COFI Bill Implementation: Navigating Market‑Conduct Transformation in South Africa

Introduction

South Africa’s Conduct of Financial Institutions (COFI) Bill represents one of the most significant reforms in the country’s financial regulatory landscape since the advent of the Twin Peaks model in 2018. The Bill signals a comprehensive shift from fragmented, sector-based financial legislation, such as FAIS, CISCA, and the Long- and Short-Term Insurance Acts, to a unified framework grounded in principles of market conduct, customer fairness, and governance accountability. It is designed to consolidate and modernise the conduct standards applicable to all financial institutions, bringing coherence to what was previously a patchwork of inconsistent and overlapping regulatory obligations.

Under the Twin Peaks system, financial sector oversight is split between two main regulatory bodies: the Prudential Authority (PA), which ensures financial soundness and stability, and the Financial Sector Conduct Authority (FSCA), which is tasked with overseeing how financial institutions treat their customers. The COFI Bill strengthens the FSCA’s role, extending its authority from traditional reactive enforcement (such as investigating complaints and penalising misconduct) and moves it towards proactive and preventive supervision. This includes using data analytics, off-site monitoring, and licensing reforms to anticipate and reduce conduct risks before they materialise.

Once enacted, the COFI Bill will apply to virtually all financial services providers (FSPs) operating in South Africa, including banks, insurers, pension fund administrators, investment managers, discretionary FSPs, and credit providers. These institutions will need to align their internal structures, conduct policies, customer interaction models, and governance frameworks with COFI’s new expectations. A key feature of the Bill is its activity-based licensing approach, meaning that regulation will be tailored to the specific financial services an entity provides regardless of its legacy sectoral designation. This approach enables greater consistency, proportionality, and responsiveness in regulatory oversight.

This CPD-accredited article is intended to provide readers with a comprehensive and practical guide to understanding the COFI Bill and preparing for its implementation. It will cover the Bill’s foundational principles, licensing structure, governance and fit-and-proper requirements, data and reporting duties (such as Omni-CBR), and sector-specific implications. It also examines the FSCA’s transitional strategy, contingency plans in the event of legislative delays, and steps FSPs should take now to ensure a smooth compliance journey. Readers will gain not only theoretical knowledge but also practical, actionable insights to help them navigate this evolving regulatory environment effectively.

2. COFI’s Core Principles

2.1 Activity‑Based Regulation

One of the most transformative features of the COFI Bill is its shift from a sector-based regulatory approach to one that is activity-based. Historically, South Africa’s financial regulation has operated through a siloed system in which entities were licensed according to their institutional type whether they were a bank, insurer, pension fund administrator, or investment manager. This created a patchwork of laws, or 13 separate sectoral statutes, each with its own compliance requirements, leading to duplication, inconsistency, and regulatory arbitrage.

COFI replaces this with a single conduct framework that focuses on the activities financial institutions perform, regardless of their institutional identity. For example, an entity that offers both advice and discretionary investment management would require separate licences for each activity, even if these services fall under one organisation. This ensures that the same activity is regulated consistently across all institutions, enhancing comparability, fairness, and regulatory clarity.

Moreover, this activity-based licensing model supports the FSCA’s commitment to proportionality. Regulatory requirements will be calibrated according to the nature, scale, and complexity of the activities performed. This enables smaller or less complex institutions to meet compliance expectations without being overburdened by the same rules that apply to large conglomerates. It also supports innovation, allowing fintechs and non-traditional players to operate within a flexible, fit-for-purpose framework.

COFI elevates Treating Customers Fairly (TCF) outcomes into binding law. It focuses on behavioural standards including honesty, skill, care, and customer-first orientation rather than a checklist mentality.

2.2 Principles‑ and Outcomes‑Based Approach

Another hallmark of COFI is its elevation of principles and outcomes-based regulation, which moves away from a rules-heavy, box-ticking compliance culture to one that is grounded in ethical conduct, fair treatment, and sustainable customer outcomes. Central to this is the formal adoption of the Treating Customers Fairly (TCF) principles not as guidelines, but as enforceable law.

COFI embeds TCF outcomes into its legal framework, making them a benchmark for both conduct evaluation and enforcement action. These outcomes include ensuring that products and services are designed to meet customer needs, that customers are well informed, receive suitable advice, and are treated fairly throughout the product lifecycle.

In essence, COFI expects FSPs to demonstrate not only compliance with legal obligations, but also to embed a culture of fairness, transparency, and integrity in how they do business. This is a profound shift, requiring firms to align internal values, governance, and strategy with customer-centric outcomes, not just legal checklists.

2.3 Risk‑Sensitive & Proportional Application

A key commitment embedded in the COFI Bill is the principle of proportionality, which acknowledges that not all financial institutions operate at the same scale or risk level. The FSCA has made it clear that compliance requirements will be tailored to the size, complexity, and risk exposure of each FSP. This means that smaller firms, such as sole proprietors and niche advisory businesses, will not be held to the same operational or reporting standards as large banks or insurers. Instead, regulation will be risk-sensitive, ensuring fairness without compromising customer protection or market integrity.

3. Licensing Architecture & Transitional Mechanisms

3.1 Multi‑Licence Model

The COFI Bill introduces a granular and modular licensing framework, which represents a major departure from South Africa’s legacy financial licensing system. Under COFI, licences are issued not simply based on the institution type, but on a detailed breakdown of specific activities, products, and customer segments. This approach ensures that each FSP is authorised to perform precisely the functions they are competent to carry out, with a clear scope of operation defined by the nature of the service.

For example, an FSP that administers retirement savings may need different licences depending on whether it serves individual clients, such as retirement annuity holders, or institutional clients, such as employer-sponsored pension funds. Similarly, an institution offering both investment advice and discretionary portfolio management would require separate authorisation for each distinct activity.

This model allows the FSCA to exercise tailored oversight, applying appropriate conduct standards, supervisory expectations, and reporting requirements based on the risk profile and complexity of each licensed activity. It also enhances consumer protection by ensuring that only suitably licensed and properly governed entities are allowed to offer specific services, creating a more transparent, responsible, and responsive financial services environment.

3.2 Dual Licensing for Retirement Funds

Under the COFI Bill, retirement funds and their administrators will be subject to a dual licensing regime, requiring compliance with both the COFI Act and the revamped Retirement Funds Act (RFA), which will replace the existing Pension Funds Act (PFA). This dual framework reflects the unique nature of retirement savings, which carry both prudential and conduct risks, necessitating tailored regulation that covers both the financial health of the fund and the treatment of its members.

To facilitate the transition, the FSCA will undertake a structured mapping and conversion process that aligns current licences under existing legislation with the new COFI licensing categories. This process is expected to take between three and four years following the effective date of the Act. Importantly, all registered retirement funds will be “deemed licensed” under COFI as of the implementation date, meaning they can continue to operate while undergoing formal conversion.

The FSCA will have up to four years to finalise this conversion, while new licence applications will be processed within a three-year window. However, delays in the promulgation of the COFI Bill have prompted the FSCA to initiate interim licensing measures under the Financial Sector Regulation Act (FSRA). These efforts are intended to mitigate the risk of regulatory gaps and ensure a degree of consistency in oversight as COFI is phased in. This proactive approach anticipates a staggered and potentially fragmented adoption process, especially given the scale and diversity of retirement funds across South Africa.

4. Governance, Fit‑and‑Proper & Cultural Standards

4.1 Expanded Accountability

The COFI Bill introduces a broader and more robust framework for accountability by replacing the term “key individual” with “key person.” This change is not merely semantic, it reflects a fundamental shift in the way responsibility and oversight are assigned within financial institutions. Under the current FAIS framework, the concept of a “key individual” refers to a person overseeing the rendering of financial services by a representative. However, COFI expands this scope significantly by placing fit-and-proper obligations on a wider range of individuals within an organisation’s executive, senior management, and governance structures.

The term “key person” now applies to any individual who exercises significant influence over the financial institution’s conduct, strategy, risk, and compliance, whether through executive authority, control functions, or board-level responsibilities. This change ensures that accountability is shared collectively across leadership and not concentrated in a single compliance or operations manager.

Institutions will need to ensure that all key persons meet the FSCA’s fit-and-proper standards, which include integrity, competence, financial soundness, and appropriate experience. This shift is designed to strengthen governance, promote a culture of ethical leadership, and align executive decision-making with the customer-centric outcomes that COFI mandates.

4.2 Fit‑and‑Proper Criteria

Under the COFI Bill, the fit-and-proper requirements are significantly broadened and deepened compared to current frameworks. No longer limited to evaluating the individual competence or integrity of a few designated persons, these assessments now span multiple domains that affect the overall conduct and culture of the institution. The FSCA will assess not just individual qualifications or financial soundness, but also the governance structures, remuneration practices, transformation efforts, and organisational culture within the institution.

This shift reflects the FSCA’s view that sustainable customer outcomes are directly influenced by the ethics, decision-making processes, and incentive systems embedded within an organisation. For example, a remuneration model that prioritises short-term sales at the expense of customer needs may fail the fit-and-proper test under COFI, even if individuals within the firm meet competency criteria. Similarly, the FSCA may scrutinise whether a board is appropriately diverse, whether it demonstrates sufficient independence, and whether transformation policies are being meaningfully implemented in line with the Financial Sector Code.

Institutions will therefore need to adopt a holistic approach to fit-and-proper compliance, ensuring that their leadership, structures, and culture align with the principles of fairness, accountability, and transparency that COFI aims to enforce.

4.3 Culture & Conduct Standards

One of the most progressive elements of the COFI Bill is its formal recognition of organisational culture as a core component of conduct regulation. COFI goes beyond traditional compliance checklists by embedding the “tone from the top”. This to say that the values, behaviours, and attitudes demonstrated by leadership will be a measurable and enforceable standard. The FSCA will now assess how leadership influences day-to-day conduct through decision-making practices, ethical leadership, reward structures, and internal accountability frameworks.

Central to this cultural evaluation is how an organisation incentivises behaviour. If reward models focus exclusively on volume, sales, or profit, without adequate consideration for customer outcomes or long-term value, they may fall short of COFI’s expectations. The Bill explicitly recognises that an institution’s transformation ethos, including its commitment to diversity, equity, and inclusion, is also part of its overall cultural profile. As such, COFI requires that institutions integrate transformation objectives into their governance and operational strategies.

In line with this, Banks and Systemically Important Financial Conglomerates (BSFCAs) are now expected to develop Transformation Plans, which must align with the Financial Sector Code. These plans are reviewed as part of their conduct supervision, reinforcing the link between cultural integrity, inclusive leadership, and responsible financial service delivery.

5. Fair Customer Treatment & Transparency

5.1 Treating Customers Fairly (TCF) as Enforceable Policy

One of the most significant reforms introduced by the COFI Bill is the formal elevation of Treating Customers Fairly (TCF) from a voluntary, aspirational framework into an enforceable regulatory requirement applicable to all FSPs. Under previous regulatory regimes, TCF principles guided firms to act in their customers’ best interests but were often seen as guidelines rather than strict rules. COFI transforms this approach by embedding the six TCF outcomes directly into law, making them legally binding across the entire financial sector.

The six TCF outcomes encompass key aspects of the customer journey and product lifecycle:

• Fair treatment at product design and approval: Products and services must be developed with a clear understanding of target customers’ needs, ensuring suitability and affordability.
• Clear, transparent information: Customers must receive information that is simple, understandable, and honest to enable informed decisions.
• Appropriate advice and support: Where advice is provided, it must be suitable and tailored to individual customer circumstances.
• Effective product delivery and post-sale service: Institutions must ensure products are delivered as promised and provide ongoing support and assistance.
• Fair complaint handling and redress: Complaints must be addressed promptly, fairly, and transparently, with accessible mechanisms for resolution.
• Customer outcomes monitored and improved: Firms must continually assess whether customers achieve intended outcomes and take corrective action where necessary.

By making these outcomes legally enforceable, COFI imposes clear accountability on FSPs to embed customer-centric practices into their governance, operations, and culture. Failure to meet these standards may lead to enforcement actions, fines, or licence restrictions.

This shift from aspiration to obligation signals a profound change in market conduct supervision, prioritising customer protection, transparency, and fairness at every stage of the financial product lifecycle.

5.2 Product Design & Communication

Under the COFI Bill, product design and communication are no longer viewed as separate from conduct obligations; they are central to delivering fair customer outcomes and are now subject to strict regulatory scrutiny. FSPs will be required to adopt a far more deliberate and evidence-based approach to how they develop, approve, and market their products and services.

At the heart of this requirement is the need for a documented product-appropriateness analysis. This means that before launching any financial product or service, an FSP must demonstrate that it has undertaken a thorough assessment of the target market’s needs, financial literacy, risk profile, and affordability constraints. The product must clearly serve a legitimate need and provide value for money, without exposing customers to unnecessary complexity or risk.

Furthermore, FSPs must ensure that all marketing materials, customer communications, and disclosures are fair, balanced, and easy to understand. This includes eliminating misleading language, exaggerations, or hidden conditions. The product’s features, costs, limitations, and associated risks must be presented in a way that allows customers to make informed decisions; an essential requirement under the Treating Customers Fairly (TCF) framework, now embedded in law under COFI.

Additionally, firms must have clear product mandates, defining who the product is designed for, how it should be sold, and what advice (if any) must accompany it. This helps avoid mis-selling and ensures that products are distributed in ways that match their original intent.

Importantly, product performance and customer outcomes must be monitored post-sale, with data collected to identify where the design or distribution is failing to meet expectations. If shortcomings are found, remedial action is required.

This comprehensive approach to product governance reinforces the principle that fair treatment must start long before a sale is made and continue thereafter.

5.3 Omni‑CBR Reporting

A cornerstone of the FSCA’s proactive supervision strategy under COFI is the introduction of Omni-Conduct of Business Returns (Omni-CBR) – a structured, standardised reporting mechanism aimed at enhancing off-site conduct monitoring. This framework will require FSPs to submit regular, detailed data returns that reflect their day-to-day business practices and customer interactions.

Unlike traditional compliance reporting, which often focuses on high-level or financial metrics, the Omni-CBR focuses specifically on conduct risk indicators. These include, but are not limited to, data on complaints volumes and resolution times, policy lapse and cancellation rates, customer churn, sales trends, declined claims, and product performance mismatches. Such metrics serve as early warning signs of potential mis-selling, unfair treatment, or product unsuitability.

By collecting and analysing this data across the industry, the FSCA aims to identify systemic issues and emerging risks before they result in widespread consumer harm. The Omni-CBR also enables comparative benchmarking, allowing the FSCA to detect outlier behaviours and conduct targeted supervisory interventions.

FSPs must therefore develop the internal capacity to capture, analyse, and report accurate conduct-related data consistently. The Omni-CBR regime reinforces the need for data-driven governance, transparency, and ongoing oversight of the customer experience. Furthermore, this enables rapid FSCA intervention.

6. Implications by FSP Type

6.1 Banks, Insurers, Asset Managers & Credit Providers

Under the COFI Bill, traditional financial institutions such as banks, insurers, asset managers, and credit providers will be subject to an enhanced and more integrated market conduct regime. A key requirement is that all institutions engaging directly with customers (including banks and payment service providers) must obtain a Conduct Licence from the FSCA, even if they already hold a prudential licence from the South African Reserve Bank (SARB). This marks a significant shift, as some entities previously operated with limited or indirect conduct oversight from the FSCA.

The goal is to ensure that any institution offering products or services to retail or institutional clients does so in a way that aligns with COFI’s principles of fairness, transparency, and accountability. Banks, for example, must demonstrate compliance in areas such as fee disclosure, product suitability, complaint handling, and fair lending practices. Payment providers that interact with end-users, such as mobile wallet operators or embedded finance platforms, must also ensure that user terms are clear and consumer risks are managed.

Importantly, COFI promotes coordinated supervision between the FSCA and SARB, with both regulators sharing responsibilities depending on the risk and function involved. This joint oversight ensures that governance frameworks, remuneration policies, and operational conduct meet both prudential and market conduct expectations.

6.2 Retirement Funds & Administrators: Heightened Scrutiny and Employer Accountability

The retirement fund industry will experience a substantial shift in regulatory oversight under the COFI Bill and the forthcoming Retirement Funds Act (RFA), which replaces the existing Pension Funds Act. These reforms introduce a dual licensing regime, where retirement funds and their administrators will be subject to both prudential and market conduct licensing. This means that, in addition to ensuring financial soundness, these entities must now comply with enhanced conduct standards enforced by the FSCA.

A major focus of COFI’s conduct framework is on improving trustee governance, fund transparency, and employer accountability. Trustees will be expected to meet elevated fit-and-proper standards, with clear duties relating to oversight, decision-making, and member protection. Importantly, the FSCA will increase scrutiny of issues such as the non-remittance of contributions by employers; a long-standing problem that undermines retirement savings and fund sustainability.

Under the RFA, employers themselves will be subject to direct regulatory oversight. This marks a major development, as contribution failures, previously addressed mainly through fund-level interventions, will now result in enforcement actions and sanctions against the defaulting employers. This includes potential penalties, license implications (where applicable), and referral to other authorities.

Together, COFI and the RFA aim to strengthen governance, improve member outcomes, and close systemic loopholes that have historically exposed retirement fund members to unnecessary risks.

6.3 Financial Advisors & FSP Licensees

The retirement fund industry in South Africa is poised for a major transformation under the implementation of the COFI Bill and the upcoming Retirement Funds Act (RFA), which will replace the current Pension Funds Act. These two legislative reforms introduce a dual licensing regime, requiring both prudential and market conduct licences for retirement funds and their administrators. This means that retirement entities will no longer be judged solely on financial soundness; they must also demonstrate full compliance with the FSCA’s enhanced conduct standards.

Key areas of focus include strengthened trustee governance, greater fund transparency, and robust oversight of employer obligations. Trustees will be held to higher fit-and-proper standards, with explicit duties to protect fund members and ensure ethical oversight. Crucially, the FSCA will now directly supervise employer conduct, particularly regarding the timely remittance of contributions. Under the RFA, employers may face regulatory sanctions, including penalties and referrals, if they default, closing a major gap in accountability.

Together, COFI and the RFA aim to elevate trust, integrity, and outcomes in the retirement sector.

7. FSCA Readiness & Contingency Strategy

7.1 Implementation Timeline and Transitional Planning

The implementation of the COFI Bill is progressing through its final preparatory stages. The Bill has successfully received clearance from the Chief State Law Adviser, a key legal milestone confirming its constitutional and legal validity. The next step is formal submission to Cabinet, followed by tabling in Parliament, which is expected to occur between Q1 and Q2 of 2025. Once tabled, the Bill will proceed through the legislative process, including public hearings and parliamentary deliberations.

Promulgation of the final COFI Act is currently anticipated between late 2026 and 2028, depending on parliamentary processes and stakeholder alignment. In the interim, the FSCA will continue laying the groundwork for implementation using powers under the existing Financial Sector Regulation Act (FSRA), allowing for a phased and risk-based rollout.

A significant challenge during this period is the licensing conversion of over 12,500 FSPs. The FSCA is undertaking internal system redesigns, license mapping exercises, and development of new licensing forms to support phased migration across different industry segments.

To support industry readiness, the FSCA will continue its programme of stakeholder engagements, including roadshows, workshops, and public consultation forums throughout 2025, offering guidance, clarifying expectations, and refining implementation protocols through direct feedback from the sector.

8. Preparing for COFI Compliance: Practical Steps for FSPs

To navigate the transition to the COFI regime effectively, FSPs are encouraged to engage early and proactively with the regulatory shift. The first step is to conduct a detailed activity mapping and size-profiling exercise to determine which specific licences will be required under the new activity-based model, and to assess how the scale and complexity of the business will impact compliance obligations. Simultaneously, firms should begin developing or refining transformation policies aligned with the Financial Sector Code, particularly in areas such as ownership, management control, and socioeconomic development.

From a systems perspective, FSPs should plan for licensing system upgrades, including improvements to CRM platforms, document management tools, and compliance tracking. Appointing a dedicated compliance officer and implementing a structured compliance framework will be key.

On the governance front, institutions should expand fit-and-proper checks across their executive and leadership teams and ensure that boards are trained on and aligned with COFI’s conduct standards.

Embedding Treating Customers Fairly (TCF) principles into product governance, staff training, and complaints management is essential.

In preparation for Omni-CBR reporting, FSPs must build internal capacity for data collection, classification, and benchmarking against industry peers.

Lastly, FSPs (especially smaller firms) should actively participate in FSCA workshops, consultations, and working groups, while leveraging industry bodies such as the Financial Planning Institute (FPI) and peer networks for insights, tools, and shared learning.

10. Conclusion: A Strategic Opportunity, Not Just a Compliance Exercise

The COFI Bill represents a fundamental transformation in how market conduct is regulated in South Africa. It shifts the regulatory framework from a largely rules-based, compliance-driven model to one that is outcomes-based, principles-oriented, and customer-centric. Rather than simply prescribing what FSPs must do, COFI focuses on how their actions affect the end consumer, encouraging institutions to align their business models, culture, and governance with sustainable and ethical outcomes.

FSPs are strongly encouraged to view COFI not as a burdensome obligation, but as a strategic opportunity. Embracing the new regime early can unlock multiple long-term benefits. Proactive compliance such as integrating Treating Customers Fairly (TCF) principles, upgrading internal systems, and modernising governance, can help FSPs build deeper client trust, which is a powerful differentiator in an increasingly competitive financial landscape.

Moreover, those that engage early will be better positioned to manage the transition smoothly, avoiding rushed implementations or last-minute regulatory setbacks. The FSCA’s phased approach, supported by industry workshops and licensing guidance, offers ample opportunity for firms to adapt and refine their processes.

Ultimately, COFI presents a chance for FSPs to demonstrate leadership, integrity, and innovation. By placing customers at the centre of business strategy and strengthening internal conduct, firms not only comply with regulation—they future-proof their operations and position themselves for sustainable success in a more transparent, inclusive, and responsible financial services industry.