Compliance Pitfalls for New FSPs in Their First Year (and How to Avoid Them)

The most dangerous year in the life of any South African Financial Services Provider (FSP) is its first. Compliance frameworks are being built from scratch, processes are still informal, and the Key Individual is juggling client work, business development, and regulatory setup all at once. The FSCA knows this — and new FSPs face disproportionate compliance scrutiny in their first 18 months.

The good news: the failure modes are predictable. Most first-year compliance problems cluster around a handful of common mistakes, all of which are avoidable with deliberate setup.

This guide walks through the 10 most common compliance pitfalls for new FSPs, why they happen, and the specific steps that prevent each one. If you are a Key Individual planning to launch an FSP — or are in your first year — work through this list deliberately.

1. Inadequate Record Keeping

The Pitfall

The FAIS Act and General Code of Conduct require detailed record keeping at the FSP level. New FSPs often start with informal systems — emails in personal inboxes, paper files in drawers, advice records that are partial or missing entirely. Six months in, when a complaint arrives, the records cannot be reconstructed.

Why It Happens

Setting up proper record-keeping infrastructure feels low-priority compared to bringing in clients. The cost of skipping it is invisible until something goes wrong.

How to Avoid It

• Choose a CRM or advice platform from day one. Solutions like Salesforce Financial Services Cloud, Wealthport, Astute, or local equivalents.
• Document every client interaction — phone calls, meetings, emails, advice given.
• Store all client documents centrally — needs analyses, fact finds, product disclosures, advice records, signed disclosures.
• Set retention policies that match or exceed regulatory requirements (typically 5 years from termination of services).
• Back up everything. A single hard-drive failure should not destroy your compliance history.

2. Weak Advice Record Documentation

The Pitfall

Advice given is not properly recorded. The advisor remembers the conversation; the file does not show what was discussed, what alternatives were considered, or why a specific product was recommended.

Why It Happens

Time pressure. Recording advice properly takes 15–30 minutes per client interaction. New FSPs prioritise getting the client onboarded over documenting the conversation.

How to Avoid It

• Use a structured advice template that captures client needs, risk profile, alternatives considered, recommendation, and rationale.
• Complete the record within 24 hours of the meeting while details are fresh.
• Have the client sign or acknowledge the recommendation in writing.
• Train all representatives on the same template so consistency is built in.

A well-documented advice record is your single best defence against a future complaint or FSCA enquiry.

3. Poor Representative Supervision

The Pitfall

A new FSP with supervised representatives must demonstrate active supervision. Many new Key Individuals supervise informally — quick chats, the occasional "how's it going?" — without documented sign-offs, file reviews, or development conversations. When the FSCA asks for proof of supervision, there is none.

Why It Happens

The Key Individual is busy. The representatives "are doing fine." Supervision feels like overhead.

How to Avoid It

• Implement a documented supervision framework — weekly check-ins, monthly file reviews, quarterly development reviews.
• Sign off on advice files for supervised representatives. Document the review.
• Maintain training and development records for each supervised rep.
• Track CPD progress at the representative level, not just at FSP level.

Supervision is not optional. It is one of the most heavily scrutinised areas in any FSP compliance audit.

4. Outdated or Missing Disclosure Documents

The Pitfall

Disclosure documents — General Disclosure, product-specific disclosures, fee disclosures, conflict of interest disclosures — exist somewhere but are out of date, inconsistent between representatives, or missing critical information.

Why It Happens

Disclosures get drafted once at FSP setup, then never reviewed. Regulatory updates, fee changes, and product changes are not reflected.

How to Avoid It

• Maintain a master disclosure pack at the FSP level.
• Update it quarterly at minimum, more frequently if regulatory changes occur.
• Version control every disclosure — date issued, version number.
• Issue updated disclosures to existing clients when material changes occur.
• Confirm in writing that the client received the disclosure — signed or electronically acknowledged.

5. Complaints Handling Failures

The Pitfall

A client complaint arrives. The FSP has no formal complaints policy, no log, no defined timelines. The complaint is handled informally, possibly resolved, but with no documentation. Three months later, the same client escalates to the FAIS Ombud, and the FSP has nothing on file.

Why It Happens

New FSPs assume complaints will be rare. They are not. Even well-run FSPs receive complaints regularly — and how they are handled determines the regulatory outcome.

How to Avoid It

• Implement a written complaints policy as required by the General Code of Conduct.
• Maintain a complaints register — every complaint logged, regardless of how minor.
• Acknowledge complaints in writing within prescribed timelines.
• Investigate and respond within regulatory timeframes — typically 6 weeks for resolution.
• Keep all correspondence on file with the complaint record.
• Review complaints quarterly at FSP management level to identify patterns.

6. Inadequate CPD Tracking

The Pitfall

CPD obligations apply to every representative and Key Individual. New FSPs often have no centralised CPD tracking system, relying on individuals to manage their own. By the end of the first CPD cycle, several representatives are short of hours, and the FSP cannot demonstrate compliance.

Why It Happens

CPD tracking feels like an individual responsibility, not an FSP one. In practice, the FSP carries regulatory exposure for representative non-compliance.

How to Avoid It

• Maintain a centralised CPD log for the FSP, with each representative's progress.
• Review CPD status quarterly. Anyone behind pace gets a documented intervention.
• Provide qualifying CPD opportunities as an FSP — group training, webinars, structured reading.
• Verify and store CPD certificates centrally.
• Make CPD performance part of representative review discussions.

7. Conflict of Interest Management Gaps

The Pitfall

The General Code of Conduct requires FSPs to identify, disclose, and manage conflicts of interest. New FSPs often have no formal Conflict of Interest Policy, no disclosure to clients, and no register of conflicts identified and managed.

Why It Happens

New FSPs do not think they have significant conflicts. In practice, every FSP has conflicts — commission structures, product provider relationships, ownership interests, gifts and entertainment received.

How to Avoid It

• Draft a Conflict of Interest Policy. Templates are widely available.
• Disclose conflicts to clients in writing.
• Maintain a Conflicts of Interest Register — what conflict exists, how it is being managed, who is affected.
• Train all representatives on conflict identification and disclosure.
• Review the register annually with documented sign-off.

8. Inadequate Professional Indemnity (PI) Cover

The Pitfall

PI cover is in place but is inadequate for the FSP's activities, AUM, or risk profile. Or worse, PI lapses at renewal and the FSP operates without cover for weeks before noticing.

Why It Happens

PI feels like an annual administrative task. The exact cover amount, exclusions, and renewal dates are not actively managed.

How to Avoid It

• Confirm PI requirements for your FSP category and product set against current FSCA regulations.
• Maintain adequate cover — not minimum cover. Adequate cover is what would actually pay out in a meaningful claim.
• Diary renewal dates at least 60 days in advance.
• Review cover annually against AUM and business growth.
• Understand the exclusions — what does the policy NOT cover?

9. FSCA Reporting and Levy Failures

The Pitfall

FSPs have ongoing reporting obligations to the FSCA — annual returns, levy payments, changes in key personnel, changes in business activities. New FSPs miss deadlines, file incomplete returns, or fail to notify the FSCA of material changes.

Why It Happens

The reporting calendar is not centralised. The Key Individual is too busy to manage it. The FSP has no dedicated compliance support.

How to Avoid It

• Build a compliance calendar with all FSCA deadlines for the year.
• Diary every deadline 30 days in advance with a working session to complete it.
• Notify the FSCA of material changes within prescribed timelines — usually 15 working days.
• Pay levies on time. Late payment carries penalties and reputational consequences.
• Engage a compliance officer or partner if the FSP is large enough to justify it.

10. Treating Compliance as a Cost, Not an Asset

The Pitfall

The Key Individual treats compliance as overhead — something to minimise. Corners get cut. Disclosures are skipped where "no one will notice." Records are kept loosely. The first 18 months feel fine. Then the first complaint, audit, or enquiry arrives.

Why It Happens

Compliance does not generate revenue. It is easy to deprioritise in the chaos of a first-year FSP.

How to Avoid It

This is the meta-mistake that drives all the others. The cure is mindset change:

• Treat regulatory excellence as a competitive advantage. Clients increasingly choose advisors based on trust, and trust is built through visible compliance.
• Invest in compliance infrastructure early. A CRM, a compliance officer or partner, proper templates, training time — all of these cost money upfront and save vastly more later.
• Make compliance part of every staff conversation. Not as a punitive thing — as the standard of professional practice.
• Build relationships with the FSCA proactively. Engage with industry forums. Respond to consultations. Be visible as a compliant operator.

Build the Habit With Practice

The deepest defence against compliance failure is genuine fluency in the regulatory framework — the FAIS Act, the General Code of Conduct, fit and proper requirements, and category-specific rules. Fluency comes from repetition.

Sign up free at regulatoryexams.co.za to keep your regulatory knowledge sharp with thousands of practice questions, full-length timed exams, and weak-area analytics — useful for your own Key Individual preparation (RE1, RE3, RE6) and for training your supervised representatives. Regulatory Exams is built specifically for South African financial professionals and is free to start. Many established FSPs use it as part of their representative onboarding and continuous training.

The Bottom Line

Your first year as a new FSP determines whether you spend the next decade defending compliance issues or building a respected practice. The pitfalls are predictable: weak records, informal supervision, outdated disclosures, missed complaints handling, untracked CPD, ignored conflicts, inadequate PI, missed FSCA deadlines, and a compliance-as-cost mindset.

The cure is also predictable: build proper infrastructure on day one, document everything, review quarterly, and treat compliance as the standard of professional practice rather than an external burden.

A new FSP that builds compliance right grows steadily, retains clients, and earns industry respect. A new FSP that cuts compliance corners eventually pays the price — and that price is almost always larger than the savings would have been.

The choice is made in year one. Make it deliberately.