South Africa has an advanced banking system, backed by a sound regulatory and legal framework which aims to secure systemic stability in the economy, ensure institutional safety and soundness, and promote consumer protection.

The South African Reserve Bank (SARB) is the central bank of South Africa and is responsible for bank regulation and supervision in South Africa. The SARB also has responsibility for promoting the soundness of the domestic banking system through the effective and efficient application of international regulatory and supervisory standards, and for minimising systemic risk. The SARB issues banking licences to banking institutions and monitors their activities in terms of either the Banks Act, 1990, or the Mutual Banks Act, 1993.

Stability in the sector

Notwithstanding the turmoil experienced in international financial markets, the South African banking system remained stable and the banks were adequately capitalised. South African banks have been largely shielded against the direct effects of the global financial crisis. The reasons given were, amongst others, the fact that domestic banks had not invested heavily in high-risk or complex instruments and had very limited foreign credit exposure on their loan books. There were therefore no changes to regulations or to practices by regulatory authorities, other than the amendments to the regulations to comply with the Basel Capital Accord. The SARB has also become more closely involved in international forums; particularly the Group of Twenty (G-20), as part of a coordinated global policy response to the crisis. In addition, the SARB has maintained a greater focus on general financial stability.

Overview of banking regulators and key regulations

The following primary statutes and regulations govern the banking industry:

1. the Banks Act 1990 (Banks Act) and regulations published in terms thereof, provide for the regulation and supervision of the taking of deposits from the public;
2. the South African Reserve Bank Act 1989 regulates specifically the SARB and the monetary system;
3. the National Payment Systems Act 1998 (NPS Act) provides for the management, administration, operation, regulation and supervision of payment, clearing and settlement systems in South Africa;
4. the Inspection of Financial Institutions Act 1998 provides for the inspection of the affairs of financial institutions (such as banks) and for the inspection of the affairs of unregistered entities conducting the business of financial institutions;
5. (e)   the Currency and Exchanges Act 1933 regulates legal tender, currency, exchanges and banking. Exchange Control Regulations issued in terms of this Act impose exchange control that restricts the export of capital from South Africa;
6. the Financial Intelligence Centre Act 2001 (FICA) establishes a Financial Intelligence Centre and a Money Laundering Advisory Council in order to combat money laundering activities and the financing of terrorist and related activities, and imposes certain duties on institutions and other persons who may be used for money-laundering purposes and the financing of terrorist and related activities;
7. the Financial Advisory and Intermediary Services Act 2002 (FAIS) regulates the rendering of certain financial advisory and intermediary services to clients;
8. the Mutual Banks Act 1993 provides for the regulation and supervision of the activities of mutual banks;
9. the Co-operative Banks Act 2007 provides for the regulation and supervision of cooperative banks. The legislation acknowledges member-based financial services cooperatives as a different tier of the official banking sector. Note, however, that rules to be implemented in terms of this Act are still in draft form;
10. the National Credit Act 2005 (NCA) regulates consumer credit and improved standards of consumer information, prohibits certain unfair credit and credit marketing practices; as well as reckless credit granting. It also provides for debt reorganisation in cases of over-indebtedness, regulates credit information and provides for registration of credit bureaux, credit providers and debt counselling services; and
11. the Consumer Protection Act, 2008 (CPA) which is intended to protect certain fundamental consumer rights, and which also applies to the provision of banking services to consumers, unless exempted, except to the extent that any such service constitutes advice or intermediary services that this regulated by FAIS, or is regulated in terms of the Long-term Insurance Act, 1988 or the Short-term Insurance Act, 1988.

The following regulatory authorities are responsible for overseeing banks:

1. the SARB as the central bank, and more particularly the Registrar of banks (Registrar) who is an officer of the SARB, are primarily responsible for overseeing banks. The SARB has, in terms of the NPS Act, also recognised the Payment Association of South Africa (PASA) as a payment system management body with the objective of organising, managing and regulating the participation of its members (i.e. banks) in the payment system;
2. the Financial Intelligence Centre, by monitoring and giving guidance to banks as accountable institutions regarding their performance of their duties and their compliance in terms of FICA;
3. the Financial Services Board, established in terms of the Financial Services Board Act 1990, to provide for the establishment of a board to supervise compliance with laws regulating financial institutions and the provision of financial services;
4. the National Credit Regulator, established in terms of the NCA, whose responsibilities include the registration of credit providers and the monitoring of the consumer credit market and industry to ensure that prohibited conduct is prevented, detected and prosecuted; and
5. the National Consumer Commission, established in terms of the CPA, whose responsibilities include enforcement of the CPA.

Recent regulatory themes and key regulatory developments

The Regulations Relating to Banks, issued under the Banks Act, has recently been amended to give effect to Basel III. The implementation of the Basel III framework is based on a phased-in approach commencing on 1 January 2013 and continuing up to 2018, in line with the timelines determined by the Basel Committee. In particular, the capital framework for banks has been replaced by an amended capital framework as set out in the Regulations.

No other major changes are anticipated, other than compliance with any amendments to the Basel Capital Accord and harmonising domestic regulatory standards with minimum international standards. According to the SARB, the changes should not have a material impact on South African banks – which remain well capitalised and characterised by low leverage ratios. The proposals regarding liquidity are likely to pose a greater challenge, but given the relatively long phasing-in period, they are not viewed as being insurmountable.

The government has recently announced that in line with global developments, there are further steps to be taken to enhance the regulatory framework and improve financial services. The proposed reforms include a shift to a ‘twin peak’ system of financial regulation, with market conduct under the Financial Services Board, and prudential regulation in the SARB. The prudential regulator’s objective will be to maintain and enhance the safety and soundness of regulated financial institutions, and be responsible for the prudential regulation and supervision of banks and insurers. The market conduct regulator’s objective will be to protect consumers of financial services and promote confidence in the South African financial system.

Bank governance and internal controls

Corporate governance

The board of directors of a bank is ultimately responsible for ensuring that an adequate and effective process of corporate governance, which is consistent with the nature, complexity and risk inherent in the bank’s on-balance sheet and off-balance sheet activities, and which responds to changes in the bank’s environment and conditions, is established and maintained. The board of directors may appoint supporting committees to assist it with its responsibilities. The process of corporate governance includes the maintenance of effective risk management and capital management by a bank.

On an ongoing basis, the overall effectiveness of the processes relating to corporate governance, internal controls, risk management, capital management and capital adequacy must be monitored, amongst other things, by the bank’s board of directors. The board of directors of a bank or a committee appointed by the board for such purpose must:

(a) at least once a year assess and document whether the processes relating to corporate governance, internal controls, risk management, capital management and capital adequacy implemented by the bank successfully achieve the objectives specified by the board; and

(b) at the request of the Registrar, provide the Registrar with a copy of the report compiled by the board of directors or committee in respect of the adequacy of the processes relating to corporate governance, risk management, capital management and capital adequacy.

In addition, the external auditors of a bank must annually review the process followed by the board of directors in assessing the corporate governance arrangements (including the management of risk and capital, and the assessment of capital adequacy) and report to the Registrar whether any matters have come to their attention to suggest that they do not concur with the findings reported by the board of directors; provided that when the auditors do not concur with the findings of the board of directors, they provide reasons therefor.

Directors

Each director, chief executive officer and executive officer of a bank owes a fiduciary duty and a duty of care and skill to the bank. Each director, chief executive officer and executive officer of a bank furthermore owes a duty towards the bank to:

(a) act bona fide for the benefit of the bank;

(b) avoid any conflict between the bank’s interests and the interests of such a director, chief executive officer or executive officer, as the case may be;

(c) possess and maintain the knowledge and skill that may reasonably be expected of a person holding a similar appointment and carrying out similar functions as are carried out by the director, chief executive officer or executive officer of that bank; and

(d) exercise such care in the carrying out of his or her functions in relation to that bank as may reasonably be expected of a diligent person who holds the same appointment under similar circumstances, and who possesses both the knowledge and skill mentioned in (c) above and any such additional knowledge and skill as the director, chief executive officer or executive officer in question may have.

Every director of a bank or controlling company is required to acquire a basic knowledge and understanding of the conduct of the business of a bank, and of the laws and customs that govern the activities of such institutions. Although not every member of the board of directors of a bank or controlling company is required to be fully conversant with all aspects of the conduct of the business of a bank, the competence of every director of a bank must be commensurable with the nature and scale of the business conducted by that bank and, in the case of a director of a controlling company, as a minimum, must be commensurable with the nature and scale of the business conducted by the banks in the group.

In view of the fact that the primary source of funds administered and utilised by a bank in the conduct of its business is deposits loaned to it by the general public, it is further the duty of every director and executive officer of a bank to ensure that risks that are of necessity taken by such a bank in the conduct of its business, are prudently managed.

The directors of a bank must annually report to the Registrar whether or not:

(i) the bank’s internal controls:

(a) provide reasonable assurance as to the integrity and reliability of the bank’s financial statements;

(b) safeguard, verify and maintain accountability of the bank’s assets; and

(c) are based on established policies and procedures and implemented by trained, skilled personnel, whose duties are duly segregated.

(ii)  adherence to the implemented internal controls is continuously monitored by the bank;

(iii) all bank employees are required to maintain high ethical standards, thereby ensuring that the bank’s business practices are conducted in a manner that is above reproach;

(iv) the bank has implemented and continuously maintained compensation policies, processes and practices that, as a minimum, comply with the requirements as specified in the regulations (see below on remuneration); and

(v) anything came to their attention to indicate that any material malfunction, as defined and documented by the board of directors, which definition must be submitted to the Registrar, in the functioning of the aforementioned controls, procedures and systems, has occurred during the period under review.

The Registrar may institute action in terms of section 424 of the repealed Companies Act of 1973 against any director, chief executive officer or executive officer of a bank who was knowingly a party to the carrying on of the business of the bank, when it appears that any such business was or is being carried on recklessly or with intent to defraud creditors of the bank or of any other person, or for fraudulent purpose.

Any amount recovered as a result of proceedings instituted by the Registrar must be used:

(i) first to reimburse all expenses reasonably incurred by the Registrar in bringing such proceedings;

(ii) thereafter to offset any amount paid to depositors by the Registrar, a deposit insurance scheme, or any governmental body, as part or full compensation for the losses suffered by depositors as a result of the bank being unable to repay their deposits; and

(iii) thereafter for the pro rata repayment of the losses of depositors.

Remuneration

The board of directors must, amongst other duties, ensure that effective governance is in place in respect of the bank’s compensation or remuneration policies, processes, practices and procedures. The bank must on a regular basis, but not less frequently than once a year, disclose to the public sufficiently detailed qualitative and quantitative information related to remuneration.

Composition of the board of directors of a bank

The majority of directors must not be employees of the bank, its subsidiary or controlling company. Directors who are employees must not together have a vote in excess of 49% of the total vote cast by all directors present and voting.

The chairperson of the board of directors of a bank must not be an employee of: the bank; any of the subsidiaries of the bank; the controlling company of the bank; or any subsidiary of the controlling company. The chairperson of the board of directors of a bank must not be a member of the audit committee of the bank or the controlling company of the bank.

Banks must give the Registrar written notice of the nomination of any person for appointment as chief executive officer, director or executive officer. This notice must reach the Registrar at least 30 days prior to the proposed date of appointment. The Registrar may object to the proposed appointment by means of a written notice, stating the grounds for the objection, given to the chairperson of the board of directors of the bank and to the nominee, within 20 working days of receipt of the notice. If the Registrar objects to the proposed appointment, the bank may not appoint the nominee and any purported appointment shall have no legal effect. The Registrar may also object to the appointment or continued employment of a chief executive officer, director or executive officer of a bank, if the Registrar reasonably believes that the chief executive officer, director or executive officer concerned is not, or is no longer, a fit and proper person to hold that appointment, or if it is not in the public interest that such chief executive officer, director or executive officer holds or continues to hold such appointment. Similarly, the Registrar may terminate the appointment of any chief executive officer, executive director or executive officer who is no longer a fit and proper person to hold that appointment, or if it is not in the public interest that that person continues to hold such appointment. Written representations may be made by affected parties, and the matter may also be referred to arbitration at the Arbitration Foundation of South Africa.

Audit and compliance functions, market abuse and financial crime

In order to, amongst other things, evaluate and improve the effectiveness of a bank’s risk management, control, capital management and governance processes and/or systems, a bank must establish an independent and objective internal audit function.

A bank must also have in place, as part of its risk management framework and governance structure, an independent compliance function. The independent compliance function must ensure that the bank continuously manages its regulatory and supervisory risks; that is, the risk that the bank does not comply with applicable laws and regulations or supervisory requirements. The compliance function must be headed by a compliance officer of the bank, who must perform his or her functions with such care and skill as can reasonably be expected from a person responsible for such a function in a similar institution.

A bank must further implement and maintain robust structures, policies, processes and procedures to guard against the bank being used for purposes of market abuse; such as insider trading and market manipulation, and/or financial crimes such as fraud, financing of terrorist activities and money laundering.

Audit committee

The board of directors of a bank and controlling company must appoint at least three of its members to form and serve on an audit committee. The audit committee must perform such functions as may be prescribed and assist the board of directors:

(i) in its evaluation of the adequacy and efficiency of the internal control systems, accounting practices, information systems and auditing processes applied within that bank or controlling company, as the case may be in the day-to-day management of its business;

(ii) to facilitate and promote communication, regarding the matters referred to in subparagraph (i) or any other related matter, between the board of directors and the executive officers of the appointed auditor, and the employee charged with the internal auditing of the transactions of the bank or controlling company, as the case may be; and

(iii) to introduce such measures as in the committee’s opinion may serve to enhance the credibility and objectivity of financial statements and reports prepared with reference to the affairs of the bank or controlling company, as the case may be.

All the members of the audit committee of a bank must be persons who are not employees of the bank nor of any of its subsidiaries, its controlling company or any subsidiary of its controlling company. The chairperson of the board of directors of the bank or the controlling company must also not be appointed as a member of the audit committee.

Risk and capital management committee

The board of directors of a bank and controlling company must appoint at least three of its members, of whom at least two are non-executive directors, to form and serve on a risk and capital management committee.

The functions of the risk and capital management committee are to assist the board of directors with all aspects of risk policy, procedures, practices, control, mitigation and management.

Directors’ affairs committee

The board of directors of a bank and controlling company must establish a directors’ affairs committee, consisting only of non-executive directors of the bank or controlling company.

The function of the directors’ affairs committee is to assist the board of directors:

(a) in its determination and evaluation of the adequacy, efficiency and appropriateness of the corporate governance structure and practices of the bank or controlling company;

(b) to establish and maintain a board directorship continuity programme entailing:

(i) a review of the performance of, and planning for, successors to the executive directors;

(ii) measures to ensure continuity of non-executive directors;

(iii) a regular review of the composition of skills, experience and other qualities required for the effectiveness of the board; and

(iv) an annual self-assessment of the board as a whole, and of the contribution of each individual director;

(c) in the nomination of successors to the key positions in the bank or controlling company, in order to ensure that a management succession plan is in place;

(d) in determining whether the services of any director should be terminated;

(e) in ensuring that the bank or controlling company is at all times in compliance with all applicable laws, regulations and codes of conduct and practices; and

(f) to perform such further functions as may be prescribed.

Bank capital requirements

A bank must manage its affairs in such a way that the sum of its primary and secondary capital, its primary and secondary unimpaired reserve funds and, where the bank trades in financial instruments, its tertiary capital in South Africa, does not at any time amount to less than the greater of 250 million rand; or an amount which represents a prescribed percentage of the sum of amounts relating to the different categories of assets and other risk exposures of the bank, calculated as prescribed in the regulations relating to banks.

A bank must furthermore hold in South Africa liquid assets amounting to not less than the sum of amounts, calculated as prescribed percentages not exceeding 20%, of such different categories of its liabilities as may be prescribed in the regulations relating to banks. A bank may not pledge or encumber any portion of these liquid assets. The Registrar is empowered to exempt the bank from this prohibition – on such conditions, to such an extent and for such a period, as may be determined.

Although a bank is obliged to furnish the Registrar with returns regarding the nature and amounts of the bank’s assets, liabilities and contingent liabilities and returns relating to the extent and management of risk exposures in the conduct of its business, no contingent capital arrangements are required.

If a bank fails or is unable to comply with prudential requirements, it must forthwith in writing report its failure or inability to the Registrar, stating the reasons therefor. The Registrar may summarily take action against the bank, or, if deemed fit, may condone its failure or inability, and afford it an opportunity to comply. The Registrar may by written notice impose a fine on the bank. If the bank fails to pay the fine within the time specified in the notice, the Registrar may recover the amount by way of civil action.

Rules governing banks’ relationships with their customers and other third parties

Banks subscribe to the Code of Banking Practice (“the Code”), which is a voluntary code that sets out the minimum standards for service and conduct customers can expect from a bank with regard to the services and products it offers. The Code only applies to personal and small business customers and has been developed to:

(a) promote good banking practices by setting minimum standards for a bank when dealing with a customer;

(b) increase transparency so that the customer can have a better understanding of what can reasonably be expected of the bank’s products and services;

(c) promote a fair and open relationship between the customer and the bank; and

(d) foster confidence in the banking system.

The banks accept the jurisdiction of the Ombudsman for Banking Services to mediate, to make binding determinations based on this Code and on the law where appropriate, and to make recommendations in other circumstances; including those based on equity. A determination made by the Ombudsman for Banking Services may be made an order of the court. If a bank refuses to abide by a recommendation of the Ombudsman for Banking Services, the Ombudsman may publish the recommendation and the relevant bank’s refusal to comply.

Although the Code is based on self-regulation and exists as a voluntary code of conduct, there is legislation, which also has an impact on the relationship between a bank and its customers, namely the CPA, the NCA, FICA and FAIS.

Written by Ina Meiring, Director, Werksmans Advisory Services