The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Discover the best professional documents and content resources in AnyFlip Document Base.
Published by johannessa, 2019-07-03 01:47:29

Compliance Policy approved 13.08.2015

Compliance Policy approved 13.08.2015







Policy Title: I Compliance Policy

Version: 2
Legislation: Constitution of the Republic of South Africa, 1996;
Prevention and Combating of Corrupt Activities Act, No. 12 of 2004;
Related Codes and Promotion of Access to Information Act, No. 2 of 2000;
other documents: Protected Disclosures Act, No.26 of 2000;
Protection of Personal Information Act, No.4 of 2013;
Related Policies: Public Finance Management Act, No. 1 of 1999; and
Road Accident Fund Act, No. 56 of 1996.

Board Audit Committee Mandate;
Board Risk Committee Mandate;
Chairperson Committee Mandate;
Compliance Institute of South Africa's Generally Accepted Compliance
Practice (GACPF);
Compliance Process Documents;
Compliance Manual;
Compliance Methodology;
Executive Committee Mandate;
ISO 31000:2009 (Risk Management: Principles and Guidelines);
OPSIT Committee Mandate;
King Report on Corporate Governance for South Africa 2009 (King Ill Report);
Remuneration and Human Resources Committee Mandate; and
Risk Management and Ethics Committee Mandate.

Code of Conduct;
Code of Ethics;
Compliance Charter/Framework;
Delegation of Authority and Approval Framework;
Policy Management Framework; and
Risk Management Framework.

Policy Owner: I~ Chief Strategy Officer

Responsible Senior Manager: Compliance
Person: Manager: Compliance

Contact Officer:

Approval Board (Category A)
Authority: 12 months

Review Period:




1. Abbreviations

1.1 ACNC: refers to Adverse Consequences of Non-Compliance.
1.3 CEO: refers to Chief Executive Officer.
1.5 CSO: refers to Chief Strategy Officer.

1.6 EXCO: refers to Executive Committee.
1.8 GACPF: refers to the Compliance Institute of South Africa's Generally Accepted Compliance
1.10 Practice Framework.

GM: L·CRD: refers to the General Manager: Legal, Compliance and Regulation Department.

OPSIT: refers to Operations and IT Committee.

PFMA: refers to the Public Finance Management Act, No. 1 of 1999.

RAF: refers to Road Accident Fund.

RMEC: refers to Risk Management and Ethics Committee.

2. Definitions

2.1 Adverse Consequences of Non-Compliance: means and includes regulatory fines, penalties,
2.2 sanctions, operational or financial losses, as well as harm to reputation and image.
2.3 Board: means the Board of the Road Accident Fund and its committees.
2.4 Code: means a statement of recommended practice developed internally by RAF or externally by
2.5 another body (may be mandatory or voluntary).
Compliance: means adherence to laws, regulations, rules, standard operating procedures, policies,
2.6 Codes of conduct and managing conflicts of interest.
2.7 Compliance Function: means an independent function, headed by the Head of Compliance and which
endeavours to adhere to GACPF principles. The function is responsible for the identification,
2.8 assessment, monitoring, advice, facilitation and assistance with the remedying of Compliance Risks.
This function is also responsible for the investigation of non-Compliance issues and customer
2.9 complaints.
2.10 CompUance Framework: means the RAF Compliance Framework setting out the key Compliance
principles and standards, as approved by the RMEC.
Comp:liance Processes: means the current specific processes , guides, templates and practices issued
in relation to various aspects of the Compliance methodology, the Compliance Policy and the
Compliance Framework.
Compliance Risk: means the risk of legal or regulatory sanc~ions, financial loss or loss to reputation,
the RAF may suffer as a result of its failure to comply with laws, rules, regulations and standard
operaNng procedures, policies and Codes of conduct applicable to the organisation.
Head of Compliance: means the Senior Manager: Compliance.
Independence: means the extent to which mechanisms have been put in place to minimise or avoid
potential conflicts of interest that may exist. This independence will require the following:

2.10.1 The Compliance Function's powers, authority and purpose are well defined in the Compliance
2.1 0.2 A permanent structure for the function reporting functionally to the governance structures of
the institution.
2.10.3 Adequate resources (Personnel, skills, qualifications and budget).
2.10.4 Clearly defined roles and responsibilities with no conflicting interests.


2.1 0.5 ~
2.1 0.6 Road

The Compliance Function is given access to all information and to Personnel, necessary to
carry out its responsibilities.
Good relationship between management and the Compliance management function.

2.11 Personal Information: means information relating to an identifiable, living, natural person, and where it
is applicable, an identifiable, existing juristic person , including, but not limited to:

2.11 .1 Information relating to the race, gender, sex, pregnancy, marital status, nationality, ethnic or
social origin , colour, sexual orientation, age, physical or mental health, well-being, disability,
2.11.2 religion, conscience, belief, culture, language and birth of the person;
2.1 1.3 Information relating to the education or the medical, financial, criminal or employment history
2.11.4 of the person ;
2.11 .5 Any identifying number, symbol, e-mail address, physical address, telephone number, location
2.11.6 information, online identifier or other particular assignment to the person;
The biometric information of the person;
2 .11. 7 The personal opinions, views or preferences of the person;
2.1 1.8 Correspondence sent by the person that is implicitly or explicitly of a private or confidential
nature or further correspondence that would reveal the contents of the original
The views or opinions of another individual about the person; and
The name of the person if it appears with other personal information relating thereto.

2.12 Personnel: means and includes any employee, agent, consultant, contractor, independent contractor or
other representative of the RAF.

2.13 Regulatory Requirements: means the statutory, regulatory and supervisory requirements, together
with industry Codes and best practice guidelines (collectively).

3. Policy Statement

3.1 RAF recognises its accountability to all its stakeholders under the Regulatory Requirements applicable
to its business and is committed to high standards of integrity in the conduct of its business. The Board
is ultimately responsible to its stakeholders for overseeing Compliance and through the Compliance
Function, ensures effective and efficient Compliance Management.

3.2 It is recognised that Personnel in their personal capacities, as well as the RAF itself, could potentially be
exposed to ACNC. It is important that they understand their responsibilities and exposures in this regard
if they do not comply with Regulatory Requirements.

3.3 Good governance and corporate social responsibility form an integral part of Compliance standards. At
the core of these efforts are integrity issues and the reputation risk the RAF faces in its activities. To
manage these issues the RAF established an independent Compliance Function, which operates in
accordance with approved governance frameworks.

4. Purpose

4.1 The purpose of this policy is to set out the RAF's commitment to complying with applicable Regulatory




4.2 The accounting authority of an institution must have and maintain effective, efficient, and transparent
systems of financial and risk management and internal control. In addition to this , the accounting
authority must not on ly comply with the provisions of the PFMA, but must also com ply with any other
legislation relevant and applicable to the RAF.

5. Objectives

5.1 The objectives of this policy are to:

5.1.1 ensure the RAF complies with Regulatory Requirements;
5.1.2 embed and maintain a culture of Compliance;
5.1.3 facilitate the effective management of Compliance management within the RAF;
5.1.4 improve proper corporate governance within the RAF;

6. Scope of Application

6.1 This policy applies to all Personnel and the Board.
6.2 This policy must be applied to all Regulatory Requirements that are applicable to the RAF.

7. Policy Content

7.1 Compliance Principles and Standards

7.1.1 Regulatory Requirements have various sources including primary legislation issued by
7.1.2 legislators, Codes of practice, and internal Codes of conduct applicable to Personnel.

The Compliance Function must follow the GACPF principles and standards as well as the
principles contained in the King Report on Corporate Governance for South Africa 2009 (King
Ill Report).

7.2 Basic Principles concerning Compliance

7.2.1 Compliance starts at the top and shall be part of the culture of the RAF.
7.2.2 The Board , EXCO, RMEC , REMCO, OPSIT, all committee chairpersons and senior
management shall lead by example.
7.2.3 The Compliance Function must be an integral part of the RAF business activities.
7.2.4 The identification of Compliance Risk, its assessment and appropriate risk response shall be
elements to consider in any due diligence process.
7.2.5 Management is responsible for ensuring adherence, communication and implementation of
this policy.
7.2.6 Compliance shall be the responsibility of all Personnel.

7.3 Independence and Authority

7.3.1 In order for the Compliance Function to be effective, it must be:



Fund sufficiently independent of business activities to be able to discharge its
responsibilities objectively; and granted the appropriate authority and status to operate effectively.

7.3.2 The Head of Compliance must not be engaged in any other business of the RAF which could
7.3.3 create a conflict of interest.
The Compliance Function must have unrestricted access to all information and to Personnel,
7.3.4 necessary to carry out its responsibilities. To provide for the Independence of the Compliance
Function, the Head of Compliance reports to the GM: LCRD who ultimately reports to RMEC
7.3.5 on functional Compliance Risk matters.
Independence does not, however, prevent a functioning co-operative working relationship with
other business units and other assurance providers (as part of a combined assurance
framework) in the RAF, including Internal Audit.
The Compliance Function is subject to independent review in accordance with GACPF.
The Compliance Function has unfettered access to the Board and its Committees, and shall
report any breaches, or non-Compliance with this policy or any other relevant policy, rules and
regu lations. This means that the Compliance Function must be able to carry out its functions
on its own initiative without obstruction and fear of retaliation.

7.4 Reporting

Compliance reporting must be done in accordance with the content, format, timelines and other
requirements set out in the current compliance process for reporting.

8. Roles and Responsibilities

8.1 The Board:

8.1.1 Has a duty, through the Compliance Function, to ensure Compliance within the RAF;
8.1.2 Must ensure, through the Compliance Function, that the Compliance management process is
implemented within the RAF (including the monitoring of Compliance with legislative
8.1 .3 requirements);
8.1.4 Must ensure through the Compliance Function that an appropriate policy is in place and that
Compliance Risks are managed appropriately; and
Must ensure through the Accounting Officer that the Compliance Function is adequately
resourced .

8.2 EXCO shall:

8.2.1 Report to the Board on matters relevant to this policy and the status and efficiency of its
8.2.2 implementation at least once a year (including , but not limited to the achievement of
Compliance-related objectives, the human and technical resources needed to achieve these
objectives, the main risks detected by the Compliance Function and the corrective action
taken and preventive measures to mitigate these Compliance Risks;
Report promptly to the Board on any material breaches of Regulatory Requirements; and


8.2.3 Road


Define the governing rules setting out sanctions applied in cases of breach of Compliance,
and apply such sanctions where relevant.

8.3 Management shall

8.3.1 Comply with this policy;
8.3.2 Communicate this policy effectively throughout all levels of the organisation ;
8.3.3 Implement the contents of this policy;
8.3.4 Integrate the policies or procedures that have been designed to ensure adherence to the
relevant Regulatory Requirements into the day to day activities of the business; and
8.3.5 Report to the senior management on the management of Compliance Risk in accordance with
the policy.

8.4 Compliance Function shall :

8.4.1 Comply with this policy;
8.4.2 Be responsible for the identification and assessment of Compliance Risks;
8.4.3 Advise on , facilitate, assist and remedy Compliance Risks;
8.4.4 Be responsible for the investigation of non-Compliance issues and customer complaints;
8.4.5 Advise management of Regulatory Compliance matters and practices on Compliance issues;
8.4.6 Provide training on Compliance issues in order to raise awareness of integrity issues and
business ethics by arranging seminars as needed;
8.4.7 Act as a contact point for Compliance queries from Personnel;
8.4.8 Recommend and comment on policies, guidelines, management directives , rules and
procedures in terms of Compliance issues;
8.4.9 Monitor Compliance with the internal policies, procedures and guidelines relating to
Compliance, including testing and checking the functionality, efficiency and adherence of
8.4.10 established policies;
Liaise and coordinate with internal and external functions in matters of Compliance and
8.4.11 management of Compliance Risks;
Conduct Compliance activities in all business units and regions as envisaged in the annual
8.4.12 Compliance Plan and on its own initiative;
8.4.13 Investigate and report non-Compliance;
8.4.14 Assist and support the Board and management to discharge their Compliance responsibilities;
8.4.15 Develop and maintain the Compliance Framework for approval by the Board;
8.4.16 Develop the Compliance methodology and supporting Compliance Processes;
8.4.1 7 Update the Compliance policy to ensure its on-going relevance; and
Independently monitor and report on controls around Regulatory Requirements and
Compliance levels.

8.5 RAF Personnel

8.5.1 All Personnel must, in respect of their respective areas of responsibility, comply with this
8.5.2 policy.
All Personnel must report all issues of non-Compliance to the Compliance Function.



9. Protection of Personal Information

9.1 Personnel must at all times ensure that Personal Information is protected, secured and processed
(collected, used, stored, distributed, modified, destroyed and, or, deleted) in a manner that does not
infringe the common-law or statutory rights of individuals.

9.2 Personnel shall also comply with, amongst others, the Code of Ethics, Code of Conduct, Internal and
External Communication Policy, Compliance Policy, Promotion of Access to Information Policy and
Protection of Personal Information Policy once implemented.

10. Non-Compliance

Non-Compliance with this policy or any applicable regulatory requirement through any deliberate or negligent
act or omission, including allowing any Personnel, either expressly or impliedly, not to comply with this policy
or any applicable regulatory requirement, will be considered serious and will be dealt with in terms of the
RAF's disciplinary policies and procedures.

11. Policy Effective Date

This policy comes into effect on the date when approval of this policy is communicated to RAF staff via e-mail,
provided that if the e-mail communication does not fall on a business day then the policy comes into effect on
the first business day following the date on which the e-mail communication was sent.

12. Policy Management and Review

This policy shall be managed and reviewed in accordance with the RAF's Policy Management Framework and
Policy Management Standard Operating Procedure.




13. Approval

The signatory hereof, duly authorised in terms of the Road Accident Fund Delegation of Authority and
Approval Fra mework, approves this Category A policy.


Name and Dr N Bhengu
surname: Chairperson RAF Board




Mabatho Moremi Communications < [email protected] >
17 August 2015 11:56 AM
From: [email protected]
Management Directive



Dear Colleagues
Please click on the link provided to access new Management Directive for your information.

Management Directive and Communication - Approved Compliance Policy

Kind regards
Johannah Mahwayi






........................... .. .. ............................................................................................................................................................................ ................... .........................
From Senior Manager: Regulation

Subject Approved Compliance Policy


Date 17 August 2015 Pages 1

Rec ipient Exec. GM SM M Non-M All
Purpose Noting

Message Kindly take note that the Board, per the delegation in the DOA, has approved the
Content Compliance Policy.

Required The Compliance Policy facilitates the effective management of compliance
Outcome management with in the RAF.
Staff must familiarise themselves and adhere to the approved Compliance Policy which
Required will be published on RAFZI N on the Policies page under Strategy Risk and
Actions Compliance.
Further Adherence to the approved Compliance Policy.
Required None

Due Date Immediately

Required None
Reporting Senior Manager: Compliance


Centurion 420 Witch-hazel Avenue Eco Glades 2 Centurion

Private Bag X17B Centurion 0046 T +2712 6211879 f +2712 6211640
w w w.r a f .c o. za

Dr NM Bhengu (Chairperson), Mr 0 Coovad1a (Vice Chairperson), Mr LED Hlatswayo, Ms KLN Linda , Mr TP Masobe,
Ms R Mokoena, Mr AM Pandor, Adv OS Qocha. Mr OK Smith, Ms A Steyn , Mr Tenza (Director-General's Representative)

Click to View FlipBook Version