FSCA Communication 38 of 2024 (FAIS): Addressing and Preventing Regulatory Examination Fraud

FSCA COMMUNICATION 38 OF 2024 (FAIS) ADDRESSING AND PREVENTING FRAUD RELATED TO FAIS REGULATORY EXAMINATIONS

1. PURPOSE 1.1. This Communication aims to inform financial services providers (FSPs) about the increasing incidents of fraudulent activities related to the FAIS regulatory examinations (RE)1 . It also serves to remind FSPs of their obligation to ensure that their key individuals and representatives comply with the RE requirements by implementing robust due diligence processes, including proper verification of RE certificates.
2. INTRODUCTION 2.1. In 2022, the FSCA issued a warning against misconduct related to the RE after noticing a substantial increase in fraudulent activities. This misconduct includes candidates knowingly buying forged or fake RE certificates, unlawfully altering RE certificates, paying other persons to impersonate them when writing the RE, and bribing or attempting to bribe individuals who seemingly have some form of influence over the examination process to guarantee a successful pass rate. Despite the warning, the number of suspected fraudulent incidents increased. 2.2. The FSCA can identify these activities and the individuals involved. Several investigations into suspected fraudulent activities are currently underway. As previously communicated, the FSCA has zero tolerance for such conduct and is taking regulatory action against those involved, as it reflects negatively on their honesty and integrity. 2.3. However, the responsibility to combat these activities does not rest solely with the FSCA. FSPs, as the primary gatekeepers of the financial services sector concerning key individuals and representatives, play a critical role. As employers and/or principals, FSPs are responsible for conducting thorough background checks, verifying the authenticity of RE certificates, and assessing the honesty and integrity of their key individuals and representatives before they are allowed to operate within the industry. By implementing robust due diligence processes and ongoing monitoring, FSPs can identify and prevent those attempting to deceive the system from entering or remaining in the industry. 1 The regulatory examinations prescribed in terms of Part 4 of Chapter III of Board Notice 194 of 2017.

Page 2 of 7 2.4. Additionally, FSPs have an important role in combating scams targeting their key individuals and representatives by raising awareness and ensuring their staff and/or agents are aware and vigilant of such scams. 3. TYPES OF FRAUD BY CANDIDATES 3.1. Various types of fraudulent activities have been identified in relation to the RE, with the two most common involving candidate misconduct outlined below. Certificate fraud by candidates 3.2. This is the most prevalent type of fraud, where candidates knowingly purchase fake RE certificates or alter existing certificates. These fake or forged certificates are then submitted to FSPs to secure employment or appointment, or to demonstrate compliance with the RE competency requirement where the candidate is already employed or appointed. 3.3. In some cases, candidates create a profile on the approved examination body’s online RE registration system without registering for an exam session. They then contact the examination body for verification of a fake certificate, hoping the mere existence of their profile lends credibility to the forged certificate. REs written on behalf of a candidate 3.4. This type of fraud involves a third party impersonating the candidate to write the RE on the candidate’s behalf, typically in exchange for compensation. The third party either uses fake identification documents (IDs) or relies on an outdated photo on the candidate’s ID to evade detection during the invigilation process at the examination venue. Red Flags 3.5. The following trends, among others, have emerged as red flags, indicating potential fraudulent conduct that necessitates further investigation: • A candidate repeatedly attempts the examination through their employer’s enrollment system/process but suddenly switches to private enrollment and passes the exam. • A candidate consistently writes the RE at a particular venue but then suddenly chooses a different examination center and passes the exam. • A candidate shows a pattern of multiple failures, followed by an unexpected pass with a significantly higher score compared to previous scores. 3.6. It has also been observed that candidates are often referred to these fraudsters by colleagues within the same FSP who have also made use of these illegal services. 3.7. Social media platforms are also increasingly being used to lure candidates into fraudulent activities. Fraudsters create support groups or forums where they target and entice candidates, offering illegal services such as fake certificates or exam impersonation under the guise of assistance or support. These groups are often presented as communities for

Page 3 of 7 those struggling with RE exams, making them particularly appealing to vulnerable candidates. 4. SCAMS TARGETING CANDIDATES 4.1. Scams targeting candidates have also not decreased. Scammers continue to impersonate the legitimate examination body, Moonstone, or offer fraudulent assistance with exam bookings, with the primary intent of stealing the examination fees that candidates believe they are paying to Moonstone. In some cases, candidates are misled into taking fake exams, conducted at venues not operated by Moonstone, and are issued with false certificates. 4.2. These scammers often produce fake invoices featuring Moonstone’s logo to create the illusion of legitimacy. Similar to candidate fraud, social media platforms have become a primary hunting ground for these scammers, who infiltrate RE support groups. These groups, typically joined by candidates seeking advice and encouragement, are exploited by fraudsters to advance their schemes. 4.3. It is candidates’ responsibility to verify the legitimacy of the service they are using, especially given the clear guidelines and official channels provided by the FSCA. Scammers often exhibit clear warning signs, such as unofficial communication channels, examination fees that differ from the fee prescribed by the FSCA, or fake credentials. 4.4. Candidates are strongly advised to deal directly with Moonstone, the only institution currently approved by the FSCA to provide the RE in South Africa. Candidates should avoid using third parties to book regulatory examinations, as this greatly reduces the risk of falling victim to scams. 4.5. It has further been observed that some candidates who knowingly participated in fraudulent conduct, attempt to claim ignorance as a defense, asserting that they were victims of a scam. This defense is often disproved through the FSCA’s investigations. 5. THE ROLE AND RESPONSIBILITIES OF FSPs Duty to ensure compliance with the Fit and Proper Requirements 5.1. In terms of section 13(2) of the Financial Advisory and Intermediary Services Act, No. 37 of 2002 (FAIS Act), FSPs must at all times be satisfied that their representatives and key individuals of such representatives, are, when rendering financial services on behalf of the FSP, competent to act, and comply with the fit and proper requirements (as determined in Board Notice 194 of 2017)2 . A key aspect of this is ensuring that representatives have passed the relevant REs3 . 2 See the Determination of Fit and Proper Requirements for FSPs, 2017, as published by Board Notice 194 of 2017. 3 See section 13(1) of Board Notice 194 of 2017, that places specific requirements on FSPs to establish, maintain and apply adequate policies, internal systems, control and monitoring mechanisms to ensure that their key individuals and representatives comply and continue to comply with the relevant fit and proper requirements, including the RE requirements.

Page 4 of 7 5.2. It is therefore essential for FSPs to confirm that their representatives have passed the required REs, which can only be achieved by verifying the authenticity of the RE certificates. By conducting these verifications, FSPs can be sure that their representatives meet the relevant fit and proper requirements as required in section 13(2) of the FAIS Act. Proper due diligence 5.3. Board Notice 194 of 2017 requires FSPs to adopt, document, and implement an effective governance framework that provides for the fair treatment of clients and the prudent management and oversight of the business of the FSP.4 It outlines specific governance requirements that are, inter alia, based on principles of effective risk management and internal controls to ensure regulatory compliance. 5

5.4. These governance requirements, also taking into account section 13(2) of the FAIS Act, effectively makes the verification of RE certificates necessary for the following reasons: (a) Mitigating the risk of fraud – A core function of a governance framework is to mitigate the risk of fraud. Fraudulent RE certificates are a known risk, and relying on unverified documents from representatives without an independent check creates an opportunity for fraud. Direct verification eliminates this risk. (b) Ensuring compliance with regulatory requirements - FSPs must ensure their representatives meet the RE requirements to avoid regulatory non-compliance. Without direct verification, fraudulent certificates may go undetected, allowing non-compliant individuals to act on behalf of the FSP. Verifying certificates ensures both the FSP and its representatives remain compliant. (c) Ensuring effective governance and risk management – The governance framework requires FSPs to implement processes that effectively identify, assess, and mitigate risks. Proper due diligence, including verifying RE certificates, is a key part of this. Without verification, FSPs cannot identify or fully assess the risk of non-compliance by representatives. 5.5. The direct verification of RE certificates as part of FSPs’ due diligence processes is crucial for mitigating fraud, ensuring regulatory compliance, and maintaining effective governance processes. 4 See Chapter 5 of Board Notice 194 of 2017, in particular section 36(1)(b). 5 See Chapter 5 of Board Notice 194 of 2017, in particular section 37 that requires the governance framework of the FSP to include effective and adequate systems of corporate governance, risk management and internal controls that, inter alia, provides for – (a) effective procedures for risk assessment, which identify the risks relating to the FSP's activities, processes and systems; (b) effective procedures and systems to: (i) ensure compliance by the FSP, its key individuals and representatives with the FAIS Act and other applicable laws, (ii) detect any risk of failure by the FSP to comply with applicable legislation, and to put in place measures and procedures to minimise such risk, and (iii) that provide for corrective actions to be taken in respect of non￾compliance, weak oversight, failure of controls or lack of sufficient management; (c) regular monitoring and evaluation of the adequacy and effectiveness of its systems, processes and internal control mechanisms and measures to address any deficiencies and to determine whether it serves reasonably to, inter alia, ensure risk detection and compliance with applicable legislation.

Page 5 of 7 5.6. Direct verification with either Moonstone (the examination body) or the FSCA is essential to ensure the authenticity of RE certificates by checking directly against the official records, eliminating the risk of accepting forged or altered documents. 5.7. The FSCA has observed that some FSPs do not verify RE certificates against the official records. This results in a flawed due diligence process, as reliance on potentially falsified information increases the risk of appointing or retaining non-compliant representatives. Without direct confirmation from the FSCA or Moonstone, the authenticity of the RE certificate remains uncertain. 5.8. FSPs are also encouraged to keep detailed records of the verification process, including communication with the examination body or the FSCA, and the outcome of the certificate’s authenticity. If a fake or altered certificate is discovered, FSPs should immediately report it to the FSCA and take appropriate action, such as rejecting the candidate or initiating a debarment process if they are already employed. 5.9. FSPs play an important role in eradicating fraudulent RE certificates through direct verification. Verification can be done by submitting a request, including a copy of the candidate’s ID or passport, the certificate(s), and written consent from the candidate permitting the sharing of RE-related information to either the FSCA or Moonstone. See submission details below: (a) FSCA verification: To authenticate RE certificates through the FSCA, the request, and all supporting documents, must be emailed to the FSCA Business Centre at businesscentre@fsca.co.za. The FSCA Business Centre will provide written confirmation regarding the authenticity of the RE certificate. (b) Moonstone verification: For verification through Moonstone, the request, and all supporting documents, must be emailed to faisexam@moonstoneinfo.co.za. Moonstone will provide written confirmation regarding the authenticity of the RE certificate. For any queries related to the RE or verification process, contact Moonstone at 021 883 8000. 5.10. If FSPs engage a verification agency to handle the verification process, the FSP must ensure that the agency conducts direct verification through either the FSCA or Moonstone, as outlined above. 5.11. By following these steps, FSPs can ensure that the RE certificates presented by candidates are valid and that the individuals meet the necessary regulatory requirements. Candidate support and training 5.12. To ensure their representatives meet the competency requirements, FSPs should offer support, guidance, and/or training to help them successfully complete the RE. It is crucial for FSPs to ensure that all training and materials they provide to their representatives are of high quality and up-to-date, as outdated materials may potentially negatively impact the

Page 6 of 7 success rate of candidates. 5.13. FSPs must also verify the effectiveness of the training offered by any of their elected training providers. This involves monitoring representatives’ pass rates to evaluate the quality of the training. Training programs should comprehensively cover all the tasks and criteria for the RE and ensure a thorough understanding of the FAIS Act. 5.14. It is important to note that attending a 1–3 day training course alone is insufficient to ensure successful completion of the RE. Multiple RE failures are often not due to the examination's perceived level of difficulty, but rather a reliance by the candidate on the training course without a thorough study of the FAIS legislation. Effective preparation requires dedicated study beyond the training course. Creating awareness 5.15. FSPs can help raise awareness of fraudulent RE practices by regularly informing and educating their representatives on some of the following key aspects to safeguard against falling victim to or participating in RE related fraud: (a) Representatives should always deal directly with Moonstone for RE bookings and avoid using third party services. Moonstone will never contact candidates to offer booking services or guarantee exam success. (b) Representatives should immediately verify with the FSCA the legitimacy of any person or entity requesting an examination fee that differs from the fee prescribed by law. Only Moonstone is authorised to accept payment of the RE fee and will never request a fee outside of the legal requirement. (c) Representatives are encouraged to report to the FSCA any suspected fraudulent or undesirable conduct relating to the RE. Such reports can be made to the FSCA Fraud Hotline: https://www.fsca.co.za/Pages/Contact-Us.aspx (d) Representatives should be fully aware of the serious consequences of engaging in fraudulent RE activities, including potential debarment, other regulatory actions and criminal sanctions. Compliance with section 14 of the FAIS Act 5.16. The FSCA has observed that when FSPs discover that a representative has submitted a fake or forged certificate and, as a result, does not meet the fit and proper requirements, the representative is often removed from the representative register and their appointment is terminated. However, in many cases, the FSP fails to debar the representative as required under section 14(1) of the FAIS Act. 5.17. This oversight allows the same individual to seek employment at another FSP, where the fraudulent behavior may be repeated. 5.18. The FSCA reminds FSPs of the legal obligations outlined in section 14 of the FAIS Act. Failure to comply with these requirements may result in the FSP being in breach of the FAIS

Page 7 of 7 Act. KATHERINE GIBSON DEPUTY COMMISSIONER FINANCIAL SECTOR CONDUCT AUTHORITY Date of publication: 2 October 2024