The impact of TCF and POPI

On Wednesday 9 April the Insurance Institute of Northern Gauteng (IING) held an interactive workshop at the Santam offices in Pretoria on the impact of TCF and POPI on businesses. Wynand Louw, President of the IING, introduced the speakers: Aneesa Bodiat and Desiree Reddy from Norton Rose Fulbright spoke about TCF (Bodiat) and POPI (Reddy) and Mokgadi Sebola spoke about the impact of TCF on SASRIA.

Treating customers fairly

Bodiat said that the principles of TCF reach into everything you do in your business. Consumers don’t always have suitable knowledge about financial products, which causes an information gap between insurers and consumers. She said TCF isn’t just about keeping clients happy, but serves as a framework for the rest of the legislation.

“Brokers – it is your responsibility to make sure customers understand what they are buying,” she said.

The six TCF principles can be downloaded from the FSB’s website. They are:

  1. Customers are confident that they are dealing with firms where the fair treatment of customers is central to the firm culture.
  2. Products and services marketed and sold in the retail market are designed to meet the needs of identified customer groups and are targeted accordingly.
  3. Customers are given clear information and are kept appropriately informed before, during and after the time of contracting.
  4. Where customers receive advice, the advice is suitable and takes account of their circumstances.
  5. Customers are provided with products that perform as firms have led them to expect, and the associated service is both of an acceptable standard and what they have been led to expect.
  6. Customers do not face unreasonable post-sale barriers to change product, switch provider, submit a claim or make a complaint.

Bodiat said the FSB’s guidelines and self-assessment tools are available on their website. She suggested the following plan of action for brokers to make sure that they adhere to the six principles:

  1. Look at the FSB’s check lists and work out if you are compliant.
  2. Create a policy keeping the six principles in mind.
  3. Provide training programmes for employees on TCF and explain why these changes are happening.
  4. Speak to customers, maintain open lines of communication.
  5. Keep a paper trail to prove compliance.

Impact of TCF on SASRIA

Only South African insurance companies registered with the FSB can be part of the South African Special Risk Insurance Agency. SASRIA provides short-term insurance for riots, strikes, terrorism, civil commotion and public disorder to corporate, commercial and individual policyholders.

“We’re having fun towards the elections,” said Sebola, “And mining has always been a big headache for us. Times have changed, we also have claims and reputational risk to think about.”

Sebola said, “A lot of clients face difficulty when they need SASRIA cover.” Customer-centricity is important to SASRIA. Through training and workshops SASRIA aims to ensure that “TCF is embedded in our organisation, and insurers and brokers”.

SASRIA will conduct feasibility studies to make sure the gaps in product to market are filled. With this comes the issue of using simple language. Norton Rose Fulbright has already taken a proactive stance on using plain language in policy documents, with SASRIA not far behind. “We must make sure the literature is understandable,” she said, especially when it comes to benefits, risks, limitations and exclusions of a product.

A member of the audience expressed concern at this point about the possibility of educating a largely uneducated consumer base. “How do we educate them?” he asked. “How do we close this gap?”

Suzette Strydom from the South African Insurance Association (SAIA) was present in the audience and said, “We need to view TCF from a positive angle. We can use TCF to enhance the value we add to the industry.”

She said the National Treasury has established a working group for each of the six TCF outcomes, and are developing key documents and analysing words that could be problematic in policies.

Are all TCF outcomes equal? Strydom said if the first outcome is embedded in your system, the rest will follow easily. She encouraged brokers to tell the FSB what they are struggling with and what their challenges are in the implementation of these principles.

Protection of Personal Information

“Everyone needs to ensure their personal information is protected,” said Reddy. POPI was signed into law in November 2013, but the commencement date hasn’t been decided yet. Once commenced, companies will have one year to comply.

The eight principles of POPI are:

  1. Accountability
  2. Process limitations
  3. Purpose specifications
  4. Further process limitations
  5. Information quality
  6. Openness
  7. Data subject participation
  8. Retention standards

POPI restricts the cross border transfers of information, except is special circumstances. Information may be transmitted across borders if the receiving country, for example the UK, has a data protector of the same standard as South Africa.

Once POPI starts, the information regulator (yet to be announced) will provide education, maintain and enforce compliance, consult with interested parties, handle complaints, develop and maintain codes of conduct and facilitate cross-border flows of information.

How does POPI apply to your business?

Reddy said most businesses are already complying with POPI, and there are three things they should do to determine if they are on the right track.

  1. What information does my business currently hold?
  2. How am I using this information? Am I collecting it, storing it, or processing for business requirements? Who has access to the information? Consider the entire life cycle of the information.
  3. What now? This is the preparation stage where businesses see the short-falls and take steps to address them. This is a difficult step, said Reddy, because no one will give you a check list as no business is the same.

There are, however, things to consider:

  • Are you collecting more information than you need? Why?
  • Is your record management process effective? How do you destroy information? Do you use a shredder, or just put it in the trash?
  • Conduct staff training sessions to explain the why and how of compliance.
  • Make sure you have IT policies and systems in place, especially if you outsource your IT needs. How many third party vendors do you use? Do they have data protection systems in place? It is up to your business to make sure the third party vendor has the same standard of data protection as your business.

Reddy said businesses are required to tell clients in the case of a data protection breach.

Visit the IING website for more information on workshops and presentations. For photographs of the day, visit our Facebook page.

Written by Annetjie van Wynegaard