Acts Online
GT Shield

Financial Sector Regulation Act, 2017 (Act No. 9 of 2017)

Chapter 17 : Miscellaneous

Part 1 : Information sharing and reporting

251. Information sharing

 

(1)

(a) A financial sector regulator or the Reserve Bank has an obligation and a duty to—
(i) achieve its objective as set out in this Act;
(ii) achieve the objects of financial sector laws;
(iii) perform its functions, including its supervisory functions, in terms of financial sector laws and the Financial Intelligence Centre Act.
(b) A financial sector regulator or the Reserve Bank must collect and use information, including personal information as defined in the Protection of Personal Information Act, to the extent that the financial sector regulator or the Reserve Bank determines is necessary to properly perform the obligations and duties referred to in paragraph (a).
(c) A financial sector regulator or the Reserve Bank may only share or disclose information in order to fulfil its obligations and duties in terms of this subsection and subsection (2), and the disclosure or sharing of information for any other purposes constitutes the sharing or disclosure of information for a purpose that is not authorised, as referred to in section 272.

 

(2)

(a) A financial sector regulator or the Reserve Bank must disclose information referred to in subsection (1)(b) if the financial sector regulator or the Reserve Bank determines it is necessary to comply with its obligations—
(i) to perform functions in terms of, or as enabled by, the financial sector laws or the Financial Intelligence Centre Act;
(ii) relating to legal proceedings or other proceedings;
(iii) to warn financial customers against conducting business with a financial institution or other person conducting activities in contravention of the financial sector laws or the Financial Intelligence Centre Act;
(iv) to inform financial customers of actions taken against a financial institution in terms of the financial sector laws or the Financial Intelligence Centre Act;
(v) to alert financial customers to activities carried out by a financial institution that a financial sector regulator or the Reserve Bank believes to constitute a risk to financial customers;
(vi) to protect the public interest;
(vii) to deter, prevent, detect, report and remedy fraud or other criminal activity in relation to financial products or financial services; or
(viii) relating to anti-money laundering and combating the financing of terrorism.
(b) Information obtained in terms of the Financial Intelligence Centre Act, other than in terms of sections 45 and 45B of that Act, may only be utilised or disclosed in accordance with sections 29, 40 and 41 of that Act.

 

(3) A financial sector regulator or the Reserve Bank, in pursuing the obligations and duties referred to in subsections (1)(a) and (2)(a), may—
(a) liaise with any designated authority on matters of common interest;
(b) participate in the proceedings of any designated authority;
(c) advise or receive advice from any designated authority;
(d) prior to taking regulatory action which a financial sector regulator or the Reserve Bank considers material against a financial institution, inform any designated authority that the financial sector regulator or the Reserve Bank, as the case may be, of the pending regulatory action or, where this is not possible, inform the designated authority as soon as possible after taking the regulatory action; and
(e) negotiate and enter into bilateral or multilateral co-operation agreements, including memoranda of understanding, with designated authorities, including designated authorities in whose countries a subsidiary or holding company of a financial institution is incorporated or a branch is situated, to, among other matters—
(i) co-ordinate and harmonise the reporting and other obligations of financial institutions;
(ii) provide mechanisms for the exchange of information, including provisions requiring or permitting a financial sector regulator, the Reserve Bank or a designated authority—
(aa) to be informed of adverse assessments in respect of financial institutions; or
(bb) to provide or receive information regarding significant problems that are being experienced within a financial institution;
(iii) provide procedures for the co-ordination of supervisory activities to facilitate the monitoring of financial institutions, including on an on-going basis; and
(iv) assist any designated authority in regulating and enforcing any laws that the designated authority is responsible for supervising and enforcing, that are similar to a financial sector law or which have an impact on the regulation of the financial sector and financial institutions.

 

(4)

(a) Information may only be disclosed by a financial sector regulator or the Reserve Bank to a designated authority if, before disclosing the information, the financial sector regulator or the Reserve Bank is satisfied that the designated authority that receives the information has proper and effective safeguards in place to protect the information, which safeguards are similar to those provided for in this section.
(b) A financial sector regulator or the Reserve Bank may only consent to information that is provided to a designated authority being made available to third parties if it is satisfied that the third parties have proper safeguards in place to protect the information received, which safeguards are similar to those provided for in this section.
(c) A financial sector regulator or the Reserve Bank may only request information from a designated authority in connection with the performance of obligations and duties in terms of the laws referred to in subsections (1) and (2).
(d) Information provided on request to a designated authority in terms of this section—
(i) must only be used by the designated authority for the purpose for which it was requested;
(ii) may not be disclosed to a third party without the consent of the designated authority that provided the information; and
(iii) must retain its integrity and confidentiality, and the designated authority that receives the information must take appropriate, reasonable technical and organisational measures to prevent loss of, damage to, or unauthorised destruction of the information, and unlawful access to or processing of the information.
(e) If, despite paragraph (d), a designated authority is compelled by law to disclose information provided by another designated authority to a third party, the first designated authority must—
(i) inform that designated authority of the event and the circumstances in which the information shall be made available; and
(ii) use all reasonable means to oppose the compulsion to disclose, and otherwise to protect the information.

 

(5) When sharing or disclosing information in terms of subsection (3) or (4), a financial sector regulator or the Reserve Bank must comply with the requirements in those subsections, and a contravention of those requirements constitutes the sharing or disclosure of information in a manner that is not authorised, as referred to in section 272.

 

(6)

(a) A financial sector regulator or the Reserve Bank must have in place written processes and procedures that—
(i) clearly specify which officials and employees in the financial sector regulator or the Reserve Bank are authorised to share or disclose information in terms of this section; and
(ii) provide for the sharing or disclosure of information in a manner that is consistent with the requirements of this section and the Protection of Personal Information Act.
(b) The processes and procedures referred to in paragraph (a) must grant authority to share or disclose information only to officials and employees who have an appropriate degree of seniority in the institution.
(c) Only an official or employee of a financial sector regulator or the Reserve Bank who is authorised by the policy and procedures of the financial sector regulator or the Reserve Bank may share or disclose information on behalf of the financial sector regulator or the Reserve Bank.

 

(7) For the purposes of this section, "information" does not include aggregate statistical data or information that does not disclose the identity of a person.