Too early for COFI?

A new regulatory era.
Insights into what we can expect.

A quick read for FSP’s preparing for regulatory change

Not coffee but COFI, a new buzz word that we will need to get comfortable with. The Conduct of Financial Institutions (COFI) Act is set to transform South Africa’s financial services industry. Drifting away from a rule base and prescriptive compliance to principles, outcomes and culture focused compliance regime.

While implementation may feel a little way off, Key Individuals and FSPs who prepare early will be in the strongest position to lead with confidence.

What to expect under COFI?

1. A new Competency Framework. We know that the FSCA is developing a new framework that will:

   • update the Regulatory Exam (RE) content and examination structure.

   • Define new competence standards for Key Individuals and Representatives.

   • Introduce bridging modules or training aligned with COFI outcomes.

2. A focus based on Outcomes. Compliance will go beyond policies. The FSCA will expect FSPs to demonstrate that their governance, culture and practices lead to fair and consistent outcomes for their clients.

3. Tighter Governance and Accountability. It seems the Key Individual will not be solely responsible for the risks of the FSP and that this responsibility will be upgraded to ‘Key Persons”. This promotes all players in leadership roles to take a proactive approach to their management and oversight opposed to historically all responsibility laid with the Key Individual.

4. Greater focus on Risk-based compliance “Risk-based” is a phrase thrown around frequently, but what does it really mean?

Under COFI, Financial institutions will no longer be able to rely on template based frameworks. The FSCA is clear that compliance needs to be proportional to your business’s risk, scale and activities. It must drive real outcomes and not just tick a box.

What you should be doing now?

Most FSPs think they’re compliant... until the gaps show up under regulatory scrutiny.

To truly align with COFI’s risk-based approach, you must go beyond generic frameworks. Here is a quick self-checklist:

• Have you mapped key risks across your products, services, clients and operations?

• Is your compliance framework actually tailored to your unique risk profile, or are you relying on off the shelf policies (or worse templates from your external compliance officer)?

• Are you documenting risk-based decisions in a way that would stand up under regulatory questioning?

• Can you clearly map leadership structure and demonstrate accountability on each level?

• Is compliance embedded into your company culture?

If you hesitated on any of the above, you are not alone. That is where I come in.

I help FSP’s like yours looking to build sustainable compliance frameworks that supports your business growth and success and not slow you down in the process.