Description

Segregation of Duties Policy Template for FSPs

The Segregation of Duties Policy Template is an editable downloadable document designed for Financial Services Providers that need a practical way to allocate, review and monitor key duties and functions.

This Segregation of Duties Policy helps an FSP reduce the risk of fraud, error, abuse of authority, conflicts of interest, unauthorised transactions, weak recordkeeping and regulatory breaches. It is especially useful for small FSPs that may not always have enough staff to fully separate duties, but still need to document compensating controls.

For related compliance templates, you may also view our Fraud and Corruption Policy Pack, Conflict of Interest Management Policy and Compliance Governance and Monitoring Pack.

For official regulatory context, you can also visit the FSCA FAIS regulated entities page.

What Is Included In This Segregation of Duties Policy?

This template is designed to help FSPs document how duties are allocated across advice, onboarding, finance, complaints, compliance, regulatory submissions, supervision, system access and conflict management processes.

The policy includes sections for:

• Policy review control sheet
• Policy review details and change log
• Training and implementation record
• Introduction and purpose
• Legislative and governance basis
• Policy statement
• Scope and applicability
• Definitions, including segregation of duties, critical functions, compensating controls and exceptions
• Segregation of duties principles
• Roles and responsibilities
• Key duties and functions requiring segregation
• Proportionality for small FSPs
• Compensating controls where full segregation is not practical
• Segregation of duties procedures
• Access control, information security and POPIA controls
• Monitoring, review and assurance
• Breaches, exceptions and corrective action
• Training and awareness
• Recordkeeping requirements
• Policy review and approval

Segregation of Duties Policy Annexures Included

The Segregation of Duties Policy includes practical annexures that help the FSP evidence role allocation, oversight, access control and exception management.

The annexures include:

• Annexure A: Segregation of Duties Matrix
• Annexure B: Small FSP Compensating Controls Worksheet
• Annexure C: Key Individual Independent Review Register
• Annexure D: System Access Rights Register
• Annexure E: Segregation Breach and Exception Register
• Annexure F: Monthly Segregation of Duties Review Checklist
• Annexure G: Staff Acknowledgement and Declaration

Why FSPs Need a Segregation of Duties Policy

No single person should have unchecked control over every part of a critical process. Where one person can initiate, approve, process, record and review the same activity, the FSP may be exposed to errors, fraud, client prejudice, unauthorised decisions or weak evidence of oversight.

A written Segregation of Duties Policy helps the FSP identify high-risk duties and apply appropriate review, approval, monitoring or compensating controls.

This template helps address common weaknesses such as:

• No documented segregation of duties policy
• No segregation of duties matrix
• No documented compensating controls for small FSPs
• No Key Individual independent review register
• No system access rights register
• No process for recording segregation breaches or exceptions
• No monthly review checklist
• No clear approval limits for high-risk activities
• No documented review of payments, refunds or reconciliations
• No evidence that system access is reviewed and removed when no longer needed

Small FSP Compensating Controls

This template recognises that small FSPs may have limited staff and may not always be able to fully separate duties. The pack includes a compensating controls worksheet to record where duties are combined, why full separation is not practical, what risk is created and what control will be applied.

Examples of compensating controls include Key Individual review, external compliance review, independent reconciliations, access restrictions, approval limits, audit trails, exception registers and documented sign-off.

System Access and POPIA Controls

The Segregation of Duties Policy includes access control and information security wording to help the FSP manage system access according to role and operational need.

The system access rights register can be used to record users, roles, systems, access levels, business reasons, approval dates, review status and whether access is active or removed.

Who Should Use This Segregation of Duties Policy?

• Authorised Financial Services Providers
• Small FSPs with limited staff
• Key Individuals responsible for operational oversight
• FSPs with representatives or administrative staff
• FSPs that need stronger internal controls
• Compliance officers assisting FSPs with governance and monitoring
• Business owners who need practical role allocation and review tools

Editable and Customisable Internal Control Template

This Segregation of Duties Policy is editable and must be customised before use. The FSP must insert its name, FSP number, responsible persons, actual staff roles, approval limits, system names, review frequency, access control process and evidence storage locations.

The template includes placeholders and practical annexures that should be completed before the final policy is approved, implemented and reviewed.

Important Compliance Note

This Segregation of Duties Policy is a compliance support document. It does not replace legal advice, forensic advice, IT security advice, POPIA advice or a full internal control review. Each FSP remains responsible for ensuring that its final policy is accurate, practical, implemented, evidenced and aligned with its actual staff structure, systems, outsourced arrangements, risk profile and regulatory obligations.