Miranda Rasehala, Legal Advisor at FNB South Africa

The Financial Sector Conduct Authority (FSCA) has officially opened consultation on the Omni Risk Return, a new cross-sector reporting framework that will transform how the FSCA collects and uses supervisory data across the financial services industry.

This marks the first step toward the Authority’s Integrated Regulatory Solution (IRS), a modern technology-driven system that automates how financial institutions are risk-profiled, supervised, and compared across the market.

From Omni CBR to Omni Risk Return

Between 2021 and 2023, the FSCA consulted on the Omni CBR (Conduct of Business Return). After extensive feedback from industry participants about the complexity and duplication of reporting requirements, the FSCA revised its approach.

Instead of multiple sector-specific reports, the new Omni Risk Return will provide a single, harmonised data return that captures the key risk indicators for every regulated entity, whether it is a retirement fund administrator, insurer, investment manager, or financial adviser.

Purpose of the Omni Risk Return

The Omni Risk Return is designed to:

• Streamline regulatory reporting by eliminating duplication and enabling institutions to submit information once, in a standardised format.
• Generate comparable risk scores for all financial institutions, allowing the FSCA to prioritise supervisory attention where it is needed most.
• Support a proactive, risk-based supervision model that uses data to identify early warning signals such as governance weaknesses, compliance gaps, or emerging systemic risks.

Ultimately, the FSCA aims to improve both regulatory efficiency and market conduct outcomes by making better use of data rather than increasing the reporting burden on firms.

How the FSCA will use the data

Information submitted through the Omni Risk Return will help the FSCA:

• Profile the risk of each financial institution, determining how often and how deeply it should be supervised.
• Identify early warning indicators, such as frequent system downtime, rising complaint levels, or high arrear contributions in retirement funds.
• Compare institutions and sectors to spot outliers and emerging conduct risks.
• Inform policy and enforcement decisions, ensuring that supervisory action is proportionate and focused on areas of greatest potential harm.

What institutions will need to report

The draft return is built around twelve key sections, each targeting a core area of organisational risk and governance. Examples include:

• Governance – independence and diversity of boards, risk tolerance, and remediation of compliance issues.
• Customer base and conduct – number of clients, complaint volumes, and early product withdrawals.
• Operational resilience – IT downtime, data accuracy, cyber incidents, and outsourcing dependencies.
• Financial health – revenue, expenditure, and reliance on group funding.
• Retirement funds – specific metrics like arrear contributions and unclaimed benefits.

Each data point is linked to measurable indicators that feed into the FSCA’s automated risk model. Institutions demonstrating strong governance, sound data management, and fair-treatment practices will be rated lower risk, while those with persistent operational or conduct weaknesses may attract closer regulatory attention.

Leadership accountability

Each submission must include a formal Declaration signed by a member of the governing body or executive management. This confirms that the data provided is accurate and complete, reinforcing direct accountability at leadership level for the quality of regulatory reporting.

Consultation timeline

The FSCA has published the following key dates for engagement:

• 30 September 2025: Release of the draft Omni Risk Return template (Annexure A) and Explanatory Guide (Annexure B).
• 1 October 2025: Consultation period opens.
• 3 to 10 November 2025: Three virtual workshops covering sections 1 to 12 with live question-and-answer sessions.
• 30 November 2025: Deadline for written comments.

Stakeholders are encouraged to submit feedback via the FSCA’s Microsoft Forms platform, accessible through the Omni Risk Return webpage.

What happens next

After consultation closes, the FSCA will refine the Return and test it during an industry pilot in mid-2026, before full integration into the IRS later that year. Once live, the IRS will consolidate supervisory data from all sectors, allowing the FSCA to maintain a single risk profile for each financial institution, regardless of how many licences it holds.

Why this matters

For the financial sector, the Omni Risk Return represents a shift from compliance-heavy manual reporting to digital, risk-informed regulation.

Institutions that invest early in data governance, integrated systems, and internal validation will not only find it easier to comply but also benefit from clearer expectations, fewer duplicate submissions, and a stronger relationship with the regulator.

The FSCA’s message is clear: good data supports good supervision, and good supervision protects both customers and the stability of South Africa’s financial system.

ENDS