Intermediaries have less than two weeks left to influence one of the most significant regulatory developments headed their way: the Financial Sector Conduct Authority’s OMNI-Risk Return.
Sam Williams (pictured), the head of legal and regulatory affairs at the Financial Intermediaries Association of South Africa (FIA), urged the industry to make its voice heard before the consultation window closes on 30 November.
At InsureTalk Live 2025 on 13 November, Williams said only intermediaries themselves truly understand the practicalities, system limitations, and business realities the Return will impose.
“Only you know what data you have in your business and what impact this is going to have on you and how much money you may need to spend on system development,” she said.
Williams emphasised that the FSCA will rely heavily on the information collected through the Return to shape future conduct oversight, benchmarking, and enforcement priorities. According to her, the consultation phase is the sector’s opportunity to ensure that the requested data is reasonable, appropriate for different business models, and aligned with what intermediaries already track internally.
The good news, she said, is that the Return is far less demanding than anything that came before. Quarterly submissions shift to annual submissions; sprawling sections have been streamlined; and the structure aligns more closely with how businesses already manage governance, risks, and operations.
From OMNI-CBR to OMNI-Risk
The FSCA released the draft OMNI-Risk Return and explanatory guide on 30 September under FSCA Communication 19 of 2025, with public consultation running from 1 October to 30 November.
Read: FSCA opens consultation on draft OMNI-Risk Return
The Risk Return replaces the OMNI-Conduct of Business Return (OMNI-CBR).
Williams said the regulator realised it needed a more holistic view of conduct risk, governance, resilience, operational soundness, customer outcomes, and institutional stability across the financial services ecosystem.
“The FSCA will use this data to assess risk, identify emerging problems before they explode, benchmark you against your peers, and if things go sideways, it’ll inform their enforcement priorities,” she said.
Although the volume of data is undeniably greater, Williams noted it is still “much better than what was proposed in the OMNI-CBR” and more aligned with actual business processes.
“If you’re not tracking governance effectiveness, customer segmentation, asset allocation times, and complaints patterns, you’ve got far bigger problems than completing this Return.”
Whistlestop tour of the 12 sections
In her presentation, Williams offered what she called a “whistlestop tour” of the 12 sections that make up the OMNI-Risk Return – not as a checklist, but as a window into the Authority’s thinking and the areas where the FSCA is likely to probe most deeply.
At its core, the Return paints a complete picture of who an entity is, how it operates, and where risks might be hiding. It starts with the fundamentals: ownership structures, group affiliations, and shared services arrangements. Williams noted that this is where issues such as opaque ownership, informal outsourcing arrangements, or reliance on offshore parents in vulnerable jurisdictions tend to surface.
From there, the focus shifts to geography and footprint – not just where a licence is held, but where an activity happens. Rapid expansion into new regions or operating in jurisdictions with high crime or money-laundering/terrorism financing (ML/TF) exposure will inevitably draw attention.
Governance is one of the most substantial parts of the Return, and Williams said this where the FSCA is likely to find the most telling signals. Concentrated power in a single individual, thin or inexperienced boards, a compliance function without real authority, or remuneration structures that reward volume ahead of conduct all place a firm squarely in the regulator’s line of sight. Even claims patterns, she said, can disclose governance weaknesses that are not immediately obvious on paper.
Customer dynamics – from segmentation to ML/TF exposure – form another important layer. Sudden shifts in customer profiles, high concentrations in a single income band, or even an inability to say with confidence how many active customers a business has raise questions about systems and oversight.
Similarly, the handling of customer assets is a critical concern. Unclaimed assets, arrear contributions, slow movement of funds or poor visibility over cross-border exposures all point to operational or governance strain.
The Return also delves into how entities reach their customers, looking at distribution channels and the risks associated with each. Heavy reliance on a single channel or on distribution forces with weak controls can be a vulnerability.
The FSCA is increasingly attentive to how products are acquired and how – and why – they are lost. High termination rates, cancellations clustered in particular customer groups, or institution-driven terminations can all be indicators of deeper conduct issues.
Advertising, too, is part of the supervisory lens, and firms with a history of complaints or those that lean heavily on aggressive marketing channels may find themselves subject to closer scrutiny.
Complaints management forms another rich source of insight for the Authority. Rising complaint volumes, recurring themes, or unresolved issues point to systemic failures, not surface-level irritation.
The Return also tests operational resilience in the digital age: IT governance, cyber readiness, and data management are no longer peripheral issues but central determinants of an entity’s stability.
Organisational capacity and outsourcing arrangements are equally telling. High vacancy levels, skills shortages, or dependence on outsourced providers for core functions can signal weakness in a firm’s ability to manage conduct risk effectively.
Finally, the financial data section ties the entire picture together, allowing the FSCA to assess sustainability. Any mismatch between revenue and expenses, rapid growth unsupported by income, or reliance on group funding will be difficult to ignore.
Why the Return is good for the industry
Importantly, Williams emphasised that the Return is not intended as a punitive exercise.
“The OMNI-Risk Return isn’t punishment, it’s transparency,” she said.
“The FSCA want to understand your business better so that they can identify risks and benchmark fair competition and intervene proportionately.”
Accurate submissions, she said, will reduce future supervisory surprises and help firms to build stronger internal controls, cleaner data, and more resilient frameworks.
Williams reiterated that every entity – insurers, intermediaries, banks, and other financial service providers – is affected.
“We recommend that every single entity … make a submission to the regulator by 30 November,” she said, adding that the FIA will consolidate and submit a sector-wide response on behalf of its members.
You are not expected to complete the return now
Williams addressed a recurring confusion among intermediaries: the FSCA is not asking for the Return to be completed at this stage.
“What you’re looking at now is to provide input to the regulator on what’s in there and what’s possible and what’s not possible.”
She said the priority now is to flag the gaps and terminology challenges – for example, whether references to a “governing body” apply to sole proprietors.
The FSCA will only accept consultation submissions via its Microsoft Forms template, which must be completed in one sitting, because the system does not save partial responses.
With implementation expected in late 2026, the opportunity to shape the final version of the OMNI-Risk Return is now.
