar. It is therefore suggested that the paragraph should be amended to require that a manager must FSB agreed – but limited the notification to par (b) and (c) of the definition of administration. Would like to understand why only notify on (b) and (c)?

Page 18 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss notify the trustees or custodians of any delegation.

Page 19 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss DUE DILIGENCE 6(b) FSB New Before delegating any function a manager must conduct suitable due diligence on the proposed delegated person and it must satisfy itself that: (b) the delegated person has adequate professional indemnity insurance cover; New requirement. Not sure of impact, will have to check with members. Is the intention that “adequate” will relate to the manco’s delegated function or will “adequate” apply in the context of the delegated person’s business as a whole? 4(b) Before delegating any function a manager must conduct suitable due diligence on the proposed delegated person and it must satisfy itself that: (b) it the delegated person has the necessary expertise to properly supervise the carrying out of the delegated functions and the management of the associated to adequately manage the risks associated with the delegated functions; FSB Draft June 2017 par 6(d): the manager has the necessary expertise to properly supervise the carrying out of the delegated functions and to adequately manage the risks associated with the delegated functions; The proposed wording of the paragraph may cause confusion and it should be amended as proposed in the left column for the sake of clarity. FSB agreed to an extent – par 6(d) amended as proposed apart from reference to delegated person, refers to manager. Rationale for focus on manco during due diligence? The main focus is on the delegated person during a due diligence. Due diligence = examination of company before becoming involved in a business arrangement with it. The delegated person must be able to properly supervise and manage the relevant risks. A manco must in terms of its delegation policy provide for appropriate management and review/monitoring of a delegation.

Page 20 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss 4(c) Before delegating any function a manager must conduct suitable due diligence on the proposed delegated person and it must satisfy itself that: (c) it is the manager and the delegated person would be able to take remedial appropriate action if it appears that the delegated person may not be performing the functions effectively and in compliance with prevailing applicable legislation and/or regulatory requirements; FSB Draft June 2017 par 6(e): the manager would be able to take appropriate corrective action if it appears that the delegated person may not be performing the functions effectively and in compliance with applicable legislation and/ or regulatory requirements; It is suggested that the paragraph should be amended for the sake of clarity. Remedial or corrective action should still be appropriate. Prevailing or current legislation will apply regardless; it should be clarified as applicable legislation. FSB agreed to an extent – par 6(d) amended as proposed apart from reference to delegated person, refers to manager. During due diligence, a manco should assess whether the manco AND the delegated person would be able to take appropriate action. It will be problematic if the manco can take action but the delegated person can’t. Drafting suggestion – delete “corrective”, it is superfluous. “Appropriate” will incorporate any action required.

Page 21 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss 4(d) Before delegating any function a manager must conduct suitable due diligence on the proposed delegated person and it must satisfy itself that: (d) it is the manager would be able to terminate the delegation arrangement where necessary without material detriment to the continuity and quality of its the manager’s provision of services to its investors; It is suggested that the paragraph should be amended for the sake of clarity. From a practical perspective, a manager will not be able to satisfy itself that it could terminate the delegation arrangement without any detriment whatsoever. In conducting a due diligence, it should be sufficient to only consider material detriment. FSB agreed to an extent – par 6(f) amended as proposed but did not clarify that the provision of services to investors is the responsibility of the manager. Rationale for not clarifying? 4(e) Before delegating any function a manager must conduct suitable due diligence on the proposed delegated person and it must satisfy itself that: (e) it is the manager and the delegated person are able to implement and maintain a contingency plan for disaster recovery and periodic testing of back-up facilities, where this is necessary having regard to the function that has been delegated. It is suggested that the paragraph should be amended for the sake of clarity. FSB Draft June 2017 par 6(c): the manager and the delegated person are able to implement and maintain a contingency plan for disaster recovery and periodic testing of back-up facilities at least once a year and stress testing, where this is necessary, having regard to the function that has been delegated. FSB agreed but included frequency and stress testing During a due diligence, a manco would investigate whether it is possible to implement and maintain a contingency plan. Frequency unnecessary during due diligence? Included as part of requirement in par 10. What is stress testing?

Page 22 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss AGREEMENT 5(1)(c) A manager must ensure that the rights and obligations of the manager and the delegated person are clearly documented in a written agreement which must, at a minimum, provide for: (c) limitations on the delegated person’s ability to sub-contract or bind the manager sub-delegate, and to the extent sub-contracting sub-delegating is permitted, the delegated person’s obligations in connection with sub-contracting that sub-delegation; It is suggested that the references to sub￾contracting should be replaced with references to sub-delegation for the sake of consistency. FSB agreed. Par 8(1)(c) amended as per ASISA’s proposal. 5(1)(e) A manager must ensure that the rights and obligations of the manager and the delegated person are clearly documented in a written agreement which must, at a minimum, provide for: (e) liability of the delegated person for unsatisfactory performance or other breach of the agreement (the manager must note that despite this provision the manager remains liable for the actions of its delegated person in accordance with section 4(5)(b)); The insertion is suggested for the sake of clarity. The wording in brackets should be deleted as it duplicates the provision of the Act. Please also refer to the proposed inclusion of a paragraph setting out the legislative framework in respect of the delegation of functions. FSB agreed. Par 8(1)(e) amended as per ASISA’s proposal.

Page 23 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss New A manager must ensure that the rights and obligations of the manager and the delegated person are clearly documented in a written agreement which must, at a minimum, provide for: (g) a reasonable termination period that will allow the manager’s contingency plans to be implemented; and It is suggested that a paragraph be included to require that the termination period must be reasonable so that contingency plans can be implemented. Paragraph 5(1)(g) should then provide for the orderly termination within the reasonable period. FSB agreed. Par 8(1)(g) inserted as per ASISA’s proposal. 5(1)(g) A manager must ensure that the rights and obligations of the manager and the delegated person are clearly documented in a written agreement which must, at a minimum, provide for: (g)(h) the orderly termination of the agreement, which must address the transfer of information and exit strategies, without material detriment to the continuity and quality of the manager’s provision of services to investors. The paragraph should be rephrased for the sake of clarity and to align with paragraph 4(d) of the Notice. FSB agreed to an extent – par 8(1)(h) amended as proposed but did not clarify that the provision of services to investors is the responsibility of the manager. Rationale for not clarifying? 8(1)(i) FSB New FSB Draft June 2017: where the delegated person is an authorised financial services provider, the agreement must be compliant with all applicable requirements in the Financial Advisory and Intermediary Services Act, No. 37 of 2002. Superfluous as an authorised FSP has to comply with FAIS and FAIS Dept has to approve agreement if not substantially similar to the approved specimen agreement.

Page 24 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss 5(2)(a) A manager must: (a) ensure that it regularly reviews its arrangement with a the delegated person’s performance and compliance to ensure that it continues to comply with the written agreement and the Act ; and ASISA members suggest that the paragraph be rephrased to clarify that the manager must regularly review the delegated person’s performance and compliance with the written agreement. A manager’s review cannot on a practical level ensure that the delegated person continues to perform and comply, it can only determine compliance or not. Also, the delegated person is not directly required to comply with the Act. The manager must comply with the Act and it must contract with the delegated person in such a way that the manager continues to comply with the Act. FSB agreed to an extent – par 8(2)(a) amended as proposed but did not delete the reference to the Act. Rationale for not deleting “the Act”? A delegated person is not directly required to comply with the Act. The manager must comply with the Act and it must contract with the delegated person in such a way that the manager continues to comply with the Act. 5(2)(b) A manager must: (b) take the necessary steps to ensure compliance with the written agreement or the Act where it deems necessary. take appropriate action if it appears that the delegated person may not be performing effectively or may not be complying with the written agreement; and It is understood that the paragraph intends to require that a manager take appropriate action if, as a result of the review, it appears as if the delegated person may not be performing effectively or may not be complying with its contractual obligations. It is suggested that the paragraph be rephrased to clarify this intention. FSB agreed to an extent – par 8(2)(b) amended as proposed but did not delete “necessary” and the reference to the Act. Rationale for not deleting “the Act”? Same comment as above. Reference to “necessary” is superfluous. “Appropriate” will incorporate any action required.

Page 25 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss 5(2)(c) A manager must: (c) ensure that it has have adequate contingency plans in place to deal with either an unexpected termination of a delegated function ensure the continuous functioning of the business of the manager in the event that the written agreement is terminated or ineffective. A manager should have adequate contingency plans in the event that the written agreement is terminated or ineffective, regardless of the reasons or whether it was expected or not. The objective of such plans is to ensure that the business of the manager is disrupted as little as possible. It is suggested that the paragraph be rephrased accordingly. FSB agreed. Par 8(2)(c) amended as per ASISA’s proposal. PROTECTION OF INFORMATION 9 FSB New A manager must take appropriate measures to ensure that its delegated person has procedures in place to protect the information obtained from the manager and investors’ personal information in line with legislative requirements. The delegated person will be a private body as defined in the Protection of Personal Information Act and will be subject thereto in any event. Requirement that delegated person comply with the PoPIA should be part of the agreement. Drafting – a manager will not be able to “ensure”

Page 26 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss DISASTER RECOVERY AND STRESS TESTING 7 The manager must take appropriate measures to determine that its delegated person establishes and maintains a disaster recovery plan, with quarterly annual testing of disaster recovery facilities. FSB Draft June 2017 par 10: The manager must take appropriate measures to determine that its delegated person establishes and maintains a disaster recovery plan, with annual testing of disaster recovery facilities and quarterly stress testing of the disaster recovery facilities. Disaster recovery testing is a costly, resource intensive exercise. Generally, current practice is disaster recovery testing on an annual basis. A requirement of quarterly testing is unjustifiably onerous and will significantly increase costs with little or no concomitant benefit. To our knowledge, none of the jurisdictions within which ASISA members operate require quarterly testing. It is strongly suggested that disaster recovery testing should take place on an annual basis. FSB agreed to an extent – changed to annual but included a requirement for quarterly stress testing of the disaster recovery facilities. What does “stress testing” mean? Rationale for requirement? Alternative options to achieve the regulatory objective? ACCESS TO INFORMATION 8(1) The Manager must ensure that the Registrar, the manager’s auditor, and the scheme’s trustee or custodian have rights of access to information, the books and records pertaining to the delegated function held by of the delegated person as well as information related to the delegated function. The wording of the proposed paragraph (“rights of access to information, the books and records of the delegated person”) means that the information, books and records are not restricted to the function delegated by the manager. The information related to the delegated function is included as an additional part rather than the primary part. It is suggested that the paragraph should be FSB agreed. Par 11(1) amended as per ASISA’s proposal.

Page 27 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss amended to clarify that the manager, auditor, trustee or custodian only have right of access to the information, books and record pertaining to the delegated function held by the delegated person. TRANSITIONAL ARRANGEMENTS New 11. Transitional arrangements (1) A delegation arrangement approved by the Registrar at the commencement date of this Notice is deemed to comply with the requirements applicable to a delegation arrangement between a manager and a delegated person as set out in this Notice. (2) Notwithstanding paragraph 11(1), a manager must ensure compliance with the requirements applicable to a delegation arrangement between a manager and a delegated person as set out in this Notice, within one year from the The Notice should provide for transitional arrangements to adequately provide for existing delegation arrangements to ensure that managers continue to meet the regulatory requirements. It is therefore suggested that a deeming provision be included for existing delegation arrangements in respect of the requirements that would be applicable to such an arrangement, for example the provisions which should be included in a written agreement. ASISA members suggest that managers be afforded at least a year to review existing delegation arrangements and to make the necessary changes in order to meet the new requirements. FSB agreed. Par 12 inserted as per ASISA’s proposal. In retrospect, suggest that subparagraph (2) exclude the due diligence requirements.

Page 28 of 28 Par. Wording / Proposed wording ASISA comments on 31 January 2017 Compared to FSB Draft June 2017 – to discuss commencement date of this Notice. SHORT TITLE AND COMMENCEMENT New 12. Short title and commencement This Notice is called the Determination of CIS Delegation Requirements, 2017, and comes into operation six months from the date of its publication. A date on which the requirements become effective must be set in the Notice. The majority of ASISA members indicated that compliance with the new requirements, for example a delegation policy approved by the board of directors, could be possible within 6 months. A minority of ASISA members indicated that one year will be required to implement new requirements. FSB agreed. Par 13 inserted substantially as per ASISA’s proposal. FSB Draft June 2017: Commencement This Notice comes into operation six months from the date of its publication.