FSCA Communication 12 of 2025 Update on the Cross-Sectoral Conduct of Business Return Rollout

Page 1 of 6 FSCA COMMUNICATION 12 OF 2025 (GENERAL) Update on the roll-out and implementation of the cross-sectoral Conduct of Business Return (OMNI-CBR) for financial institutions

1. PURPOSE 1.1. The purpose of this Communication is to: • provide an update on the roll-out and implementation of the OMNI-CBR for financial institutions as previously communicated by the Financial Sector Conduct Authority (FSCA); • share details on key strategic developments within the FSCA and their impact on the roll-out and implementation of the OMNI-CBR; and • clarify the FSCA’s expectations regarding any steps to be taken by financial institutions to ensure readiness for future conduct-related reporting.
2. BACKGROUND 2.1. On 22 December 2021, the FSCA published FSCA Communication 22 of 2021 (GENERAL)1 which provided an initial update on the development of the OMNI-CBR and signalled the FSCA’s intention to undertake a robust consultation process on the content and implementation thereof commencing in 2022. 2.2. On 8 June 2022, the FSCA published FSCA Communication 16 of 2022 (GENERAL)2 , which included a detailed Roadmap for the roll-out and implementation of the OMNI-CBR as well as the first draft of the OMNI-CBR template for stakeholder comment. 2.3. On 4 December 2023, the FSCA published FSCA Communication 33 of 2023 (GENERAL)3 (Communication 33), which provided a summary of stakeholder engagements as well as a consolidation of industry comments received in response to the first version of the OMNI-CBR. 1 Click here to access FSCA Communication 22 of 2021 (GENERAL). 2 Click here to access FSCA Communication 16 of 2022 (GENERAL). 3 Click here to access FSCA Communication 33 of 2023 (GENERAL).

Page 2 of 6 2.4. Many commentators raised concerns about the structure, format and complexity of the proposed reporting template, as well as the volume of data being requested. In response, the FSCA acknowledged the need to undertake further work to streamline and simplify the reporting template. 2.5. To this end, Communication 33 signalled that the FSCA planned to publish a revised version of the OMNI-CBR as well as an industry survey to assess the potential operational and systems impacts of the revised template by 1 July 2024. Additionally, it was anticipated that an industry pilot would be launched in the second half of 2024 subsequent to, and based on, the outcomes of the survey. 2.6. The FSCA also confirmed that the aforementioned timelines would be subject to possible revision depending on other internal developments during 2024, and that a further update would be provided by 1 July 2024. Due to several highly fluid and fast moving strategic and operational developments within the FSCA in the past year, such an update was not practically possible until the present. 2.7. This Communication is intended to provide further information regarding the developments alluded to above as well as to highlight the impact of these developments on the future roll-out and implementation of the OMNI-CBR. 2.8. The FSCA has noted a certain level of apprehension by some market participants regarding the prolonged absence of feedback regarding the status of the OMNI-CBR, particularly those financial institutions that have proactively commenced work to ensure readiness for its future implementation. This Communication further aims to clarify the FSCA’s expectations regarding the progressing of any internal OMNI-CBR related initiatives by financial institutions at this stage. 3. KEY FSCA DEVELOPMENTS THAT HAVE IMPACTED THE ROLL-OUT AND IMPLEMENTATION OF THE OMNI-CBR 3.1. During the past 18 months, the FSCA has accelerated several strategic re-prioritisation and organisational transformation efforts. These efforts have been geared towards refining the FSCA’s focus and significantly improving its operational efficiency and effectiveness, thereby reinforcing its commitment to building a more modern, agile and responsive regulator. 3.2. As the second cycle of the FSCA’s Regulatory Strategy period (2021 – 2025) headed towards its conclusion in March 2025, the organisation embarked on a strategic review

Page 3 of 6 and re-prioritisation exercise to ensure that the next iteration of its Regulatory Strategy would continue to be relevant, precise and future-focused. 3.3. On 6 May 2025, the FSCA published its new Regulatory Strategy for the period 1 April 2025 – 31 March 20284 . The document outlines, among other things, that a major focus of the FSCA for the next three years will be preparing for the implementation of the Conduct of Financial Institutions (COFI) Bill. This involves refining its licensing, supervisory and enforcement approaches to remain adaptive to market changes and ensure more consistent and predictable delivery of desired outcomes for financial customers across the financial sector. 3.4. Critical to this is the need to modernise the FSCA’s regulatory capabilities, ie streamlining licensing processes, enhancing risk-based supervision and enabling more efficient and effective data collection and analysis to ensure quicker and more targeted responses to emerging risks and trends. 3.5. As such, the FSCA has adopted a multi-year organisation wide Digital Transformation Strategy, which includes major investments in new and enhanced technology. The most notable has been the procurement of a supervisory technology (SupTech) platform, namely the Integrated Regulatory Solution (IRS), which will significantly improve how the FSCA engages with financial institutions in the future5 . 3.6. Once implemented, the IRS is envisaged to deliver end-to-end SupTech services covering the full supervisory lifecycle from licensing through to ongoing supervision and enforcement. 3.7. The IRS is designed to enhance visibility and reduce fragmentation across the FSCA’s core functions by providing: • a single integrated system with one consolidated profile per supervised entity; • standardised processes for regulatory data collection and risk assessment across FSCA functions; • a single automated risk model that integrates key data points from various data sources (including regulatory returns) and uses defined risk indicators to create and update risk profiles of supervised entities enabling a more integrated and comparative risk-based approach to supervision; 4 Click here to access the FSCA Regulatory Strategy (2025-2028). 5 Click here to access video of Day 1 of the FSCA’s Annual Industry Conference held on 19-20 March 2025, where further details were provided regarding the FSCA’s Digital Transformation Strategy and implementation of the IRS.

Page 4 of 6 • a central data repository allowing all supervisory information to be stored and accessed in one place and ensuring quality and consistency of data used for supervisory purposes; and • a 360-degree view of each supervised entity available in real time to all relevant teams across the FSCA to ensure consistent decision-making based on the latest available data. 3.8. The conceptualisation and development of the OMNI-CBR pre-dated the roll-out of the FSCA’s Digital Transformation Strategy and the procurement of the IRS. To a certain extent, previous iterations of the OMNI-CBR attempted to achieve similar objectives to the IRS, but were designed for a largely manual, less modernised supervisory environment. This resulted in various complexities in the format, structure and density of the OMNI￾CBR, as reflected in the industry comments highlighted in Communication 33. 3.9. Implementing the IRS has provided the FSCA with an invaluable opportunity to re-think the supervisory data collection model initially contemplated under the OMNI-CBR and instead explore a more streamlined, intuitive and incremental approach leveraging the new technological capabilities being introduced through the SupTech platform. 3.10. Consequently, the OMNI-CBR will no longer be rolled out in the format and manner previously communicated by the FSCA. The previous version of the OMNI-CBR was a combination of harmonised conduct data requirements applicable to all financial institutions (the “ALL SHEETS” component) as well as more granular sector specific requirements applicable only to certain financial institutions depending on industry, activity or product type. 3.11. The above approach has been revised in an attempt to significantly reduce the amount of data requested from financial institutions, and to minimise regulatory burden by introducing different components of the OMNI-CBR (with some revisions) over time in a phased and agile manner. 3.12. The first component of the revised approach will be the introduction of an OMNI-Risk Return to support the automated Risk Model (or risk engine) that forms the core of the IRS. 3.13. The Risk Model is a standardised, system-driven mechanism for calculating risk scores uniformly across all entities supervised by the FSCA. It uses the following elements to generate a risk score for each financial institution:

Page 5 of 6 • data collected through a risk return (the OMNI-Risk Return) and certain profile data of supervised entities; • clearly defined risk indicators and measurements informed by the data received via the risk return and entity profile data; and • structured control assessment questions completed by the relevant FSCA supervisory teams as part of their ongoing supervisory activities. 3.14. The automated Risk Model, and supporting OMNI-Risk Return, described above will help ensure: • less duplication and greater clarity regarding specific risk data requested of financial institutions; • more consistent and comparable risk ratings across financial institutions; • better insights on higher risk areas to help inform the intensity of certain supervisory activities and direct FSCA resources accordingly; and • improved collaboration and coordination across different FSCA teams dealing with the same supervised entity. 3.15. The second component of the revised approach will be to reconsider what additional sector specific data is required from different financial institutions at a more granular level for other ongoing supervisory and regulatory purposes beyond the OMNI-Risk Return and other existing reporting, as well as the frequency and means of collecting such data. 3.16. The FSCA is currently finalising the first component of the revised approach, ie the refinement of the OMNI-Risk Return and its integration onto the IRS. This is being prioritised for further industry engagement in the upcoming months, as outlined in the next section. 3.17. Work on the second component of the revised approach, ie the identification of additional sector specific data requirements beyond the OMNI-Risk Return, has commenced but is envisaged to be rolled out in the longer term. 4. WHAT HAPPENS NEXT? 4.1. The implementation of the IRS and the introduction of the new FSCA Risk Model will significantly re-shape the manner in which the FSCA interacts with supervised entities going forward. 4.2. As such, a critical precursor to the full deployment of the IRS will be the roll-out of comprehensive and targeted industry engagement and change management activities to

Page 6 of 6 ensure the collective readiness of both the FSCA and market participants for future interactions through this platform. 4.3. The FSCA is currently working on a detailed communication and engagement plan, which will provide further information on the operationalisation of the IRS, planned industry readiness and awareness initiatives, further consultations on the revised OMNI-Risk Return and a clearer timeline for overall implementation. 4.4. Details around a planned industry pilot for testing of the IRS will also be provided in the third quarter of 2025. It is envisaged that financial institutions will then have a year to get ready prior to the anticipated go-live date of the new platform. 5. WHAT DOES THIS MEAN FOR FINANCIAL INSTITUTIONS RIGHT NOW? 5.1. The FSCA confirms that financial institutions are not expected to initiate or progress any internal OMNI-CBR related initiatives or system development and implementation efforts until further communication is issued on the roll-out of the IRS and OMNI-Risk Return as described above. 5.2. Insurers that have steadily been submitting quarterly insurance conduct of business returns over the past few years must continue to do so using the data upload facility on the FSCA’s website until further guidance is provided in this regard. 6. ENQUIRIES 6.1. For more information about this Communication please send an email to FSCA_OMNI_CBR_Comments@fsca.co.za and copy Ms Marrelie Victor at Marrelie.Victor@fsca.co.za. FARZANA BADAT DEPUTY COMMISSIONER FINANCIAL SECTOR CONDUCT AUTHORITY Date of publication: 11 June 2025