As a registrar of companies and a regulator of such, the CIPC has to exercise stringent controls and authentication processes to mitigate the risk of unauthorised director amendments and remove vulnerabilities that enable corruption and corporate crime.
Background
Historically, customer codes and passwords were deemed an appropriate authentication control when transacting with the CIPC; however, with an increase in director amendments, and other criminal activities being prevalent, this “single-factor” authentication has been challenged as a reliable authentication control and is now deemed insufficient.
The purpose of this multi-factor authentication, therefore, is to provide a high level of assurance that the entity representative logging on to the CIPC system is who they say they are and has the mandate to perform the respective amendments about the entity.
The multi-factor authentication acts as an additional layer of security to prevent unauthorised users from accessing enterprise accounts and making unauthorised director amendments, amongst other activities. The multifactor authentication offers enhanced data integrity, information security, transacting transparency, and verification of user identities.
What are the new features of the authentication process?
No manual processing of Director Amendments and Director Contact Details, only automated processes available to finalise a transaction(s).
Identity Card (filer and director(s)) Issue Date is now being verified against the Department of Home Affairs (DHA). CIPC has no control over the mismatch of identification issue dates from DHA on the issued card/book versus the records held at the DHA.
OTP verification is required from the filer and the directors impacted by the changes, i.e., Appointments and Resignations.
The filer must ensure that the email and cellphone numbers of the impacted directors are correct and up to date before filing a Director Amendment.
Refer to the step-by-step guide on CIPC’s website.
Notes to customers:
Only Directors are allowed to make amendments since they will receive OTPs individually, linked to their profiles, which include their contact details such as e-mail and cell phone number.
Should Directors utilize the services of a third-party provider, they would cede their logon details to the third-party provider, thereby compromising access to the entity account; and absolving the CIPC of responsibility for amendments made on the entity account.
Click here to download Notice 72 of 2023:
Relevance to Auditors, Independent Reviewers & Accountants:
The Companies Act is yet another piece of legislation that your clients must comply with, and which you must assess compliance with. If they don’t comply with the relevant laws and regulations, you have certain reporting obligations in terms of NOCLAR (Non-Compliance with Laws And Regulations) – this could include reporting to management, qualifying your audit opinion, reporting a Reportable Irregularity, etc.
As an auditor, independent reviewer and accountant, you also need to monitor your client’s compliance with the Companies Act and all relevant notices/enforcements/practice notes/customer letters issued by CIPC as the regulator.
Where you perform these compliance tasks on behalf of your client, you need to ensure that you comply with all relevant notices/enforcements/practice notes/customer letters issued by CIPC as the regulator.
Company Secretarial staff play a critical role in bridging the gap between entities and CIPC. As legislation, regulations and tax law are continuously changing and evolving, it is of utmost importance for companies and company secretarial practitioners to keep abreast of such changes in so that companies continue to meet their compliance obligations.
Relevance to Your Clients:
An entity (company or close corporation) must comply with the Companies Act, and all relevant notices/enforcements/practice notes/customer letters issued by CIPC as the regulator.
Failure to comply with CIPC requirements may lead to an investigation and/or the issuance of compliance notices.