Prudential Authority Regulatory Strategy 2018–2021

Regulatory Strategy 2018–2021 © South African Reserve Bank All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without fully acknowledging the Prudential Authority, within the administration of the South African Reserve Bank as the source. The contents of this publication are intended for general information only and are not intended to serve as financial or other advice. While every precaution is taken to ensure the accuracy of information, the South African Reserve Bank and/or the Prudential Authority shall not be liable to any person for inaccurate information or opinions contained in this publication. Enquiries relating to this publication should be addressed to: The CEO: Prudential Authority South African Reserve Bank P O Box 427 Pretoria 0001 Email: PA-Info@resbank.co.za http://www.resbank.co.za ISBN 978-1-920556-21-1 978-1-920556-22-8

Regulatory Strategy 2018–2021 Executive summary The financial system in South Africa is important to every citizen; it either directly or indirectly touches the well-being of everyone living in the country by providing a channel to match lenders and borrowers, providing access to payment infrastructures and facilitating trade. The purpose of prudential regulation and supervision is to ensure that financial institutions operating within the financial system are inherently safe and sound, from a financial perspective. The focus of prudential regulation and supervision is to ensure that financial institutions comply with minimum prudential requirements related to capital, liquidity, leverage and other relevant metrics that measure financial health, as well as to ensure that they are managed by suitably qualified and skilled individuals. Following the enactment of the Financial Sector Regulation Act 9 of 2017 (FSR Act) on 22 August  2017, the Prudential Authority (PA) and the Financial Sector Conduct Authority (FSCA) were formally established on 1 April 2018. The objectives of the PA are to: – promote and enhance the safety and soundness of financial institutions that provide financial products and securities services; – promote and enhance the safety and soundness of market infrastructures (MIs); – protect financial customers against the risk of these financial institutions failing to meet their obligations; and – assist in maintaining financial stability. In light of these set objectives and pursuant to the requirements of section 47 of the FSR Act, the purpose of this document is to delineate the regulatory strategy of the PA. Primarily, the PA’s approach to regulation shall give effect to the consultation requirements as stipulated in the FSR Act and ensure compliance with internationally agreed standards, while the approach to supervision shall be risk-based and proportional, forward-looking, outcomes-focused and integrated, underpinned by appropriate supervisory tools. In this regard, the areas of immediate focus are to: – strengthen the regulation and supervision of banking institutions with updated Basel III requirements, updating regulatory requirements related to mutual banks, assessing the co￾operative banks framework and developing prudential standards for co-operative financial institutions; – implement prudential regulation and supervision of financial conglomerates, to commence in 2019, which shall endeavour to obtain a holistic view of group-wide activities, intragroup transactions and large exposures which, among other things, may not be captured under Level 2 supervision (consolidated supervision); – prudentially regulate MIs with a view to strengthen the resilience of the various types of MIs and to ensure the observance of the principles for MIs developed by international bodies, where appropriate; – prudentially regulate and supervise insurers with critical outcomes, including embedding the insurance Solvency Assessment and Management (SAM) project and issuing further regulatory instruments; – establish a framework for significant owners, which shall include the development of regulatory standards on significant ownership, to commence in 2019 (currently envisaged to take the form of joint standards); and – conclude memorandums of understanding with the FSCA, National Credit Regulator, Financial Intelligence Centre and the South African Reserve Bank. In the next three years the PA will focus on the following additional priorities, insofar as it is within the mandate of the PA: – supporting transformation of the broader financial sector; – supporting sustainable competition in the provision of financial products and financial services; and – supporting financial inclusion as well as developments in financial technology (fintech). In the coming months, the PA will publish documents relating to its areas of immediate focus which will provide greater detail to the approach of the PA.

Regulatory Strategy 2018–2021 Contents Executive summary........................................................................................................................... c Foreword by the Chief Executive Officer..................................................................................... 1

1. What is the Prudential Authority?...................................................................................... 3
2. Structure of the PA................................................................................................................ 4 2.1 The PA team ......................................................................................................................5 2.2 Accountability of the PA.....................................................................................................5
3. The PA’s regulatory and supervisory priorities for the next three years.................. 7 4.1 Strengthening the regulation and supervision of banks....................................................7 4.1.1 Key outcomes .....................................................................................................................8 4.2 Implementation of the financial conglomerate regulation and supervision framework...............................................................................8 4.2.1 Key outcomes ..................................................................................................................10 4.3 Implementation of the prudential regulatory and supervisory framework for market infrastructures ................................................................................................................10 4.3.1 Key outcomes ...................................................................................................................11 4.4 The insurance SAM Regulatory and Supervisory Framework.........................................12 4.4.1 Key outcomes ...................................................................................................................12 4.5 Establishing the regulatory and supervisory framework for significant owners .............12 4.5.1 Key outcomes ...................................................................................................................13
4. Transformation, financial inclusion and competition.................................................. 13
5. How the PA performs its regulatory and supervisory tasks ..................................... 14 6.1 The approach to regulation..............................................................................................15 6.1.1 Consultation ......................................................................................................................15 6.1.2 Compliance with international standards ...........................................................................15 6.2 The PA’s approach to supervision ...................................................................................15 6.2.1 Risk-based and proportional supervision ..........................................................................16 6.2.2 Forward-looking approach ................................................................................................16 6.2.3 Focusing on outcomes ......................................................................................................17 6.2.4 The PA supervisory framework .........................................................................................17 6.3 Supervisory tools .............................................................................................................18 6.3.1 Supervisory planning.........................................................................................................18 6.3.2 Supervisory execution .......................................................................................................19 6.3.3 Supervisory reporting and follow up..................................................................................21 6.3.4 Quality assurance..............................................................................................................21
6. Administrative action(s) and enforcement..................................................................... 21
7. Cooperation and collaboration ........................................................................................ 22 8.1 Collaboration with other regulators..................................................................................22 8.2 Specific coordination between the PA and FSCA ..........................................................23 8.3 Cooperation with the SARB.............................................................................................23

8.4 Cooperation with the resolution authority .......................................................................23 8.5 Relationship with stakeholders ........................................................................................23 8.5.1 Industry and professional bodies ......................................................................................24 8.5.2 International and regional organisations, bodies and forums .............................................24 8.5.3 Collaborative forums .........................................................................................................24 8.5.4 Public awareness ..............................................................................................................24 9. Framework for the delegation to other regulators....................................................... 24 10. Funding of the PA................................................................................................................ 25 11. Conclusion and next steps ............................................................................................... 25 12. How to contact the Prudential Authority ....................................................................... 26 Abbreviations.................................................................................................................................... 27

Regulatory Strategy 2018–2021 1 Foreword by the Chief Executive Officer The year 2018 marks a significant milestone in the implementation of the Twin Peaks reform programme following the enactment of the Financial Sector Regulation Act 9 of 2017 (FSR Act) on 22 August 2017. The Twin Peaks reform is aimed at making the financial sector in South Africa safer and better at protecting financial customers. The reform represents a shift away from a fragmented regulatory approach in an attempt to reduce the possibility of regulatory arbitrage or ‘forum shopping’ in the financial system. Under the Twin Peaks system, two regulators were established: the Prudential Authority (PA) housed within the South African Reserve Bank (SARB) and the Financial Sector Conduct Authority (FSCA) as a stand-alone market conduct regulator. The PA will promote the safety and soundness of financial institutions1 while the FSCA will enhance and support the integrity and efficiency of financial markets and protect financial customers. Thus, the approach under the Twin Peaks system places equal focus on prudential as well as market conduct regulation and supervision by creating dedicated authorities responsible for prudential and market conduct objectives respectively. The FSR Act also provides the SARB with the responsibility to protect and enhance financial stability, within a macroprudential policy framework agreed between the Governor of the SARB and the Minister of Finance. The transition to the Twin Peaks model of regulation is being implemented in phases. The first phase was to establish the respective regulatory authorities (i.e. the PA and the FSCA). The FSR Act gives these new authorities additional powers to those provided for in the existing industry-specific financial sector laws to ensure that the new authorities have the required tools to perform effectively, without being limited by gaps in existing legislation. The second phase will include developing, harmonising and strengthening the respective legal frameworks for prudential and market conduct regulation through repealing industry-specific legislation and introducing new legislation, where necessary. The enactment of the Insurance Act 18 of 2017 (Insurance Act) on 18 January 2018 marked the commencement of the second phase. Even though the existing sectoral legislation has not been completely repealed, the PA recognises that implementing Twin Peaks is not about ‘business as usual’ and that a number of new areas of regulatory and supervisory responsibilities have been placed on the PA. Two of the most significant reforms to prudential oversight relate to financial conglomerates and market infrastructures (MIs). The FSR Act creates an enabling framework for the regulation and supervision of financial conglomerates in a manner that allows the PA to designate members of a group of companies as a financial conglomerate, in addition to the regulation and supervision of individual entities or structures within a financial group. The supervisory framework as well as the designation criteria for financial conglomerates will be finalised by the PA in the coming months. In addition, the FSR Act recognises that there is a close relationship between microprudential (the PA)2 and macroprudential (financial stability) oversight, and that an individual financial institution becoming insolvent could pose risks to the stability of the entire financial system. To this end, MIs are also seen as critical to the maintenance of financial stability. The FSR Act therefore creates an enabling framework that allows the PA to regulate and supervise MIs as defined in the Financial Markets Act 19 of 2012 (FM Act) at a microprudential level. 1 In terms of the FSR Act, the PA must promote the safety and soundness of (i) financial institutions that provide financial products and securities services (ii) market infrastructures 2 As is explained more comprehensively in the FSR Act, given that the Twin Peaks architecture will be phased in, the FSCA will also be responsible for the prudential regulation and supervision of collective investment schemes, pension funds and friendly societies, as part of a transitional arrangement.

2 Regulatory Strategy 2018–2021 The PA together with the FSCA – being the responsible authority for the FM Act – is developing a prudential supervisory framework for MIs to be rolled out during 2018/2019. In addition, the PA may make prudential standards for MIs as permitted under the FSR Act or joint standards with the FSCA as permitted under the FSR Act and the FM Act . In accordance with the FSR Act, the PA will follow a risk-based and proportional, forward-looking, outcomes-focused and integrated supervisory approach in its microprudential supervision. This approach will ensure that financial institutions are aware of the risks to their businesses and have adequate corporate governance frameworks and risk management processes in place to appropriately mitigate these risks. Over and above the powers allocated to the PA to set its internal guiding principles on supervision and regulation, there is an overriding objective of harmonising and integrating the approach to prudential supervision across sectors to the greatest extent possible. The PA is committed to the implementation of internationally agreed regulatory and supervisory standards in a manner that appropriately takes into account the context, realities and the capacity of South Africa’s financial institutions. The PA values transparency, collaboration and coordination in promoting the safety and soundness of the financial institutions under its regulatory and supervisory mandate. As a result, the PA is required to enter into memorandums of understanding with, among others, the FSCA, the SARB (in its macroprudential role), the National Credit Regulator and the Financial Intelligence Centre (FIC) to ensure effective alignment and efficiencies in the regulatory and supervisory approach. Further, legislative developments relating to resolution, insurance, the conduct of financial institutions as well as financial markets will be introduced in the near future, which will solidly launch the Twin Peaks model of regulation into the second phase of implementation. In terms of the FSR Act, the Prudential Committee of the PA is required to adopt a regulatory strategy to provide general guidance to the PA to achieve its objectives and perform its regulatory and supervisory functions. This Regulatory Strategy provides information to market participants and the public regarding the PA’s approach to regulation and supervision, the principles that will guide its regulatory and supervisory decisions, the key priorities over the next three years, and the key outcomes that the PA intends to achieve in order to realise its priorities. The PA understands that the implementation of the Twin Peaks reform will involve significant changes to existing processes, practices, structures and operations, and shall endeavour to communicate timeously and in an open and transparent manner to assist in the transition of the financial sector regulatory landscape into the Twin Peaks architecture. The PA looks forward to working with the FSCA, the SARB, other regulatory agencies and the broader public towards creating a safer financial sector to better serve South Africa. Kuben Naidoo Deputy Governor and Chief Executive Officer: Prudential Authority

Regulatory Strategy 2018–2021 3

1. What is the Prudential Authority? The Prudential Authority (PA) is the regulator – responsible for setting policy and prudential regulatory requirements – and supervisor – responsible for overseeing compliance with the regulatory requirements – of financial institutions that provide financial products, securities services and market infrastructures (MIs) in South Africa. The PA is thus responsible for microprudential regulation. The Financial Sector Regulation Act 9 of 2017 (FSR Act) established, on 1 April 2018, the PA and the Financial Sector Conduct Authority (FSCA). Together, the PA and the FSCA form the two peaks in the Twin Peaks model of financial sector regulation. In broad terms, the FSCA is responsible for enhancing market conduct in the financial sector in South Africa while the South African Reserve Bank (SARB) is responsible for maintaining price and financial stability. The PA was established to promote and enhance the safety and soundness of financial institutions (such as banks and insurers), financial conglomerates (as designated by the PA) and MIs (such as central counterparties, central securities depositories, clearing houses, trade repositories and exchanges). It is also responsible for protecting the customers of financial institutions against the risk of these institutions failing to meet their obligations. The PA assists the SARB in maintaining financial stability. Figure 1: Objectives of the Prudential Authority Promote and enhance the safety and soundness of financial institutions Protect financial customers against the risk of financial institutions failing to meet their obligations Assist in maintaining financial stability Promote and enhance the safety and soundness of MIs The FSR Act established the PA as a juristic person operating within the administration of the SARB. The PA has a separate legal personality from the SARB. The governance structure, resources, financial management and reporting obligations of the PA are prescribed by the FSR Act.

4 Regulatory Strategy 2018–2021 The overall governance of the PA is the responsibility of the Prudential Committee – consisting of the Governor of the SARB (as Chairperson), the Chief Executive Officer (CEO) of the PA (who is also a Deputy Governor of the SARB) and the other Deputy Governors of the SARB. The Governor may invite or allow a person to attend meetings of the Prudential Committee such as senior staff of the SARB. The day-to-day management and administration of the PA is the responsibility of the CEO. The CEO of the PA is appointed for a term of up to five years and is renewable once for a further period of up to five years. 2. Structure of the PA The PA comprises four departments namely: – Banking, Insurance and Financial Market Infrastructure (FMI) Supervision – Financial Conglomerate Supervision – Policy, Statistics and Industry Support – Risk Support. All four departments report to the CEO of the PA. The Banking, Insurance and FMI Supervision Department is responsible for the prudential supervision of stand-alone banks (including co-operative and mutual banks), insurance companies, MIs and co-operative financial institutions. The Financial Conglomerate Supervision Department is responsible for the consolidated prudential supervision of financial institutions that are designated as financial conglomerates. This department is also responsible for anti-money laundering and combating the financing of terrorism (AML/CFT) supervision. The Risk Support Department is responsible for providing regulatory and supervisory support on credit risk, operational risk, market risk, liquidity risk and insurance risk. The department also provides quantitative analysis, actuarial analysis and financial institution statistics to be used by the PA. The Policy, Statistics and Industry Support Department is charged with assisting in policy formulation and implementation, developing supervisory frameworks, providing operational and regulatory support, providing industry analyses, enforcement, resolution of prudentially regulated financial institutions and industry technical support on capital and accounting requirements. Figure 2: Current structure of the Prudential Committee of the Prudential Authority Lesetja Kganyago SARB Governor and Chairperson of the Prudential Committee Kuben Naidoo CEO of the Prudential Authority and SARB Deputy Governor Francois Groepe SARB Deputy Governor: Financial Stability and Currency Daniel Mminele SARB Deputy Governor: Markets and International Economic Relations

Regulatory Strategy 2018–2021 5 Figure 3: Current structure of senior management of the Prudential Authority Kuben Naidoo CEO of the Prudential Authority and SARB Deputy Governor Suzette Vogelsang Head: Banking, Insurance and FMI Supervision Denzel Bostander Head: Financial Conglomerate Supervision Faizel Jeena Head: Risk Support Unathi Kamlana Head: Policy, Statistics and Industry Support 2.1 The PA team The PA team consists of employees of the SARB who were seconded to the PA. The Financial Services Board’s Insurance Prudential team and the Cooperative Banks Development Agency’s Supervision team were transferred to the SARB in terms of section 197 of the Labour Relations Act 66 of 1995 and these team members were similarly seconded to the PA. All employees of the SARB have been seconded to the PA for an indefinite period. The PA consists of 242 staff members with qualifications and experience in banking, insurance, actuarial science, law, policy, governance, commerce and finance. The PA staff members are committed to the values, policies and procedures of the SARB. The values of respect and trust, open communication, integrity, accountability and excellence are central to the team’s work ethic. The team understands its responsibility to thoroughly comprehend the business models, strategies and risks associated with the respective MIs and financial institutions that it regulates and supervises. In-depth reviews of the infrastructures and financial institutions that fall within its regulatory and supervisory ambit are conducted, and any identified issues of concern are promptly communicated through the appropriate reporting structures and committees within the PA. The team will, in future, consider the manner in which financial product providers – which do not fall within the traditional banking, insurance or market infrastructure frameworks – should be regulated and supervised. The FSR Act requires the PA to discharge its responsibilities effectively and without fear, favour and/or prejudice. The PA endeavours to be consistent in its regulatory and supervisory actions and decision-making processes. In addition, the PA will always be cognisant of the impact of its actions on the safety and soundness of the regulated MIs and financial institutions as well as on the financial stability of the country. 2.2 Accountability of the PA As stated previously in section 1, the PA was established as a juristic person operating within the administration of the SARB. The governance systems and processes adopted by the PA are aligned to those of the SARB, where similar structures exist. The SARB has seconded personnel to the PA and provides accommodation, facilities and use of assets as agreed between the SARB and the PA. The PA will prepare an annual report on its activities, to be submitted to the Minister for tabling in Parliament. The financial accounts for each financial year will be prepared by the PA and will form part of the annual report of the SARB. The SARB’s annual report, which incorporates SARB’s financial statements, is also tabled in Parliament in terms of the South African Reserve Bank Act 90 of 1989.

6 Regulatory Strategy 2018–2021 The CEO of the PA is appointed by the Governor with the concurrence of the Minister of Finance. The CEO must be a Deputy Governor of the SARB with expertise in the financial sector. The term of office of the CEO is also prescribed by the FSR Act. In fulfilling its mandate, the PA has to ensure that it exercises its powers and performs its duties in a reasonable and justifiable manner. Administrative actions taken by the PA have to comply with the requirements of the Promotion of Administrative Justice Act 3 of 2002. A person3 that is aggrieved by a decision4 made by the PA may apply to the Financial Services Tribunal for reconsideration of the decision. The Financial Services Tribunal5 was established in terms of the FSR Act. 3. Why the PA was established Historically, the prudential regulation of banks and non-banks was split between the Bank Supervision Department (now the PA) of the SARB and the Financial Services Board (now the FSCA) respectively. This resulted in a ‘silo’ approach to the regulation of banks and non-banks, with different legislation, standards and requirements being applied, which led to potential regulatory arbitrage. The Twin Peaks approach to financial regulation, as proposed in the FSR Act, is designed to underpin a comprehensive regulatory system with two main regulatory authorities specialising in (i) strengthening of the safety and soundness of financial institutions, and (ii) better protection of financial customers to ensure fair treatment by financial institutions. In addition, given the systemic importance of some MIs, the PA will also regulate and supervise them from a prudential perspective. The PA is responsible for the prudential regulation6 and supervision of banks, insurers and MIs in a harmonised and consistent manner across the different financial institutions. This approach to regulation and supervision will enable the large financial groups – engaging in, for example, both banking and insurance that characterise the South African financial system – to be captured under financial conglomerate supervision. This means additional ‘supplementary supervision’ of a financial conglomerate, as designated by the PA, addressing all entities which may affect the overall risk profile and/or financial position of the financial conglomerate or the individual entities within the group. This change is in line with international standards. The objectives of the PA are underpinned by a comprehensive and consistent prudential regulatory and supervisory framework. To achieve these objectives, the PA will collaborate and coordinate with the FSCA as its twin peak. The PA will also cooperate and collaborate with other financial sector regulators in developing its regulatory and supervisory approach, specifically the National Credit Regulator (NCR) regarding credit risk in financial institutions and credit providers. While the NCR is responsible for the registration of credit providers, credit bureaux and debt counsellors as well as the enforcement of compliance with the National Credit Act 34 of 2005 (NCA), there is currently limited prudential regulation of non-bank credit providers. The PA, within its mandate of promoting and enhancing the safety and soundness of financial institutions that provide financial products, which includes credit in terms of a credit agreement, has a role to play in the prudential regulation and supervision of credit providers in the non-banking sectors. The PA will therefore initiate the realisation of its mandate in this area in the coming years. The PA will work with the NCR to address risks in this area as it develops its approach. 3 A ‘person’ is defined in section 1 of the FSR Act and means a natural or juristic person, and includes an organ of state. 4 Decision’ is defined in section 218 of the FSR Act. 5 The Financial Services Tribunal may be contacted on LEG.Tribunal@fsca.co.za or telephone: 012 428 8012/ 012 367 7259 6 ‘Prudential regulation’ refers to ensuring that financial institutions are internally and inherently sound from a financial perspective. The focus of prudential regulation and supervision is to ensure that financial institutions comply with minimum prudential requirements related to capital, liquidity, credit and other relevant ratios, and to make sure that they are managed by suitably qualified and skilled individuals. A healthy, sound and properly functioning financial institution is able to meet its obligations to financial customers such as depositors, policyholders and fund members.

Regulatory Strategy 2018–2021 7 4. The PA’s regulatory and supervisory priorities for the next three years The PA will focus on the efficient and effective regulation and supervision of banking (including co-operative financial institutions) and insurance activities as well as MIs as part of the transition into the Twin Peaks architecture. The PA will assess its progress in executing its strategic objectives on a six-monthly basis as part of the SARB strategy process. The strategy process ensures that there is specific alignment between the PA and the strategies of the Financial Surveillance, Financial Stability and National Payment System departments. The PA’s core strategic objectives to promote the safety and soundness of regulated institutions, as outlined in section 4.1 to 4.5 below, include: – strengthening the regulation and supervision of banks; – implementing the framework for financial conglomerate regulation and supervision; – implementing the framework for MI prudential regulation and supervision; – implementing the Insurance Solvency Assessment and Management (SAM) Regulatory and Supervisory Framework; and – establishing the regulatory and supervisory framework for significant owners. These core strategic objectives will be supported by: – the PA’s approach to transformation, financial inclusion and competition – section 5 (below); – developing, improving, enhancing and integrating the supervision of these financial institutions – sections 6 and 7 (below); – coordination and collaboration with other regulators and the SARB – section 8 (below) ; and – adequate funding of the PA – section 10 (below). Regulatory perimeter changes are anticipated in the next three years and the PA foresees the establishment of new types of financial institutions that do not necessarily fall within the current scope of regulation and supervision. Financial technology (fintech) is anticipated to be the most disruptive force in this context. These developments will be closely monitored and appropriate proportionate regulatory and supervisory responses will be implemented. The processes necessary to give effect to the above core strategic objectives, which may be of interest to industry and interested parties, are discussed below. 4.1 Strengthening the regulation and supervision of banks The FSR Act and its consequential amendments to other financial sector laws provides that the PA will be the prudential regulator and supervisor of banks, mutual banks, co-operative banks and co-operative financial institutions (CFIs). The PA is also the responsible authority for the Banks Act 94 of 1990 (Banks Act), the Mutual Banks Act 124 of 1993 (Mutual Banks Act) and the Co-operative Banks Act 40 of 2007 (Co-operative Banks Act). Further, the PA is responsible for registering banks, mutual banks, co-operative banks and CFIs with the concurrence of the FSCA, which is responsible for the regulation and supervision of the market conduct of these financial institutions. The PA will seek to enhance and promote the safety and soundness of banks and the banking system. Further, the PA will participate in, and influence the development of global regulatory frameworks for banking through the Basel Committee on Banking Supervision (BCBS). Effective supervision relies on established rules and standards, and includes an understanding of the individual institutions as well as collective financial institutions in the environment in order to take pre-emptive action to mitigate potential risks. During the 2018–2021 period, the PA will assess the appropriateness of the various international principles and standards (as set by the BCBS and other international bodies). Thereafter, the PA will issue regulatory instruments that will incorporate the international standards after adjusting for local requirements.

8 Regulatory Strategy 2018–2021 The regulatory instruments currently being considered for implementation are: – standardised approach for counterparty credit risk; – capitalisation of bank exposures to central counterparties; – equity investment in funds; – net stable funding ratio, including disclosure requirements; – interest rate risk in the banking book; – fundamental review of the trading book; – revisions to the securitisation framework; – supervisory framework for measuring and controlling large exposures; – replacement of all operational risk approaches with the Standardised Measurement Approach (SMA); – revisions to the credit risk standardised approach and internal ratings-based approach; – enhanced disclosure requirements; – Total Loss-Absorbing Capacity (TLAC) holdings standard; – fintech sound practices; – International Financial Reporting Standard (IFRS) 9, Financial Instruments; – regulatory treatment of accounting provisions: interim approach and transitional arrangements; – IFRS 16, Leases; and – IFRS 17, Insurance Contracts. The prudential framework for mutual banks will be updated to cater for newer business models and developments that have occurred in the sector since 1994. Over the medium term, prudential standards and an amended Mutual Banks Act will be finalised, after appropriate consultation. At present, co-operative banks are regulated and supervised by the PA. CFIs will, in terms of the amendments to the Co-operative Banks Act, also be regulated and supervised by the PA. The PA is in the process of developing a new prudential regulatory and supervisory framework for CFIs. 4.1.1 Key outcomes The intended key outcomes of these initiatives include: – alignment with updated Basel III requirements for banks; – a Mutual Banks Act that reflects the developments in the mutual banks sector and the introduction of new regulatory instruments, as applicable; – a revised co-operative banks framework; and – a comprehensive set of prudential standards for CFIs. 4.2 Implementation of the financial conglomerate regulation and supervision framework The globalisation of financial markets has created a catalyst for the development of internationally active financial groups, which have increased in number, complexity and size. These groups provide a broad range of products and services, including banking, insurance, securities and investment services. These products and services are often provided in multiple jurisdictions and critical functions are dispersed in various legal entities, both nationally and globally. Failures in regulation and supervision internationally have highlighted the deficiencies in traditional regulatory and supervisory frameworks, where oversight was restricted. This is particularly important for groups that operate in multiple jurisdictions and conduct cross-sector activities. The 2007/2008 global financial crisis highlighted just how integrated these groups are in economic and financial systems.

Regulatory Strategy 2018–2021 9 The adoption of financial conglomerate supervision has emerged internationally as a critical supervisory tool to help ensure that internationally active financial groups are efficiently regulated and supervised, and that their operations are conducted in a prudent and financially sound manner. Since the South African financial system is dominated by a few large financial institutions, this leads to high level of interconnectedness and high risk of contagion. This situation requires adequate regulation and supervision of such institutions in order to deal with unique risks and outcomes. Regulatory and supervisory regimes have to respond to changes in the structure and business operations of regulated financial firms. The emergence of financial conglomerates is a key feature of the evolution of financial systems and the increased functional integration between the business of banking, insurance and market infrastructure. The FSR Act creates an empowering framework that allows the PA to make prudential standards for the regulation and supervision of financial conglomerates in South Africa. The current requirements contained in the FSR Act, the Banks Act and the Insurance Act will introduce three levels of supervision within the prudential supervisory hierarchy, as depicted in Figure 4 as follows: – Level 1: supervision of a licensed entity on a stand-alone basis (‘solo supervision’). – Level 2: specialist group supervision where a group of companies operates primarily in one industry (e.g. banking or insurance groups). – Level 3: supervision of a financial conglomerate where a group of companies operates in one or more different industries (i.e. banking, insurance or MI). Figure 4: The three levels of supervision Level 1 Supervision of a licensed single entity on a stand-alone basis (referred to as ‘solo supervision’) Level 2 Specialist group supervision where the supervised group operates primarily in one industry (e.g. banking or insurance groups) Level 3 Supervision of a financial conglomerate, where the group of companies generally operates in at least one industry (i.e. banking, insurance or market infrastructure) Financial conglomerate supervision has been included in the PA to achieve the following: – Capture the risks not covered by the Level 1 or Level 2 frameworks. – Minimise the risk of failure of financial conglomerate groups: • Levels 1 and 2: focus on depositor/policyholder/member protection. • Level 3: focus on failure minimisation and systemic stability. – Obtain a holistic view of group-wide activities, intragroup relationships and large exposures. Non-financial entities that fall within the same group as a PA-regulated financial institution may be scoped into the financial conglomerate depending on the risk such entity poses to the regulated financial institution.

10 Regulatory Strategy 2018–2021 Ensure consistent application of regulatory requirements, regardless of industry, structure and/ or mix of businesses (e.g. on capital requirements and governance standards). – Capture a variety of corporate structure arrangements. – Align regulatory requirements for banking groups, insurance groups and financial conglomerates. A draft framework document was discussed with industry in 2017 and the supervisory framework for financial conglomerates supervision will be finalised in the coming months. 4.2.1 Key outcomes The intended key outcomes of this initiative are: – finalised criteria for the designation of financial conglomerates; and – an established financial conglomerate regulation and supervision framework that mitigates against the risk of contagion, reduces regulatory arbitrage within groups and addresses the risks that arise from unregulated parts of a financial conglomerate. 4.3 Implementation of the prudential regulatory and supervisory framework for market infrastructures In 2009, the leaders of the Group of Twenty (G20) agreed to a comprehensive reform agenda for the over-the-counter (OTC) derivatives market. The introduction of the FSR Act was accompanied by the introduction of new regulations (the FM Act’s Regulations) issued in terms of the FM Act. The FM Act’s Regulations – promulgated on 9 February 2018 – seek to ensure that South Africa complies with international commitments to implement regulatory and legislative reforms to make financial markets safer and also regulate the OTC derivatives market. The FM Act Regulations aim to achieve the following: – Expand the scope of regulatory oversight to the OTC derivatives market and its participants. – Prescribe the criteria for the asset and resource requirements applicable to MIs that are licensed to perform the functions and duties specified under the FM Act. – Provide for the organisational and resource requirements to govern the activities of central counterparties. – Provide for the responsibilities of the controlling body and senior management in the governance and risk management of central counterparties. – Prescribe additional safeguards applicable to central counterparties to ensure the safety, soundness and integrity of financial markets.. As stated above, the PA’s mandate in terms of the FSR Act includes prudential supervision of MIs. However, the regulatory framework set out in the FM Act also remains in place and has been amended to recognise the roles of the PA and the FSCA in regulating and supervising market infrastructures under the existing sectoral framework. The powers afforded to the two authorities in terms of the FSR Act will be in addition (an overlay) to those provided for in the FM Act. The powers given to the regulatory authorities in the FSR Act are therefore intended to ensure that the two authorities have the required tools to perform their functions effectively, without being limited by gaps in the existing laws. The amended framework for the regulation and supervision of market infrastructures, as contemplated in the FSR Act, is designed to provide a flexible regulatory structure in which both regulators (the PA and the FSCA) are responsible for regulating and supervising market infrastructures, and play a role in assisting the SARB in exercising its functions relating to financial stability. Furthermore, since the FSR Act is an overlay to existing sectoral laws, the FSR Act has to be read with the consequential amendments to the FM Act, for a comprehensive understanding of

Regulatory Strategy 2018–2021 11 the roles and responsibilities of the PA and the FSCA towards market infrastructures. The FSCA is cited as the ‘responsible authority’ for the FM Act in terms of schedule 2 of the FSR Act and therefore the FSCA will still primarily be responsible for the regulation and supervision of MIs in terms of the FM Act. However, in terms of the FM Act, the PA is also empowered to perform certain responsibilities and functions which are aligned to its functions and objectives towards market infrastructures, as set out in the FSR Act. The consequential amendments to the FM Act through the FSR Act are necessary to enhance the capacity of, and to delineate the functional roles and responsibilities of, the FSCA, the PA and the SARB. Consequently, the PA will in consultation with the FSCA and other relevant stakeholders develop a prudential regulatory and supervisory framework for market infrastructures, which will include the issuance of prudential standards as well as the issuance of joint standards in respect of certain matters as prescribed in the FM Act or the FSR Act. The allocation of roles and responsibilities which forms the basis of the PA’s supervisory framework has to be seen in the context of the complex negotiations between the PA and the FSCA to reallocate duties and resources and the need for regulatory certainty. In order to provide the necessary certainty, arrangements have been made to give effect to the roles of the authorities by way of a Memorandum of Understanding (MoU) and the delegation of functions, where feasible. The Twin Peaks framework takes the financial markets reform process one step further by empowering the PA with prudential regulatory authority over the providers of securities services, which include authorised users of exchanges, participants of central securities depositories and clearing members of clearing houses and central counterparties (and not just the MI), to create a prudential regulatory framework within which to better manage the risks and systemic issues in the financial markets. Notwithstanding that providers of securities services are subject to the rules of MIs with respect to particular activities, the PA may, in terms of the FSR Act, make prudential standards for, or in respect of, financial institutions that provide securities services. In terms of the FM Act the PA and the FSCA may prescribe additional matters to those listed in the FM Act that should be contained in the market infrastructure’s rules. The implementation focus of the PA will therefore be on: – the resourcing of a dedicated MI supervisory team, under the Banking, Insurance and FMI Supervision Department; – assessing, adapting (where necessary) and implementing the supervisory approach for MIs, which will include: • developing the necessary policies, processes and procedures within the PA; and • developing, consulting on, and implementing the necessary supervisory tools specifically for MIs; and; – assessing how the principles developed by international standard-setting bodies for prudential regulation of MIs are observed. 4.3.1 Key outcomes The intended key outcomes of this initiative are: – a framework for the regulation and supervision of MIs from a prudential point of view; and. – a matrix of various risks faced by each type of MI. The risks include at least operational risk, liquidity management and capital adequacy for unforeseen events. The PA will consider international best practice and develop its prudential regulatory and supervisory approach so as to best promote and enhance the safety and soundness of MIs.

12 Regulatory Strategy 2018–2021 4.4 The Insurance SAM Regulatory and Supervisory Framework In 2009, the Financial Services Board and the South African insurance industry embarked on the SAM project, with a view to establish a risk-based prudential regulatory and supervisory regime for the prudential regulation and supervision of both short- and long-term insurers (including reinsurers and Lloyds) in South Africa. Having considered global trends in insurance supervision, particularly the Solvency II developments in Europe and the Insurance Core Principles (ICPs) set by the International Association of Insurance Supervisors (IAIS), the SAM governance structures started to develop a solvency framework that would comply with the criteria for Solvency II third-country equivalence, comply with the ICPs and accommodate the unique requirements of the South African insurance industry. A specific activity, which warrants mention, is the conversion of insurance licences under this new regime. 4.4.1 Key outcomes The risk-based SAM framework has been finalised and the focus is now on the implementation efforts to ensure that both the PA and the industry are ready for implementation. The intended key outcomes of this initiative are: – an embedded risk-based regulatory and supervisory framework for insurers; – the issuance of further regulatory instruments and guidance to industry (particularly important due to the principles-based nature of SAM); and – a matrix of areas that require further work. After implementation, the PA will analyse and address any issues that might arise from the actual implementation as well as planning and scoping for SAM Phase 2. 4.5 Establishing the regulatory and supervisory framework for significant owners The FSR Act recognises that financial sector regulators must be in a position to proactively monitor and manage systemic risks in respect of the financial institutions that they supervise. This will ensure that both financial customers and the financial sector as a whole are protected. The FSR Act therefore provides financial sector regulators with additional powers, over and above the relevant provisions in the sectoral laws, in relation to the significant owners of financial institutions. In terms of the FSR Act, significant ownership is established if a person is directly or indirectly able to control or materially influence the business and/or strategy of a financial institution. Without limiting the concept of a significant owner, a person is considered to have such ability if: – the person, directly or indirectly, alone or together, with a related or interrelated person, has the power to appoint 15% of the members of the governing body of a financial institution; – the consent of the person, alone or together, with a related or interrelated person, is required for the appointment of 15% of the members of a governing body of a financial institution; or – the person, directly or indirectly, alone or together, with a related or interrelated person, holds a qualifying stake, as defined in section 1 of the FSR Act, in a financial institution. The FSR Act prescribes certain approval or notification requirements in respect of becoming or ceasing to be a significant owner. The FSR Act also prescribes approval and notification requirements for increasing or reducing the extent of significant ownership.

Regulatory Strategy 2018–2021 13 In addition, the PA and FSCA have to publish standards that significant owners must comply with, in relation to fit and proper requirements. The PA may also issue directives to the significant owners of financial institutions in instances of contraventions or imminent contraventions of financial sector laws for which the PA is the responsible authority. Directives may also be issued to a significant owner of a financial institution and to a financial institution, requiring them to prepare and submit a plan that is satisfactory to the PA, under which the significant owner will cease to be a significant owner of the financial institution. 4.5.1 Key outcomes The intended key outcomes of this initiative are: – consistent treatment of significant owners across regulated financial institutions; and – fit and proper significant owners of regulated financial institutions that strengthen the outcome of the objectives outlined in the FSR Act. 5. Transformation, financial inclusion and competition The financial sector plays a critical role in the economy and in achieving the economic growth and development goals of the country. The debate around the transformation of the financial sector is a critical component to the broader discussion about a transformed economic dispensation that leads to inclusive growth where the marginalised sectors of society participate in the mainstream economy. Given the interrelationship between growth and transformation, the interventions to achieve transformation of the financial sector must be aimed at reforms that are relevant to the financial sector and that are necessary to achieve sustainable economic growth and reduce the economic inequalities. The PA supports the view that meaningful transformation of the financial sector is not merely about ownership of financial firms, but also about how the sector supports real economic activity which includes: – issues of financial access/inclusion, protection of depositors and policyholders; – ensuring competitive charges for products and services in a stable financial system; and – ensuring that appropriate products are sold to financial customers. When transformation is viewed more broadly, the area where changes need to be effected also broadens. The Insurance Act provides for: – transformation in the objectives of the Insurance Act; – requirements for the conversion of existing registrations and new licences (by requiring an applicant to demonstrate that it has a plan to meet its stated commitments in terms of transformation of the insurance sector, including meeting the targets envisaged by the FSC); and – variation of licensing conditions and exemptions. It may therefore be possible under the Insurance Act for prospective financial institutions that find current licensing requirements too onerous to enter the sector with appropriate requirements that still enable them to meet minimum acceptable standards from a risk management and consumer protection point of view. The PA also focuses on the enhancement of a tiered financial sector that will allow for a wider range of participants regulated by the PA with differing operational and regulatory capital requirements. The entrance of transformation entities into the sector will also be based on the legislative requirements of the Broad-Based Black Economic Empowerment Act 53 of 2003 (BBBEE Act) and the Financial Sector Code (FSC) made under the BBBEEA. It should, however, be noted that enforcing the BBBEE Act and the FSC is beyond the scope of the PA.

14 Regulatory Strategy 2018–2021 The role of financial institutions, both domestically and internationally, is being disrupted, at a rapid pace, by innovative and emerging technologies. The PA recognises the potential of such developments to improve access and efficiencies in the financial sector. The SARB recently established an internal Fintech programme to focus on three key areas, namely (i) to consider policy and regulatory implications of specific fintech innovations; (ii) to collect data on the local fintech industry; and (iii) to assess the appropriateness of innovation facilitators, including a regulatory sandbox. As part of its mandate to support financial inclusion, the PA will collaborate with the SARB in monitoring fintech developments that may potentially facilitate financial inclusion through affordable and appropriate financial services and the entrance of smaller players into the market. The data collected and interactions through the innovation facilitators will serve to inform policy positions on the appropriateness of the current regulatory framework. The SARB has noted that other central banks, such as Bank Negara Malaysia, use innovation facilitators to promote public policy objectives. These objectives include competition and financial inclusion, without compromising the existing laws and regulations, to maintain the integrity of the financial system. The primary role of a prudential regulator is to assess the safety and soundness of a financial institution in order to protect financial customers against the risk of a financial institution failing to meet its obligations. The PA acknowledges its supporting role to enhance the progressive realisation of transformation in South Africa. 6. How the PA performs its regulatory and supervisory tasks The two fundamental aspects of the PA’s approach are: – the regulatory framework, which sets out the rules and requirements imposed on financial institutions and MIs, from licensing to resolution; and – the supervisory framework, which sets out the manner in which the PA will supervise compliance with the prudential requirements and any other relevant requirements on financial institutions and MIs. Figure 5: Approach to regulation and supervision Regulatory framework Supervisory framework

Regulatory Strategy 2018–2021 15 6.1 The approach to regulation The FSR Act gives the PA and the FSCA additional powers – on top of the existing industry￾specific financial sector laws – to ensure that they have the required tools to perform efficiently in this first phase of establishment, without being limited by gaps in existing laws. In addition to its existing regulatory tools in terms of financial sector laws, the PA may also issue prudential standards and, together with the FSCA, issue joint standards. The PA will consider the South African context and realities in the implementation of standards and will implement internationally agreed regulatory and supervisory standards as appropriate for South Africa. The PA will adopt a collaborative and consultative approach to regulation and engage with other regulators, industry bodies and stakeholders within and outside the financial sector. The PA will be involved in all the regulatory and supervisory developments by other regulators and industry bodies that may affect the manner in which financial institutions and MIs are regulated and supervised. 6.1.1 Consultation The FSR Act requires that appropriate consultations are held prior to the release of any regulatory instrument by a financial sector regulator. The PA will therefore engage with other relevant regulators, industry and the relevant MIs, as necessary, on its prudential standards. The PA will follow the prescribed public consultation process, which includes submitting its draft regulatory instruments to Parliament before implementation. The consultation process for making regulatory instruments involves publishing a: – draft instrument; – statement explaining the need for, and the intended operation of, the instrument; – statement on the expected impact of the instrument; and – notice inviting submissions on the draft instrument, together with details pertaining to the form of the submissions. The period for making submissions must be at least six weeks from the date of publication for public consultation. The PA is required to publish a consultation report for each regulatory instrument, which must include a general account of the issues raised in the submissions and a response to the issues. 6.1.2 Compliance with international standards South Africa is committed to implementing internationally agreed standards insofar as they are appropriate to the local context in terms of contributing to a safer and sounder financial system. The PA will play an active role in international standard-setting bodies with a view to influence the formulation of appropriate prudential and other standards that contribute to the achievement of its mandate. MoUs between the various authorities established in terms of the FSR Act will deal with coordination and collaboration between the authorities in the context of international representation and participation. 6.2 The PA’s approach to supervision The PA’s approach to supervision is risk-based and proportional, forward-looking (pre-emptive), outcomes-focused and integrated. The supervisory approach will be embedded through supervisory tools.

16 Regulatory Strategy 2018–2021 There are four phases in the life cycle of a financial institution where prudential supervision is exercised. These phases are: – licensing – supervision – enforcement – resolution (in collaboration with the SARB). The focus is mainly on the supervision phase and it accounts for most of the PA’s supervisory activities. The main focus and outcome of the ongoing supervision phase is for the PA to ensure that each financial institution complies with the financial sector laws and the related prudential requirements. All ongoing supervisory interventions are based on the outcome of the risk assessment which is done so that the PA identifies the material risks to which each financial institution and each MI may be exposed. This also ensures that the respective risks are adequately managed and appropriately mitigated. 6.2.1 Risk-based and proportional supervision Risk-based supervision focuses resources in areas that, when assessed by supervisors, pose greatest risks to the achievement of the PA’s objectives as well as to the safety and soundness of the financial system in its entirety. It is the PA’s responsibility to support the SARB in maintaining financial stability. Systemic considerations therefore play an important role in the PA’s risk-based supervisory approach. To increase effectiveness, it is essential that the PA intervenes on a timely and proportional basis. The PA’s supervisory activities are tailored to the specific risks and/or issues that a supervised financial institution or a supervised MI is faced with. The framework for prudential supervision requires supervisors to identify risks and ensure that suitable supervisory action is taken to appropriately mitigate the risks to which an institution or an infrastructure is exposed, and for the risk to remain at an acceptable tolerance level. The PA’s risk-rating and supervisory intensity model provides a structure to guide it in gauging risks and determining an appropriate supervisory response. The adoption of a risk-based approach to prudential supervision implies that the PA has a tolerance for risk. Since supervisors operate in an imperfect world in which they cannot anticipate every possible outcome, it is essentially impossible to remove the risk of failure completely. Attempting to do so would impose a cost on the financial system in terms of effectiveness and efficiency, which would be disproportionate to the benefits being sought. Like most comparable authorities around the world, the PA seeks to maintain a regulatory and supervisory environment with an acceptably low probability of institutional failure, under which prudentially supervised institutions should be able to meet their obligations under all but exceptional circumstances. This tolerance for risk by the PA is reflected in, among other things, the use of the risk-rating and supervisory intensity model when it sets its supervisory priorities.

Regulatory Strategy 2018–2021 17 6.2.2 Forward-looking approach For a supervisor to be forward-looking or pre-emptive, the supervisor has to anticipate and respond to risks that may emerge within a financial institution, within the industry in which the institution conducts business, and within the broader financial system. The PA’s approach recognises that the responsibility for financial safety and soundness as well as for prudent risk management resides primarily with the boards of directors and senior management of regulated financial institutions and MIs. Through regular meetings with boards and management, the PA will provide supervisory oversight in respect of: – activities and future plans of regulated financial institutions and MIs; – boards and management of regulated entities that are sufficiently cognisant of the related and/or consequential risks; and – appropriate action taken. 6.2.3 Focusing on outcomes Outcomes-focused supervision concentrates on the outcome that the supervisor wants to achieve in the supervisory programme. The approach recognises the importance of substance over form in achieving the mandate of the PA. 6.2.4 The PA supervisory framework In addition to the legislated principles guiding the PA’s approach to supervision, there is an overriding objective of integrating and harmonising the approach to prudential supervision across sectors. While certain aspects of each sector may warrant specific treatment, to the extent that each sector faces largely the same set of risks, there is a compelling case to integrate and harmonise supervisory approaches and practices. This includes minimising the scope for regulatory arbitrage, eliminating or at least minimising the potential risk of duplication and achieving appropriate economies of scale within the PA. The supervisory framework is based on four pillars that are derived from the life cycle of a financial institution, from licensing to resolution in the event that it is unable to sustain itself (cradle to grave). Figure 6 outlines the four pillars of the supervisory framework: licensing, ongoing supervision, enforcement and resolution. Figure 6: PA Supervisory Framework PA Supervisory Framework Licensing Ongoing supervision Enforcement Resolution

18 Regulatory Strategy 2018–2021 6.3 Supervisory tools Multiple, interrelated instruments and tools are used as part of the PA’s ongoing supervisory activities, as reflected in Figure 7. Figure 7: Phases of ongoing supervision Supervisory planning initial analysis • Previous risk assessments • Previous supervisory follow-up activities • Industry analysis: emerging themes and/or risks • PA priorities (fl avour of the year) • Standing arrangements Supervisory planning risk assessment • External environment • Business model analysis • Governance and risk management framework • Financial support Supervisory reporting and follow up • Query letters • Graph discussions • Prudential meetings • On-site assessments Supervisory execution • Prudential meetings • Off-site analysis (applications, notifi cations, returns) • Governance and culture reviews • Thematic reviews • On-site and AML/ CFT reviews • Independent reviews • Investigations • Industry analysis Quality assurance 1st level – PA management, PA panels > 2nd level: Supervisory Framework Division > 3rd level: Internal audit > 4th level: External assurance providers (PA auditors, peer reviews, etc.) 6.3.1 Supervisory planning 6.3.1.1 Initial analysis This is the starting point of the forward-looking and risk-based framework; it forms a view of the prudential and systemic risks posed by an institution. In this phase, all sources of information, which would assist in establishing a view, must be considered and can include: – outcomes of previous risk assessments conducted; – previous supervisory follow-up activities; – key themes across the industry; – PA executive priorities or those areas regarded as ‘flavour of the year’; – standing arrangements;7 and – industry risk analysis: this involves research and assessment of the macroeconomic environment and state of each supervised sector with a view to identifying particular trends, risks and supervisory issues. This analysis may lead the PA to incorporate into its supervisory plan actions relating to a specific institution and/or the development or refinement of applicable prudential requirements. The analysis is then shared with the FSCA as well as the relevant departments within the SARB, thereby facilitating the achievement of the PA’s statutory obligation to assist the SARB to preserve systemic stability. 6.3.1.2 Risk assessment In identifying and assessing the risks, the PA will consider the macroeconomic environment, the industry within which the institution operates as well as the business model and strategy of the institution. In assessing the mitigating factors, the PA will focus on the adequacy of the institution’s governance structures and internal controls, together with financial support in the form of capital and earnings. 7 This refers to regulatory obligations (i.e. reporting requirements) or where specific conditions or requests were made to the financial institution to provide information regularly.

Regulatory Strategy 2018–2021 19 Each risk dimension is rated and scored from 0 to 4 (with a scoring of 4 indicating a dimension posing a high risk to the entity) through consistently applied definitions, where after, an overall risk profile is calculated and the intensity of the supervisory intervention is determined. 6.3.2 Supervisory execution 6.3.2.1 Prudential meetings The PA will, on a regular basis, hold prudential meetings with the board of directors and board subcommittee members; executive management, heads of control functions, and the external auditors of the regulated financial institutions. These regular engagements include a focus on obtaining an update on key strategic and risk issues as well as the PA’s supervisory assessment of the institution. In addition, the PA will also meet with supervised institutions on an ongoing basis to discuss information received, business initiatives and to also respond to requests for approvals and interpretations of legislation and prudential standards provided by the Technical Industry Support Division within the Policy, Statistics and Industry Support Department. 6.3.2.2 Off-site reviews Off-site reviews consist of, among other things, a detailed analysis and assessment of: – quantitative information (e.g. the statutory financial data submitted periodically by regulated institutions in terms of specific financial sector legislation); and – qualitative information (e.g. internal audit and compliance reports submitted by, or available in the market relating to regulated institutions). An off-site analysis also includes: – industry comparisons; – an analysis of industry- and/or institution-specific information; – accessing public sources of information relevant to an institution; and – monitoring and examining compliance with financial sector legislation that falls within the mandate of the PA. A forward-looking approach is applied to the analysis process in order to: – identify key trends; – facilitate the early detection of emerging risks; and – determine the appropriate supervisory action(s) to be taken. The outputs of an off-site analysis process include the periodic revision of an institution’s supervisory action plan to ensure appropriate supervisory coverage based on the risk profile of the institution. 6.3.2.3 Applications and notifications In terms of various pieces of financial sector legislation, regulated financial institutions are required to either apply for the approval of certain planned activities or notify the PA of certain changes. The application and notification process is a formal process during which prescribed application and/or notification forms are submitted with supporting documents. These applications and/or notifications are assessed and the outcome is communicated to the regulated financial institution. 6.3.2.4 Governance reviews and culture assessments The PA aligns its governance review methodology with that of the King IV Report on Corporate Governance for South Africa, 2016 (King IV). King IV defines corporate governance as ‘the exercise of ethical and effective leadership by the governing body towards the achievement of: ethical culture; good performance; effective control; and legitimacy’. The PA assesses the governance leadership, structures and functional areas for each regulated financial institution and to ensure that they adequately reflect good corporate governance.

20 Regulatory Strategy 2018–2021 Culture assessments provide the PA with further insight into whether the risk appetite and tolerance as well as the values as set by the board are aligned with, and embedded within the organisational practices of the regulated financial institution. 6.3.2.5 On-site inspections and AML/CFT reviews On-site inspections challenge and test the effectiveness of the institution’s processes and procedures. The PA will also test the validity of the risk assessments performed on the basis of off-site information. The aim is to identify key risks and confirm whether these are well managed or not, or identify areas for improvement. The AML/CFT on-site inspections assess an institution’s compliance with the Financial Intelligence Centre Act 38 of 2001 (FIC Act). The PA will also test the AML/CFT risk assessment and commensurate internal controls of institutions. During an on-site inspection, the effectiveness and efficiency of an institution’s processes and procedures are reviewed and tested. The aim is to identify risks and either confirm that these are well managed or identify areas for improvement. If and when identified, areas of risk bring into question the institution’s ability to meet its financial obligations and the PA may need to take supervisory action. On-site inspections are normally undertaken by frontline supervisors and could be performed with or without the assistance of the supervisory support areas. 6.3.2.6 Investigations Should there be serious concerns regarding a regulated institution’s compliance with financial sector legislation, the PA can request a formal investigation into its affairs. The focus of the investigation would be to provide evidence for regulatory and supervisory action in order to deal with the suspected non-compliance. 6.3.2.7 Independent reviews Should the PA be concerned about any calculation of the value of the assets, liabilities, capital requirements and/or capital resources of a financial institution as well as its governance framework, and the details, veracity and/or accuracy of such a matter cannot be ascertained or obtained through the normal supervisory processes (or it is difficult to obtain the details of such a matter through the usual supervisory processes), it will appoint an external person at the cost of the financial institution concerned, to investigate and report back to the PA on the reasonableness of the value and/or governance framework in question. 6.3.2.8 Thematic reviews Thematic reviews can include both off-site and on-site elements, and are used to test particular risk concerns across an entire or specific industry/sector. By focusing on particular risks in greater depth, the PA will be able to obtain a broad sectoral perspective. These reviews may be used to highlight particular institutions for supervisory attention and/or policy issues for further consideration. 6.3.2.9 Industry risk analysis This approach involves research and an assessment of the state of each supervised industry/ sector with a view to identifying trends and supervisory issues. These reviews may lead to regulatory action(s) relating to a specific institution and/or to a revision of prudential requirements. The PA regularly reviews each supervised sector as well as the general state of the macroeconomic environment for emerging issues and threats that may impact on supervised institutions. These reviews are shared with other relevant departments within the SARB, thus facilitating the achievement of the PA’s statutory obligation to assist the SARB in preserving systemic stability.

Regulatory Strategy 2018–2021 21 6.3.3 Supervisory reporting and follow up The results of the analyses conducted by the PA are used to establish an updated view of the prudential and systemic risks posed by the institution. Furthermore, actions to be taken (either by the entity or the PA) which may reduce the risk profile or enable better supervision are identified in this process. Feedback regarding actions to be implemented by the entity, together with additional information requested, is communicated formally to the entity. Agreed follow-up actions are flagged in the PA and the monitoring thereof forms part of the ongoing supervision cycle. 6.3.4 Quality assurance Adopting a risk-based approach to ongoing supervision, in which individual supervisors are encouraged to apply professional judgement, runs the risk that different decisions will significantly deviate from the PA principles and thus compromise the quality of supervision over time. If such an approach is to have integrity, it is critical that sound quality assurance processes are embedded into the supervisory framework. The PA implements several levels of assurance that makes use of the specialist support functions. Quality assurance is firstly provided by line management – the PA panels – secondly by the Supervisory Framework Division within the Policy, Statistics and Industry Support Department, and thirdly by the PA’s internal and external assurance providers. 7. Administrative action(s) and enforcement The PA, as a prudential supervisor, is not enforcement-led, but it will not hesitate to take appropriate enforcement action(s), in line with its outlined approach to regulation and supervision, where necessary and appropriate. The FSR Act empowers the PA to establish an administrative action committee to consider and make recommendations on administrative actions, including the imposition of penalties specified in the FSR Act. The PA will not establish an administrative action committee, but it will utilise existing internal governance processes to deal with administrative actions. The internal processes will ensure compliance with the Promotion of Administrative Justice Act 3 of 2000 as well as the procedural requirements outlined in the FSR Act and other applicable legislation. The Financial System Council of Regulators will establish working groups and subcommittees on enforcement matters. This will serve to ensure consistency on enforcement throughout the financial system. Without derogating from the provisions of the Protection of Personal Information Act 4 of 2013, and by virtue of the FSR Act and the financial sector laws, the PA has full access to statutory returns and all relevant information from the regulated entities, their controlling companies and subsidiaries, including internal management information. The PA schedules structured meetings with the regulated entities’ boards and chairpersons of the boards as well as the chief executive officers, other senior members of management and auditors (external and internal). The information gathered through prudential meetings and on-site and off-site supervision forms the basis of further regular interaction and discussions with the appropriate risk managers of the regulated entities. These quantitative and qualitative analyses form an intrinsic part of the supervisory programme for each regulated entity. As a result, the PA is able to risk-rate individual regulated entities as being of high, medium or low risk. The PA has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. Where areas of concern are identified, on-site inspections/reviews will be initiated and conducted, followed by feedback letters and requests for regular progress reports by the regulated entities to the PA on the required actions.

22 Regulatory Strategy 2018–2021 A sanctions and enforcement panel has been established to ensure that senior management of the PA regularly and rigorously review the state of regulated entities registered in terms of the financial sector laws with the intention of assessing their soundness, compliance with licensing conditions and general compliance with the financial sector laws; and for providing advice to the PA on whether or not any sanction or enforcement actions are required. In addition to actions provided for in other financial sector laws, the FSR Act allows for the following possible actions: – The PA can issue written directives in specified circumstances to a financial institution that provides a financial product or securities services, or is an MI, or to a key person of a financial institution, or to a holding company of a financial conglomerate, requiring that person to take specific action(s). – The PA can commence proceedings in court to ensure compliance with a financial sector law. – The PA can afford leniency to certain persons in exchange for collaboration with the PA during enforcement proceedings. – Persons can give written undertakings to the PA regarding future conduct. Once the PA accepts the undertaking, it becomes enforceable by the PA. – The PA can make a debarment order in respect of a natural person in circumstances prescribed by the FSR Act. 8. Cooperation and collaboration 8.1 Collaboration with other regulators The PA will collaborate with other regulators in executing its mandate. According to the FSR Act, the PA, FSCA, SARB, NCR and FIC must cooperate and collaborate when performing their functions. This cooperation and collaboration will extend to the making of regulatory instruments. Furthermore, if the regulatory instrument applies to the providers of securities services, then the MI that has the function of licensing these providers will also be consulted. The specific coordination mechanisms provided for by the FSR Act are MoUs between the financial sector regulators as well as the establishment of both the Financial System Council of Regulators and the Financial Sector Inter-Ministerial Council. The MoUs between the financial sector regulators must be reviewed at least once every three years and amended as appropriate. These MoUs will be published. The financial sector regulators and the SARB will conclude MoUs in respect of the following: – generally assisting and supporting one another in pursuing respective objectives in terms of financial sector law, the NCA and FICA; – informing one another and sharing information about matters of common interest; – striving to adopt consistent regulatory and supervisory strategies, including addressing regulatory and supervisory challenges; – coordinating, to the extent appropriate, actions in terms of financial sector laws, the NCA and FICA, including in relation to standards and other regulatory and supervisory instruments, licencing, supervisory on-site inspections and investigations, enforcement, information sharing, recovery and resolution, and reporting by financial institutions; – minimising the duplication of effort and expense, including establishing and using, where appropriate, common or shared databases and other facilities; – agreeing on attendance at relevant international forums; and – developing, to the extent appropriate, consistent policy positions, including at relevant local and international forums.

Regulatory Strategy 2018–2021 23 The PA, FSCA, SARB, NCR and FIC must, at least annually, as part of their annual reports and/ or on request, report to the Minister of Finance, the Cabinet member administering the NCA and to Parliament on measures taken to cooperate and collaborate with one another. 8.2 Specific coordination between the PA and FSCA The PA and the FSCA will enter into an MoU that will cover cooperation and collaboration regarding various aspects of their respective mandates. The PA and the FSCA will also issue joint standards, where appropriate, in order to minimise duplication and avoid regulatory arbitrage. Concurrent processes – such as licencing of financial institutions – shall be effected between the PA and the FSCA. In addition, the two regulators will collaborate on common ancillary objectives such as supporting sustainable competition in the provision of financial products and services, supporting financial sector transformation and financial inclusion. 8.3 Cooperation with the SARB In terms of the FSR Act, the SARB has the explicit mandate to protect and enhance financial stability. This mandate includes efforts to prevent a systemic event and, should a crisis occur, assist with restoring financial stability in South Africa. The FSR Act also places a responsibility on the PA to assist the SARB with its financial stability mandate; the FSR Act sets outs various processes and procedures to achieve this objective. An important area for cooperation and collaboration between the PA and the SARB involves systemically important financial institutions (SIFIs), which are designated by the Governor of the SARB. To mitigate the risk of a systemic event occurring, the SARB can, after consulting with the PA, direct the PA to impose, through directives or prudential standards, additional prudential requirements on SIFIs. The PA will work with the SARB and, where necessary, cooperate and collaborate with the SARB through the mechanism of an MoU. 8.4 Cooperation with the resolution authority The proposed resolution framework envisages the SARB to be the resolution authority for certain institutions regulated by the PA. As such, the PA will support the SARB in fulfilling its resolution functions. The SARB’s financial stability mandate will be supported by the work currently underway aimed at strengthening the resolution framework for designated financial institutions. In addition, the PA will cooperate and collaborate with the SARB in all matters related to recovery and resolution planning, the associated processes and the execution of resolution strategies for banks and other systemically significant non-bank financial institutions that fall within the remit of the PA. The SARB will support the PA in considering recovery planning for financial institutions. Pending the finalisation of the resolution framework and the establishment of a resolution authority within the SARB, the PA will be responsible for the resolution of financial institutions for which it is the responsible authority. Following the implementation of the resolution framework, the SARB will, in collaboration with the PA, be responsible for the resolution of systemic financial institutions. 8.5 Relationship with stakeholders The PA endeavours to build and maintain professional relationships with all stakeholders, including other regulators both locally and internationally. Sustaining robust and meaningful stakeholder engagement is viewed as critical to developing a regulatory and supervisory framework that achieves the objective of a regulator. The exchange of knowledge through cooperation and collaboration with stakeholders will in turn yield benefits and contribute towards the maintenance of a sound and stable financial system in South Africa.

24 Regulatory Strategy 2018–2021 As required by the FSR Act, the PA will ensure that appropriate stakeholder engagement arrangements and mechanisms are strengthened, implemented and maintained to facilitate consultation and information exchange with financial institutions, MIs, existing financial customers and prospective financial customers on matters of mutual interest. The PA engages with stakeholders at various forums including those below: 8.5.1 Industry and professional bodies The PA has regular interactions with industry and professional associations such as the South African Insurance Association, the Banking Association of South Africa, the Association of Savings and Investment South Africa, South African Institute of Chartered Accountants and the Actuarial Society of South Africa. These interactions are considered to be a rich source of information which will enable the PA to better understand the risks developing within the regulated sectors. Apart from the engagements that occur through regulatory and supervisory processes, consultative sessions are held with industry, as and when required. 8.5.2 International and regional organisations, bodies and forums The PA, either directly or under the auspices of the SARB, participates in numerous international and regional organisations and standard setting bodies such as the Bank of International Settlement (BIS), Basel Committee on Bank Supervision (BCBS), International Organization of Securities Commissions (IOSCO), Financial Action Task Force (FATF), the International Association of Insurance Supervisors (IAIS), and the Southern African Development Community (SADC). 8.5.3 Collaborative forums There are collaborative forums between organs of state and regulators within which the PA serves as a member, such as the Intergovernmental Fintech Working Group. These forums are a valuable source of information and provide a platform for the development of approaches to manage risks posed to the objectives of the respective participants. 8.5.4 Public awareness Public awareness campaigns are undertaken by the PA through different platforms such as web-based publications, road-shows and the media. 9. Framework for the delegation to other regulators In terms of sections 48 and 778 of the FSR Act the PA may delegate a power or a duty to the FSCA by way of an MoU, in accordance with a framework and system of delegation developed to ensure that any delegation does not constrain the PA or the FSCA in achieving its respective objectives. The FSCA can delegate powers and duties to the PA under the same conditions. The decision to delegate powers to the FSCA must be made by the Prudential Committee. The FSR Act makes two specific delegations. The first delegation relates to the collective investment schemes, pension funds and friendly societies, where the power of the PA to make prudential standards and otherwise achieve its objectives will be exercised by the FSCA. This transitional arrangement will apply for a period of three years from the date of the establishment of the PA, but may be extended or reduced by the Minister of Finance. 8 Section 77 of the FSRA states that ‘[a] delegation of power or duty by a financial sector regulator to another financial sector regulator must be effected by a memorandum of understanding entered into in terms of this section.’

Regulatory Strategy 2018–2021 25 The second delegation relates to medical schemes where the powers, duties and functions of the PA will be exercised by the Council for Medical Schemes. The extent of the delegation and the conditions thereto was determined by the Minister of Finance and was published.9 10. Funding of the PA According to A safer financial sector to serve South Africa better, published by National Treasury in February 2011, regulators should be appropriately and adequately funded to enable them to effectively execute their mandates. The FSR Act and the proposed Financial Sector Levies Bill (Levies Bill) provide for a mechanism aimed to ensure that the PA is adequately funded. The bill also empowers the PA to impose levies on the regulated entities to fund the costs of running the PA. The principle underpinning the imposition of levies is to recover the direct costs of running the PA from the regulated entities. Additional responsibilities for prudential regulation and supervision of financial institutions by the PA, other than banks, increased both the personnel10 and operational costs of the PA compared to that of the Bank Supervision Department (BSD) when it only regulated and supervised banks. In addition to levies, the PA will charge fees for specific activities. Prior to implementation of Twin Peaks regulatory architecture, insurers and market infrastructures and other regulated entities, with the exception of banks, have been paying levies to the then FSB. The costs (both direct and indirect costs) of running the then BSD was funded by the SARB. Under the FSR Act and the proposed Levies Bill, like other regulated entities, banks will now be required to pay levies to the PA. The regulated entities will pay for the direct costs (such as personnel costs) of running the PA while the SARB will continue funding the indirect costs incurred by the PA through the use of the various support departments of the SARB such as legal, risk management, compliance, internal audit, human resources, security as well as the use of SARB facilities. The proportionate of direct versus indirect costs is estimated to be at a proportion of 60:40 for the 2019/20 financial year and the proportion is likely to remain the same for the 2020/21 financial year. Despite the commencement of the FSR Act and consequently the Twin Peaks regulatory framework on 1 April 2018, the SARB will continue to fund the costs of running the PA for the 2018/2019 financial year, until the Levies Bill is finalised. The levies and fees may be revised annually. A detailed budget of the PA will be released prior to the commencement of the Levies Bill, in line with the provisions of the relevant legislation. The PA will account for the levies collected and its expenditure, on an annual basis and in line with the provisions under the FSR Act. 11. Conclusion and next steps The PA publishes this strategy document not only in compliance with the requirements of the FSR Act, but to set the scene for a collaborative and cooperative approach with stakeholders. In the coming months, the PA intends to publish: – the approach to licencing; – the enforcement approach; – MoUs entered into with other regulators; – guidance on the regulation of significant owners; and – the approach to prudentially regulating and supervising financial institutions that are not banks, insurers or MIs. 9 The determination by the minister is available on the website of the SARB at: http://www.resbank.co.za/ Lists/News%20and%20Publications/Attachments/8504/Determination%20ito%20sec%20291.pdf 10 Staff complement increased by 81%.

26 Regulatory Strategy 2018–2021 These documents will provide greater detail on the PA’s regulatory and supervisory approaches as well as its approach to public consultation and the other requirements imposed on the PA in terms of the FSR Act. Research conducted by the PA will also be published from time to time. The PA’s ultimate goal is to promote and enhance the safety and soundness of financial institutions and MIs in South Africa. 12. How to contact the Prudential Authority Location: South African Reserve Bank 370 Helen Joseph Street (formerly Church Street) Pretoria 0002 Postal Address: P O Box 8432 Pretoria 0001 Telephone: +27 12 313 3911 Website: http://www.resbank.co.za/PrudentialAuthority Email: PA-Info@resbank.co.za

Regulatory Strategy 2018–2021 27 Abbreviations AML anti-money laundering Banks Act Banks Act 94 of 1990 BBBEEA Broad-Based Black Economic Empowerment Act 53 of 2003 BCBS Basel Committee on Banking Supervision CEO Chief Executive Officer CFI co-operative financial institution CFT combating the financing of terrorism Co-operative Banks Act Co-operative Banks Act 40 of 2007 FICA Financial Intelligence Centre Act 38 of 2001 Fintech financial technology FM Act Financial Markets Act 19 of 2012 FSC Financial Sector Code FSCA Financial Sector Conduct Authority FSR Act Financial Sector Regulation Act 9 of 2017 ICPs Insurance Core Principles IFRS International Financial Reporting Standard King IV King IV Report on Corporate Governance for South Africa, 2016 MI market infrastructure MoU memorandum of understanding Mutual Banks Act Mutual Banks Act 124 of 1993 NCA National Credit Act 34 of 2005 NCR National Credit Regulator OTC over the counter PA Prudential Authority SAM Solvency Assessment and Management SARB South African Reserve Bank SFA strategic focus area SIFI systemically important financial institution