Question NW2745 to the Minister of Finance
15 December 2016 - NW2745
Mulder, Dr CP to ask the Minister of Finance
(1)What is the (a) nature and (b) legal basis for the protection that deposit-taking banks give their clients against fraud (i) inside and outside the banks and also (ii) as a result of online scams to protect their clients’ money; (2) whether banks are obliged to take out insurance for these risks; (3) whether banks are obliged to compensate their clients 100% for losses incurred where the clients themselves did not act negligently and the problem has arisen at the bank itself and with other service providers, such as cellphone companies; if not, why not; if so, what is the legal basis of the obligation?
Reply:
(1)(a) The South African Banking Risk Information Centre (SABRIC) has been established by the banks in South Africa specifically to assist the banking industry in combating organised bank-related crimes. SABRIC consistently releases information on different types of criminal activity, including cyber-crime, to assist customers to be more vigilant. Banks themselves have in place sophisticated systems to detect and prevent fraudulent access to customer accounts. Internationally, the issue of technological innovations in the financial sector, and the risks that it can bring from a cybercrime perspective, is a major focus area, led by international regulators in the Financial Stability Board and Basel Committee on Banking Supervision.
(1)(b)(i), (ii) The current legal basis for financial consumer protection is in terms of generic consumer protection legislation. However, it is important to note that Parliament is currently processing the Financial Sector Regulation Bill, which places a strong emphasis on market conduct regulation and the fair treatment of customers in the financial sector. The Bill creates a Financial Sector Conduct Authority, and will result in the introduction of new regulation and standards that aim to better protect financial sector customers.
Currently, banks are required to comply with the Consumer Protection Act 68 of 2008, which provides for the rights of consumers to be protected against, for example false, misleading or deceptive representations (section 41) and fraudulent schemes and offers (section 42).
Banks are also required to ensure continued compliance with legislation such as the Financial Intelligence Centre Act 38 of 2001, the Prevention of Organised Crime Act 121 of 1998 and the Protection of Constitutional Democracy against Terrorist and Related Activities Act 33 of 2004. Banks are specifically required to register with the Financial Intelligence Centre in terms of section 43B of the Financial Intelligence Centre Act. Sections 21 to 45F of that Act address the control measures which banks must implement to combat money-laundering activities and prevent the financing of terrorist and related activities.
Regulation 50 of the Regulations made under section 90 of the Banks Act 94 of 1990, states that a bank must implement and maintain robust structures, policies, processes and procedures to guard against the bank being used for purposes of financial crime such as fraud, financing of terrorist activities and money laundering.
In terms of the Regulation 50, banks are required to facilitate co-operation with relevant law-enforcement agencies, identify customers, recognise suspicious customers and transactions, maintain high ethical standards in all business transactions, provide adequate training and guidance to staff, maintain records of transactions, report suspicious customers and transactions and provide a clear audit trail.
(2) The manner in which a bank mitigates its risk is not prescribed per type of risk (e.g. fraud and financial crime risks) by the Regulator. However, Regulations 33 and 34 of the Banks Act do require a robust enterprise risk management framework for a bank, which includes operational risk, such as fraud and financial crime. There is an obligation on banks to hold capital for operational risk. Banks are allowed to take out insurance against this risk, but this does not influence the regulatory capital requirement.
(3) The manner in which a bank compensates a client depends on the bank’s internal policies and are generally assessed on a case-by-case basis. Clients that are not satisfied with the services of their bank in relation to such compensation decisions can approach the Ombudsman for Banking Services. The majority of retail banks in South Africa are members of the Ombudsman for Banking Services. Going forward, it is worthwhile to note again that the conduct of business of retail banks, including its fair treatment of customers, will be regulated by the Financial Sector Conduct Authority when the Financial Sector Regulation Bill is enacted.