Director, Natalie Scott contributes on The Banking Regulation Review – Edition 9. This ninth edition of The Banking Regulation Review contains chapters provided by authors in 35 countries and territories in March and April 2018, as well as the usual chapters on International Initiatives and an overview of the European Union. Below is the South African overview:

I INTRODUCTION

South Africa has an advanced banking system, backed by a sound legal and regulatory framework that aims to secure systemic stability in the economy, to ensure institutional safety and soundness, and to promote consumer protection.

Notwithstanding the turmoil experienced in international financial markets, the South African banking sector has remained sound and adequately capitalised, and new legislation is being promulgated to ensure the continuing stability of the financial sector. The South African Reserve Bank (SARB), which is the central bank in South Africa, is closely involved in international forums, particularly the G20. In addition, the SARB has maintained a greater focus on financial stability²in general.

The five largest banks in South Africa by total assets are Absa Bank Limited, FirstRand Bank Limited, Investec Bank Limited, Nedbank Limited and The Standard Bank of South Africa Limited.

II THE REGULATORY REGIME APPLICABLE TO BANKS

The following primary statutes and regulations govern the banking industry:

1. the Banks Act 94 of 1990 (the Banks Act) and regulations published in terms thereof, providing for the regulation and supervision of the taking of deposits from the public;
2. the South African Reserve Bank Act 90 of 1989, specifically regulating the central bank of South Africa (SARB) and the monetary system;
3. the Financial Sector Regulation Act 9 of 2017 (FSRA), the key objectives being to lay the foundation architecture of the Twin Peaks model of financial regulation and conferring on the SARB an explicit statutory mandate to enhance and protect financial stability in South Africa;
4. the National Payment Systems Act 78 of 1998 (the NPS Act), providing for the management, administration, operation, regulation and supervision of payment, clearing and settlement systems in South Africa;
5. the Inspection of Financial Institutions Act 80 of 1998, providing for the inspection of the affairs of financial institutions (such as banks) and of unregistered entities conducting the business of financial institutions;
6. the Currency and Exchanges Act 9 of 1933 (the Currency Act), regulating legal tender, currency, exchanges and banking. Exchange Control Regulations issued in terms of the Currency Act impose controls that regulate the expatriation of capital from South Africa;
7. the Financial Intelligence Centre Act 38 of 2001 (FICA), establishing a Financial Intelligence Centre and a Money Laundering Advisory Council to combat money-laundering activities and the financing of terrorist and related activities, and imposing certain duties on institutions and other persons who might be used for such;
8. the Financial Advisory and Intermediary Services Act 37 of 2002 (FAIS), regulating the rendering of certain financial advisory and intermediary services to clients;
9. the Mutual Banks Act 124 of 1993 (the Mutual Banks Act), providing for the regulation and supervision of the activities of mutual banks;
10. the Co-operative Banks Act 40 of 2007, providing for the regulation and supervision of cooperative banks. The legislation acknowledges member-based financial services cooperatives as a separate tier of the official banking sector;
11. the National Credit Act 34 of 2005 (NCA) regulating consumer credit and improved standards of consumer information. It also prohibits certain unfair credit and credit-marketing practices and reckless credit granting; providing for debt reorganisation in cases of over-indebtedness; regulating credit information; and providing for registration of credit bureaus, credit providers and debt-counselling services;
12. the Consumer Protection Act 68 of 2008 (CPA), protecting certain fundamental consumer rights, and applying to the provision of banking services to consumers, unless exempted, except to the extent that any such service constitutes advice or intermediary services regulated by FAIS, or is regulated in terms of the Long-term Insurance Act of 1988 or the Short-term Insurance Act of 1988;
13. the Financial Markets Act 19 of 2012, providing for, inter alia, the regulation of financial markets, the custody and administration of securities, and prohibiting insider trading;
14. the Financial Institutions (Protection of Funds) Act 28 of 2001, providing for and consolidating the laws relating to, the investment, safe custody and administration of funds and trust property by financial institutions; and
15. the Protection of Personal Information Act 4 of 2013 (POPI), which will, once fully effective, regulate the minimum threshold requirements for the lawful processing of personal information, and which will be in harmony with international standards.

The following regulatory authorities are responsible for overseeing banks:

1. the SARB, as the central bank and, more particularly, the Registrar of Banks (the Registrar), who is an officer of the SARB, are primarily responsible for overseeing banks.³ The SARB, in terms of the NPS Act, also recognises the Payment Association of South Africa as a payment system management body with the object of organising, managing and regulating the participation of its members (i.e., banks) in the payment system;⁴
2. the Financial Intelligence Centre, which monitors and provides banks with guidance as accountable institutions regarding the performance of their duties and their compliance with FICA;
3. the Financial Services Board (FSB), established in terms of the Financial Services Board Act of 1990, which provides for the establishment of a board to supervise compliance with laws regulating financial institutions and the provision of financial services;
4. the National Credit Regulator, established in terms of the NCA, whose responsibilities include the registration of credit providers, and monitoring the consumer credit market and industry to ensure prohibited conduct is prevented, or detected and prosecuted;
5. the National Consumer Commission, established in terms of the CPA, whose responsibilities include enforcement of the CPA; and
6. the Information Regulator, which is to be established once POPI becomes effective. Its responsibilities will include monitoring and enforcing compliance with the provisions of the POPI.

III PRUDENTIAL REGULATION

i Relationship with the prudential regulator

The SARB, as the central bank of South Africa, is responsible for bank regulation and supervision in South Africa. It also has responsibility for promoting the soundness of the domestic banking system through the effective and efficient application of international regulatory and supervisory standards and for minimising systemic risk. The SARB issues banking licences to banking institutions, and monitors their activities in terms of either the Banks Act or the Mutual Banks Act.

Banks are subject to inspection by the regulatory authorities listed in Section II. Official inspections may take various forms. Banks are requested and required by various statutes to submit, at regular intervals, specific financial and other reports, which are then analysed by the regulatory authorities with a view to identifying undesirable developments, such as potential default trends.

In addition, banks are subjected to on-site inspections, in which case the authorities undertake a type of external audit of the bank, but with specific reference to the prudential and conduct-of-business requirements. Regulatory bodies may also conduct inspections when complaints are received by the public. Informally, supervisors may also engage in presentations to and meetings with any bank’s board of directors (board).

ii Management of banks

The board of a bank is ultimately responsible for ensuring that an adequate and effective process of corporate governance, which is consistent with the nature, complexity and risk inherent in the bank’s on-balance sheet and off-balance sheet activities, and which responds to changes in the bank’s environment and conditions, is established and maintained.⁵

The process of corporate governance includes the maintenance of effective risk and capital management by a bank.⁶ The overall effectiveness of the processes relating to, inter alia, corporate governance, internal controls, risk management, capital management and capital adequacy must be continually monitored by the bank’s board.⁷

The board of a bank, or a committee appointed by the board for the purpose, must at least once a year assess and document whether the processes relating to corporate governance, internal controls, risk management, capital management and capital adequacy implemented by the bank successfully achieve the objectives specified by the board; and at the request of the Registrar, provide the Registrar with a copy of the report compiled by the board or committee in respect of the adequacy of the processes relating to corporate governance, risk management, capital management and capital adequacy.⁸

In addition, the external auditors of a bank must annually review the process followed by the board in assessing the corporate governance arrangements, including the management of risk and capital, and the assessment of capital adequacy, and report to the Registrar whether any matters have come to their attention to suggest that they do not concur with the findings reported by the board, provided that when the auditors do not concur with the findings of the board, they provide reasons for their non-concurrence.⁹

Every director of a bank or controlling company is required to acquire a basic knowledge and understanding of the conduct of the business of that bank, and of the laws and customs that govern the activities of such an institution. Although not every member of the board of a bank or controlling company is required to be fully conversant with all aspects of the conduct of the business of a bank, the competence of every director of a bank must be commensurate with the nature and scale of the business conducted by that bank and, in the case of a director of a controlling company, as a minimum, must be commensurate with the nature and scale of the business conducted by the banks in the group.¹⁰

In view of the fact that the primary source of funds administered and utilised by a bank in the conduct of its business are deposits loaned to it by the general public, it is further the duty of every director and executive officer of a bank to ensure that risks that are of necessity taken by such a bank in the conduct of its business are prudently managed.¹¹

The board must establish, inter alia, a remuneration committee consisting only of non-executive directors of the bank or controlling company.¹² The functions of the remuneration committee include working closely with the bank or controlling company’s risk and capital management committee in the evaluation of the incentives created by the compensation system, and ensuring that performance measures are based principally on the achievement of the board-approved objectives of the bank or controlling company and its relevant functions.

iii Regulatory capital and liquidity

A bank must manage its affairs in such a way that the sum of its Common Equity Tier 1 capital, Additional Tier 1 capital and Tier 2 capital and its Common Equity Tier 1 unimpaired reserve funds, Additional Tier 1 unimpaired reserve funds and Tier 2 unimpaired reserve funds in South Africa does not at any time amount to less than the greater of 250 million rand, or an amount that represents a prescribed percentage of the sum of amounts relating to the different categories of assets and other risk exposures of the bank, calculated as prescribed in the regulations relating to banks, where the business of the bank includes trading in financial instruments.

A bank must furthermore hold in South Africa liquid assets amounting to not less than the sum of amounts, calculated as prescribed percentages not exceeding 20 per cent, of such different categories of its liabilities as may be prescribed in the regulations relating to banks. A bank may not pledge or encumber any portion of these liquid assets.

The Registrar is empowered to exempt the bank from this prohibition on such conditions, to such an extent and for such a period as he or she may determine.

A controlling company must further manage its affairs in such a way that the total of its Common Equity Tier 1 capital, Additional Tier 1 capital and Tier 2 capital, and its Common Equity Tier 1 unimpaired reserve funds, Additional Tier 1 unimpaired reserve funds and Tier 2 unimpaired reserve funds, does not at any time amount to less than an amount that represents a prescribed percentage of the sum of the amounts relating to the different categories of assets and other risk exposures, and calculated in such a manner as prescribed.

In addition, the capital and reserve funds of any regulated entity included in the banking group and structured under the controlling company must not at any time amount to less than the required amount of capital and reserve funds determined in respect of the relevant regulated entity, in accordance with the relevant regulator responsible for the supervision of the relevant regulated entity.¹³

iv Recovery and resolution

The SARB has issued a directive that specifies the minimum requirements for the recovery plans of banks, controlling companies and branches of foreign institutions. The level of detail and range of recovery options must be commensurate with the risk profile of the relevant bank or institution. These requirements are in line with the international standard for resolution planning set by the Financial Stability Board in its ‘Key attributes of effective resolution regimes for financial institutions’ released on 4 November 2011.

The directive sets out the following governance requirements:

1. the development, maintenance, approval and annual review of the recovery plan should be subject to an appropriate governance process with clearly assigned roles and responsibilities for operational staff, senior management and the board (or committee of similar standing in the case of a locally registered branch of a foreign bank);
2. the board should express its view on the recoverability of the bank from severe financial stress based on the options identified in the recovery plan; and
3. an overview of any material changes or updates made since the previous version of the bank’s recovery plan needs to be included in the recovery plan.

If the Registrar is of the opinion that a bank will be unable to repay deposits made with it or will probably be unable to meet any other obligations, the Minister of Finance may appoint a curator to the bank, if he or she deems it desirable in the public interest, by notifying the chief executive officer or chair of the board of that bank in writing.¹⁴

If such an appointment is made, the management of the bank vests in the curator, subject to supervision by the Registrar, and those who until then were vested with its management are divested of it. The curator must recover and take possession of all the assets of the bank.¹⁵The appointment of a curator does not amount to the bank being wound up or liquidated.

Subject to the supervision of the Registrar, the curator must conduct the management of the bank in such a manner as the Registrar may deem to best promote the interests of the creditors of the bank concerned and of the banking sector as a whole, and the rights of employees in accordance with the relevant labour legislation.¹⁶

The curator may dispose of all or part of the business of a bank to enable an effective resolution of a bank under curatorship.¹⁷ If, at any time, the curator is of the opinion that there is no reasonable prospect that the continuation of the curatorship will enable the bank to pay its debts or meet its obligations and become a going concern, the curator must inform the Registrar in writing forthwith.¹⁸

The curator is empowered to cancel any guarantee issued by a bank prior to its being placed under curatorship, excluding a guarantee that the bank is required to make good within a period of 30 days of the date of the appointment of the curator. A claim for damages in respect of any loss sustained by or damage caused to any person as a result of the cancellation of a guarantee may be instituted against the bank after the expiry of a period of one year from the date of the cancellation.¹⁹

A curator is further empowered to raise funding on behalf of the bank from the SARB, or any entity controlled by the SARB, and, notwithstanding any contractual obligations of the bank, but without prejudice to real security rights, to provide security over the assets of the bank in respect of that funding. Any claim for damages in respect of any loss sustained by or damage caused to any person as a result of such security may be instituted against the bank after the expiry of a period of one year from the date of the provision of security.²⁰ A curator may also propose and enter into an arrangement or compromise between the bank and all its creditors, or all the members of any class of creditors, in terms of Section 155 of the Companies Act 71 of 2008 (Companies Act).²¹

Notwithstanding the foregoing, the Registrar has the right to apply to a court for the winding up of any bank under the Companies Act; the Registrar also has the right to oppose any such application made by any other party.²² Only a person recommended by the Registrar may be appointed as provisional liquidator or liquidator of a bank.

IV CONDUCT OF BUSINESS

Under Section 78 of the Banks Act, a bank is not permitted to:

1. hold shares in any company of which the bank is a subsidiary;
2. lend money to any person against security of its own shares or of shares of its controlling company;
3. grant unsecured loans or loans against security that, in the opinion of the Registrar, is inadequate for the purpose of furthering the sale of its own shares;
4. show bad debts, losses or certain costs as assets in its financial statements or returns;
5. pay out dividends on its shares, or open any branch or agency, before provision has been made out of profits for any such bad debts, losses and certain costs;
6. act as agent for the purpose of a money-lending transaction between a lender and a borrower, except in terms of a written contract of agency that confirms that the bank acts as the agent of the lender, that the lender assumes all risks and related responsibilities, and that payment is not guaranteed by the bank;
7. record in its accounting records any asset at a value increased by the amount of a loss incurred upon the realisation of another;
8. conclude a repurchase agreement in respect of a fictitious asset or an asset created by means of a simulated transaction;
9. purport to have concluded a repurchase agreement without the agreement being substantiated by a written document signed by the other party, and the details of the agreement being recorded in the accounts of the bank as well as in the accounts that may be kept by the bank in the name of the other party; and
10. pay out dividends from its share capital without the prior written approval of the Registrar.

A bank must hold all its assets in its own name, excluding any asset:

1. a that is bona fide hypothecated to secure an actual or potential liability;
2. b in respect of which the Registrar has approved in writing that the asset may be held in the name of another person; or
3. c falling within a category of assets designated by the Registrar as an asset that may be held in the name of another person.

A bank owes a duty of confidentiality and secrecy to its customers.²³ Banking secrecy is founded on legislation, contract and the protection of privacy.²⁴ The contractual foundation of banking secrecy is regarded as an express or implied term of a contract between a bank and its customer. However, contractual obligations are not the only foundation of bank secrecy, because a bank may also not reveal information concerning a prospective or a past customer. Banks are, in fact obliged to keep all confidential information secret, whether it relates to a customer or anyone else.²⁵ According to Malan, ‘[a] bank is obliged to keep all information concerning a customer confidential including the fact, it is submitted, that he is or was a customer’.²⁶

This duty is not absolute, as certain circumstances may justify a bank disclosing confidential information. The following grounds of justification were identified in Tournier v. National Provincial & Union Bank of England:²⁷

1. where disclosure is under compulsion by law;²⁸
2. where there is a duty to the public to disclose;
3. where the interests of the bank require disclosure; and
4. where the disclosure is made by the express or implied consent of the customer.

The Code of Banking Practice (Code) issued by the Banking Association of South Africa (BASA) also recognises the duty to respect privacy and confidentiality. Although it is voluntary, all member banks of BASA abide by the Code. The Code applies to the relationships between personal and small business customers and their banks. The Code confirms that banks will treat all the personal information of a customer as private and confidential, and that, as a general rule, banks will not disclose any personal information about a customer or his, her or its accounts, including to other companies in any bank’s group, even when that person is no longer a customer.

V FUNDING

Banks are required to maintain a minimum reserve balance in accounts with the SARB.²⁹ The credit balance in those accounts must comply with certain prescribed percentages.

The Basel III liquidity framework requires banks to adhere to a new liquidity coverage ratio (LCR). The LCR was introduced in South Africa as a minimum liquidity requirement from 1 January 2015. The SARB has approved the provision of a committed liquidity facility (CLF) to commercial banks to assist them in meeting their LCR. The CLF essentially enables banks to unlock liquidity from otherwise illiquid, but nevertheless high-quality, assets. A number of directives have been issued by the SARB setting out requirements for compliance with the LCR, including national discretion as allowed for in the LCR framework and how compliance with the LCR should be measured.

In December 2017, the SARB issued Banks Act Directive 8/2017, wherein banks were directed to, inter alia, (1) comply with the revised net stable funding ratio (NSFR) framework and the related requirements, as published by the Basel Committee on Banking Supervision (BCBS) and as further stipulated in the directive, from 1 January 2018, and (2) furnish the Registrar with the information related to the NSFR as prescribed by the monitoring template and within the time period stipulated in the directive.

VI CONTROL OF BANKS AND TRANSFERS OF BANKING BUSINESS

i Control regime

No entity other than a bank or institution that has been approved by the Registrar and that conducts business similar to the business of a bank in a country other than South Africa may exercise control over a bank, unless the entity is a public company and is registered as a controlling company in respect of such bank.³⁰ A person is deemed to exercise control over a bank if the bank is a subsidiary of the controlling company, or if that person, alone or together with his or her associates:

1. holds shares in the bank of which the total nominal value represents more than 50 per cent of the nominal value of all the issued shares of the bank, unless he or she, or together with his or her associates, is unable to influence decisively the outcome of the voting at a general meeting due to limitations on the voting rights attached to the shares;
2. is entitled to exercise more than 50 per cent of the voting rights in respect of the issued shares of the bank; or
3. is entitled or has the power to determine the appointment of the majority of the directors of that bank.³¹

An application for registration as a controlling company must be made to the Registrar on the prescribed form. The Registrar may grant or refuse the application, or make the granting thereof conditional. The Registrar shall not grant an application for registration as a controlling company unless he or she is satisfied that:

1. the registration of the applicant as a controlling company will not be contrary to the public interest;
2. in the case of an applicant intending to control any bank, the applicant will be able to establish control;
3. no provision of the memorandum of incorporation of the applicant and no interest that any person has in the applicant is inconsistent with the Banks Act;
4. every director or executive officer of the applicant is a fit and proper person, and has sufficient knowledge and experience; and
5. the applicant is in a financially sound condition.

Restrictions are also in place for shareholding in banks. In general, a shareholder may not acquire or hold more than 15 per cent of the shares of a bank or controlling company without the permission of the Minister of Finance (Minister) or the Registrar. In considering the requisite permission, the Registrar or Minister may consult the Competition Commission, established and constituted in accordance with the provisions of the Competition Act 89 of 1998. The Registrar or the Minister must be satisfied that the proposed acquisition of shares will not be contrary to the public interest, the interests of the bank, its depositors or the controlling company.

A bank further requires the prior written approval of the Registrar to:

1. establish or acquire a subsidiary within or outside South Africa;
2. invest in a joint venture within or outside South Africa if the investment exceeds certain thresholds;
3. establish, open or acquire a branch office or representative office outside South Africa;
4. create, establish or acquire a trust outside South Africa of which the bank is a major beneficiary, or any financial or business undertaking outside South Africa under the bank’s direct or indirect control;
5. acquire an interest in any undertaking with a registered office or principal place of business outside South Africa; or
6. create a division within or outside South Africa where another person conducts his or her business through that division.

Banks are also required to furnish the Registrar with particulars relating to its shareholding or other interest in its subsidiaries. Furthermore, no reconstruction of companies within a group of which a bank or a controlling company or subsidiary of a bank is a member may be effected without the prior written approval of the Registrar.

ii Transfers of banking business

The Minister must consent in writing, and convey through the Registrar, to any arrangement for the transfer of more than 25 per cent of the assets, liabilities, or assets and liabilities, of a bank to another person. The 25 per cent rate is calculated by aggregating the amount of the transferred assets, liabilities, or assets and liabilities, with any previous transfer of assets, liabilities, or assets and liabilities, within the same financial year of the bank concerned.³²

In the event that only assets are transferred, and the amount of the transferred assets, with any previous transfer of assets within the same financial year, aggregates to an amount that is less than 10 per cent of the total on-balance-sheet assets of the transferring bank, no consent is required.

These provisions do not apply to the transfer of assets effected in accordance with a duly approved securitisation scheme.

VII THE YEAR IN REVIEW

Currently, the principal regulatory challenges for the banking industry are continuing compliance with Basel III and a shift towards the twin peaks model of financial regulation.

Full compliance with the Basel III framework is required from 1 January 2019. Certain transitional arrangements have been made to afford the banks sufficient time to accommodate the cost implications and meet the higher standards set by Basel III.

In 2 May 2017, the FIC Amendment Act (Amendment Act) was gazetted and, on 13 June 2017, the Minister of Finance signed and gazetted the operationalisation of the various provisions of the Amendment Act. The provisions of the Amendment Act place the risk-based approach adopted by the regulators at the centre of South Africa’s regulatory regime for money laundering and combating the financing of terrorism. The Amendment Act also demonstrates South Africa’s commitment to the international standards of the Financial Action Task Force.

In August 2017, the Financial Sector Regulation Bill (FSR Bill) was passed by the National Council of Provinces and signed into law.³³ The FSRA establishes a twin peaks model of financial sector regulation for South Africa. In terms thereof, two regulators must be established: a Prudential Authority (PA) that will operate within the administration of the SARB, and a new Financial Sector Conduct Authority (FSCA), which will replace the FSB.

The FSRA also sets out the functions of the SARB in relation to financial stability and managing systemic risks and systemic events. The PA will supervise the safety and soundness of banks, insurance companies and other financial institutions, while the FSCA will supervise how financial services and products firms conduct their business, distribute financial products and treat customers. The entry of the FSRA into law in South Africa will herald a number of changes to existing financial sector laws by way of amendment or repeal and will further require the introduction of new legislation and operational changes to assist with the implementation of its stated objectives.

The twin peaks system of regulation will (when fully phased in) focus on a more harmonised system of licensing, supervision, enforcement, customer complaints ombudsmen, appeal mechanism (tribunal), and consumer advice and education.

VIII OUTLOOK AND CONCLUSIONS

In its Financial Stability Review published in September 2017, the SARB confirmed that the outcome of a common scenario stress test of the local banking sector to evaluate its resilience to a set of plausible adverse scenarios was that the banks could withstand material credit losses under the stress scenarios even without taking into consideration mitigating action by bank management, such as the countercyclical capital buffer for banks as per the Basel III regulatory framework.

In terms of the Basel III regulatory framework, the SARB is able to deploy a countercyclical capital buffer from January 2016 if needed. The SARB nevertheless asserts that, based on its assessments, it does not currently consider the activation of such a buffer to be warranted.

The SARB and National Treasury are developing a legislative framework that will facilitate the resolution of failing financial institutions in an orderly and transparent manner, and where the use of government funding to ‘rescue’ such institutions is minimised. A critical feature of the resolution framework is to establish an explicit deposit insurance scheme to ‘ensure that depositors who are most exposed to an asymmetry of information and thus least likely to hedge or mitigate against financial loss in the event of a bank failure, are protected against losses and hardship that may stem from a bank failure’.³⁴ This resolution framework is an important part of the SARB’s mandate under the FSRA.

On 27 June 2017, the FSB published a report (Report) on the potential financial stability implications arising from the continuing and rapid expansion of technology-enabled innovation in financial services (fintech). The Report identified 10 areas that warranted attention, but prioritised (1) managing operational risks from third-party service providers, (2) mitigating cyber risks, and (3) monitoring macro-financial risks.³⁵ The SARB has made three proposals to strengthen the regulatory approaches to fintech, namely (1) focusing analysis on activities involving financial services as opposed to firms and technologies, (2) continuing collaboration between domestic and international regulators, and (3) investigating and determining on the most appropriate structures (e.g., sandboxes) to keep abreast of fintech developments and to permit the demonstration of the technology and experimentation with user cases.

According to Guidance Note G2/2018 issued by the SARB on 5 March 2018, meetings to be held by the SARB during 2018 with the boards of directors of banks and controlling companies will include a discussion on ‘Auditor independence and audit quality measures’, as referenced in Section 64(2) of the Banks Act and Sections 94(7) and 94(8) of the Companies Act, and in various papers published by the Basel Committee on banking supervision.³⁶