How to comply with the new Beneficial Ownership Register Legislation for Companies and Trusts
- BACKGROUND: The Financial Action Task Force (FATF) is an intergovernmental body that develops and promotes policies to protect the global financial system. The FATF identified certain areas of deficiency in South Africa that had the effect of South Africa being grey-listed in March 2023. One of the areas of strategic deficiencies identified by the FATF requires South Africa to ensure that competent authorities have timely access to accurate and up-to-date Beneficial Ownership information on legal persons and arrangements. South Africa’s grey listing by the Financial Action Task Force (FATF) earlier this year and the subsequent passing of the General Laws (Anti-Money Laundering and Combating Terrorism Financing) Amendment Act 22 of 2022, resulted in amendments to the Companies Act, among others. The changes to the Companies Act mean that company directors are now obliged to implement a detailed beneficial ownership register for their companies and submit the register to the Companies and Intellectual Property Commission (CIPC), along with a list of supporting documents. The Beneficial Ownership Register must be kept up-to-date and verified annually.
2. WHO IS A BENEFICIAL OWNER: The beneficial owners of a company must be identified, their information collated and a register containing this information must be filed with CIPC. A “beneficial owner” in respect of a company, means an individual/natural person who directly or indirectly, ultimately owns 5% or more of that company, or exercises effective control of that particular company, including through:
- The holding of “securities” (shares)
- Voting rights
3. WHO WILL HAVE ACCESS TO THE REGISTER: The register of Beneficial Owners will not be accessible to the public but will be available exclusively to law enforcement agencies and to SARS as well.
4. WHAT ARE THE DEADLINES:
- Entities incorporated before 24 May 2023 will be required to file the records of their Beneficial Interest Register as part of their Annual Returns filing process from 24 May 2023, the date of publication of the final Amended Companies Regulations.
- Entities incorporated after 24 May will be required to file the records of their beneficial ownership within 10 days after incorporation.
IN SHORT;
ENTITIES WITH ANNUAL RETURN DATE JANUARY TO END OF MAY- IMMEDIATELY
ENTITIES WITH ANNUAL RETURN DATE JUNE TO DECEMBER- ON ANNUAL RETURN DATE
NEW ENTITIES REGISTERED AFTER 23 MAY 2023- 10 DAYS AFTER REGISTRATION
5. THE PROCESS FOR COMPANIES: Companies must submit their disclosure registers and any supporting documents online to CIPC. The information must be filed by any person who has been designated in writing by the company to file the information on its behalf. The filer must simultaneously present the written mandate authorizing them to file the information. The following information will be required:
- Mandate for us to lodge. (We will prepare the mandate for the company to sign)
- Applicable director’s or shareholder’s approvals and declarations. (We will prepare)
- Director/Shareholder’s certified copy of ID
- Date of issue of ID document (NB)
- SARS Income Tax number of Director/Shareholder
- Copy of Share Register and/or
- Copies of share certificates.
- Director contact details at CIPC must be up to date. (If director details need to be updated with CIPC, a COR39 submission must be made)
6. NON-COMPLIANCE CONSEQUENCES: Non-compliance may result in fines and/or imprisonment for the responsible individuals, including the accountant/auditor. CIPC has various enforcement measures at its disposal as well, including declaring a director as delinquent, imposing penalties on the company, and obtaining a court order to ensure compliance. Trustees of trusts that fail to comply may face fines of up to R10 million and/or prison terms of up to 5 years.
7. THE PROCESS FOR TRUSTS: The Master’s Office has introduced a reporting system for all trusts to disclose their Beneficial Ownership structure. The official deadline has been announced, 1 April 2023. The reporting process for trusts is relatively simpler, but the information required is more comprehensive. Over and above beneficiary details the trustee details, as well as the Trust’s incorporator’s details, must also be reported. We will provide you with a schedule to complete the required information. We will then cross-check it against our records and engage with you if any discrepancies arise before submitting it to The Master’s Office.
8. COSTS OF SUBMISSIONS:
- Companies: The cost for submitting Beneficial Ownership information for each company is R2960-00, assuming all beneficial owners and directors are natural persons. For more complex ownership structures, a separate quote will be provided.
- Trusts: The cost for submitting Beneficial Ownership information for each trust is R2,000-00 for trusts with up to three Trustees. For more complex ownership structures, a separate quote will be provided.
Please note that submissions will be processed on a first-come, first-served basis, and it is essential to adhere to the deadlines. Should you wish for us to proceed, please confirm this via email as soon as possible.
Leon@tradelegal.co.za
POPIA: HAVE YOU APPOINTED AN INFORMATION OFFICER?
So, you have missed the POPIA deadline…all is not lost…if you act NOW!
Yes, the due date for POPIA Compliance was midnight, 1 February 2022.
We can assist you with becoming POPIA compliant and stay compliant by adhering to the rules of the Information Regulator. We have developed a questionnaire to assist you with your compliance assessment and, once we have the information, we prepare and generate all compliance documents on your behalf;
- Consolidated POPIA Compliance Documents prepared;
- “POPIA Awareness and Training” manual
- Information Officer Appointment Letter
- Password Policy
- Customer Consent Agreement
- Employee Consent Agreement
- POPIA Compliance Assessment
- Bring own Device Privacy Policy
The cost of the package is R2450-00 per entity.
PLEASE E-MAIL OUR COMPLIANCE SPECIALIST FOR MORE INFORMATION; LEON@DRDCONSULTING.CO
POPIA EXPLAINED
The Protection of Personal Information Act (POPIA) is South Africa’s data protection law. This is a summary or short explanation of why it is important, who it affects, what the timeline is, and what action you should take. This article also provides you with links so you can read further on the Protection of Personal Information Act.
Why do we need the Protection of Personal Information Act?
Essentially, the purpose of the Protection of Personal Information Act (POPIA) is to protect people from harm by protecting their personal information. To stop their money being stolen, to stop their identity being stolen, and generally to protect their privacy, which is a fundamental human right.
To achieve this, the Protection of Personal Information Act sets conditions for when it is lawful for someone to process someone else’s personal information.
Who are the Role Players?
The Protection of Personal Information Act (POPIA) involves three parties (who can be natural or juristic persons):
- The data subject: the person to whom the information relates.
- The responsible party: the person who determines why and how to process. For example, profit companies, non-profit companies, governments, state agencies and people. Called controllers in other jurisdictions
- The operator: a person who processes personal information on behalf of the responsible party. For example, an IT vendor. Called processors in other jurisdictions.
The Protection of Personal Information Act places various obligations on the responsible party, which is the body ultimately responsible for the lawful processing of personal information. Responsible parties should only use operators that can meet the requirements of lawful personal information processing prescribed by the Protection of Personal Information Act.
Who is affected?
Any natural or juristic person who processes personal information, including large corporates and government. The data protection laws of many other countries exempt SMMes, but not currently in South Africa.
What steps will you have to take to comply?
Responsible parties will have to take various steps to comply. For example:
- Appoint an Information Officer.
- Draft a Privacy Policy.
- Raise awareness amongst all employees.
- Amend contracts with operators.
- Report data breaches to the regulator and data subjects.
- Check that they can lawfully transfer personal information to
- other countries.
- Only share personal information when they are lawfully able to.
What are the Penalties for Non-compliance?
There are essentially two legal penalties or consequences for the responsible party:
- A fine or imprisonment of between R1 million and R10 million or one to ten years in jail.
- Paying compensation to data subjects for the damage they have suffered.
It is very unlikely that anyone will go to jail and the fines are small compared to other jurisdictions. The other penalties include:
- Reputation damage
- Losing customers (and employees)
- Failing to attract new customers
But your main motivation for complying with the Protection of Personal Information Act (POPIA) should be to protect people from harm.
POPI ACT 37067_26_11_Act4of2013ProtectionOfPersonalInfor_correct The Popi Act.pdf Size : 388.811 Kb Type : pdf |
|
POPI Final_Regulations_2018.pdf Size : 889.305 Kb Type : pdf |
|