CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 76% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.
EN
Login
Open Account

Provider Due Diligence Policy

Provider Due Diligence Policy

1. INTRODUCTION AND PURPOSE

1.1 IUX Markets ZA (Pty) Ltd (“the Company”, “we”, “us”, “our”) is an authorised Financial Services Provider (FSP No. 53103) regulated by the Financial Sector Conduct Authority (“FSCA”) in South Africa. Registered address: 18 Cavendish Road, Claremont, Cape Town, Western Cape, 7708.

1.2 The Company’s business model involves acting as an intermediary that routes South African retail client orders to an affiliated principal CFD execution broker in Mauritius (the “Execution Broker”). The Company also uses a range of other third-party product suppliers, liquidity providers, technology vendors, payment service providers, and outsourced service providers (collectively, “Providers”).

1.3 This Provider Due Diligence Policy (the “Policy”) establishes the framework by which the Company identifies, assesses, on-boards, contracts, monitors, and — where necessary — exits Providers. It is designed to ensure compliance with, as applicable, the FAIS Act, the General Code of Conduct (“GCC”) (in particular sections 2, 3, 8, and 11), the FIC Act and the Company’s Risk Management and Compliance Programme (“RMCP”), the Financial Markets Act 19 of 2012 (“FMA”) and the Over-the-Counter Derivative Provider (“ODP”) framework, applicable FSCA Conduct Standards, and any proposed or adopted Joint Standard on Outsourcing by Financial Institutions.

2. SCOPE AND APPLICATION

2.1 This Policy applies to the Company’s Board of Directors, the Key Individual, the Compliance Department and the Operations Department. It covers the initial vetting, contracting and ongoing monitoring of all Providers to whom the Company introduces, discloses, or in respect of whom the Company processes South African client funds, orders or personal information, including but not limited to:

  1. the Execution Broker and any alternative principal execution venues;
  2. liquidity providers and prime brokers;
  3. trading platform and technology vendors;
  4. payment service providers, card acquirers, and cross-border remittance processors;
  5. KYC/AML, fraud-detection and sanctions-screening vendors;
  6. data processors handling personal information on the Company’s behalf (“Operators” for POPIA purposes);
  7. cloud infrastructure and cybersecurity providers; and
  8. any other outsourced service provider to whom a material function is delegated.

3. REGULATORY BASIS OF THE CROSS-BORDER EXECUTION ARRANGEMENT

3.1 The Company formally acknowledges its corporate affiliation with the Execution Broker. Notwithstanding that affiliation, the Company evaluates the Execution Broker strictly on an arm’s-length basis, on the same terms that would apply to an unaffiliated third party.

3.2 The Company maintains, as part of the Provider Due Diligence File, a current written legal opinion from external South African regulatory counsel confirming the legal basis on which: (a) the Company’s intermediary activities in respect of CFDs comply with the FAIS Act and the FMA (including the ODP framework); and (b) the Execution Broker’s activities into South Africa (if any) are consistent with the FSCA’s position on the cross-border rendering of financial services. The opinion is refreshed at least every two years, and promptly on any material regulatory change or on any material change to the business model.

3.3 Where the FSCA issues any notice, guidance or determination that materially affects the legal basis of the arrangement, the Company will promptly re-assess the arrangement, update the legal opinion, and — where required — suspend or modify order routing to protect South African clients.

4. INITIAL VETTING AND DUE DILIGENCE FRAMEWORK

4.1 Before entering into any intermediary routing agreement, material outsourcing arrangement, or directing any South African client funds, orders or personal information to a Provider, the Key Individual and Compliance Department must formally verify and document at least the following pillars. The depth of due diligence is proportionate to the materiality and risk classification of the Provider, with the Execution Broker always treated as a high-materiality / high-risk Provider.

A. Regulatory and Licensing Status

  1. Certified copies of incorporation documents, constitutional documents and regulatory licences must be obtained.
  2. For the Execution Broker, verification via the Financial Services Commission of Mauritius (“FSC”) registry that the entity holds a valid, active licence to operate as an Investment Dealer (Broker), with no sanctions, censures or suspensions.
  3. Verification that the Provider is not subject to active sanctions, enforcement action or licence restrictions from any global regulator.
  4. Confirmation of the legal basis on which the Provider conducts any activity into or relating to South Africa (see section 3 above).

B. Financial Soundness and Capital Adequacy

  1. Most recent audited annual financial statements (prepared by a reputable independent audit firm).
  2. Evidence of capital adequacy in strict adherence to the Provider’s home-country regulatory requirements, with additional liquidity cover where client money is held or passed through the Provider.
  3. Confirmation that retail client funds are segregated from operational funds, and the location and terms of the segregated account.
  4. Insurance cover (professional indemnity, cyber, crime) of an amount appropriate to the activities conducted.

C. Operational, Technology and Cybersecurity Capability

  1. Evidence of operational capability, including a minimum historical trading platform uptime of 99.5% measured over rolling 12-month windows, execution-quality reports (latency, slippage, requotes), and capacity to service South African client volumes.
  2. Cybersecurity controls evidenced by recognised certifications (for example ISO/IEC 27001, SOC 2 Type II) and independent penetration testing reports.
  3. Business continuity and disaster recovery plans with tested recovery time and point objectives.
  4. Data location disclosure — the countries and data centres in which personal information or client records are processed and stored.

D. AML/CFT, Sanctions and Compliance Frameworks

  1. Evidence of AML/CFT policies, KYC and Customer Due Diligence (“CDD”) procedures aligned with Mauritian law and consistent with the FIC Act and the Company’s RMCP.
  2. Sanctions screening against United Nations, OFAC, EU and South African Targeted Financial Sanctions lists, and against any other list the Company requires, with evidence of screening cadence and quality.
  3. Politically Exposed Person (“PEP”) screening and enhanced due diligence procedures.
  4. Evidence of regulator-acceptable record-retention policies of not less than five (5) years.
  5. A written undertaking from the Provider to notify the Company of any material AML/CFT breach, sanctions match, or regulatory action within 24 hours of awareness.

E. Data Protection and POPIA Operator Requirements

  1. Where the Provider processes personal information on the Company’s behalf, it must enter into a written Operator Agreement that meets the requirements of sections 20–21 of POPIA, including obligations on confidentiality, security, breach notification within 24 hours, deletion or return on termination, and sub-operator controls.
  2. Where personal information is transferred across South African borders, section 72 of POPIA safeguards must be in place (for example, binding corporate rules, standard contractual safeguards, or reliance on an adequate law basis).

F. Client Money, Payments and Exchange Control

  1. Clarity on whether client money is held in South Africa or remitted offshore, and on the accounts, banking partners and segregation arrangements involved.
  2. Compliance with the Exchange Control Regulations administered by the South African Reserve Bank Financial Surveillance Department, including any required approvals for cross-border flows.

5. RISK CLASSIFICATION AND CONTRACTUAL CONTROLS

5.1 Each Provider is classified by the Compliance Department as Low, Medium or High materiality based on: criticality to client service, volume and nature of personal information processed, client-money exposure, and regulatory sensitivity. The classification drives the depth of initial and ongoing due diligence and the frequency of formal reviews.

5.2 Material Provider contracts (including the Execution Broker) must include, at a minimum: service levels; access, information and audit rights; data protection and confidentiality; breach and incident notification within 24 hours; sub-outsourcing controls; liability and indemnity commensurate with the risk; exit and transition assistance; termination triggers; and co-operation with regulators.

6. OUTSOURCING FRAMEWORK

6.1 Where a Provider arrangement constitutes outsourcing of a material function (including the routing of client orders to the Execution Broker), the Company applies outsourcing governance consistent with FSCA expectations and any Joint Standard on Outsourcing that is in force or proposed. Key requirements include:

  1. documented materiality assessment and Board approval of the outsourcing;
  2. clear allocation of roles and responsibilities, retained oversight capability at the Company, and a named Outsourcing Owner;
  3. a documented and regularly tested exit and transition plan that identifies an alternative Provider or contingency option;
  4. controls on sub-outsourcing, including prior notification and the right to object;
  5. regular SLA and control-effectiveness reviews, with escalation to the Key Individual and Board;
  6. contractual access for the Company, its auditors and the FSCA to the Provider’s premises, systems, records and personnel.

7. ONGOING MONITORING AND REVIEW

7.1 The Compliance Department operates a continuous monitoring framework, with cadence proportionate to Provider materiality:

  1. Monthly: service-level reviews including platform uptime, execution speed, slippage, requote rates, support responsiveness and client complaint trends tied to the Provider.
  2. Quarterly: regulatory status checks (e.g., FSC Mauritius registry, UN/OFAC/EU sanctions), Provider incident reports, and review of any material changes notified by the Provider.
  3. Annually: comprehensive review covering updated audited financial statements, capital adequacy, control reports (ISO/IEC 27001, SOC 2 Type II or equivalent), BCP/DR test results, data-processing locations, sub-operators, insurance, AML/CFT and sanctions controls, and any material changes to trading terms or fee structures.
  4. Event-driven: additional review on any trigger event, including licence action, sanctions event, material incident, data breach, change of control, or market disruption.

8. SUSPENSION AND TERMINATION TRIGGERS

8.1 The Company will suspend the routing of orders or the processing of data through a Provider, and will initiate the exit plan, on the occurrence of any of the following objective triggers:

  1. lapse, suspension, revocation or material restriction of the Provider’s regulatory licence;
  2. sanctions listing of the Provider, a parent, a subsidiary, a director or a beneficial owner;
  3. a material data breach, cyber incident, or AML/CFT breach at the Provider;
  4. qualified audit opinion or material going-concern uncertainty;
  5. adverse regulatory action, judgment, or settlement with a material impact on service delivery;
  6. material, sustained deterioration of service levels below the SLA floor (for example, platform uptime falling below 99% over any rolling three-month window);
  7. loss of key certifications (e.g., ISO/IEC 27001, SOC 2 Type II) without an acceptable replacement;
  8. non-co-operation with the Company’s audit, inspection or information requests;
  9. any other event that in the reasonable judgement of the Key Individual and Compliance Department materially threatens the fair treatment or protection of South African clients.

9. RECORD-KEEPING AND FSCA REPORTING

9.1 The Compliance Department maintains a dedicated Provider Due Diligence File for each Provider, containing all historical and current vetting documentation, regulatory verifications, contracts, Operator Agreements, monitoring reports, incident records, exit planning documents, and Board approvals.

9.2 Records are securely archived for a minimum of five (5) years after termination of the Provider relationship (and longer where required by applicable law) and remain available for inspection by the FSCA, the FAIS Ombud, the Financial Intelligence Centre, the Information Regulator, or any other competent authority on request.

9.3 Material Provider incidents (including breaches, sanctions events and service failures with client impact) are reported promptly to the Key Individual and the Board and, where required, to the relevant regulator.

10. GOVERNANCE AND REVIEW

10.1 This Policy is reviewed and approved by the Board of Directors at least annually, and promptly on any material regulatory change or change in the Company’s Provider arrangements. The Compliance Department is the Policy owner.

Trade
Platforms
Education
Company
Accounts
Comparison
Language
English
Login
Open Account
Important Information

Access to this website is restricted. IUX does not solicit, market, or provide services to persons located in, resident in, or citizens of Australia, Canada, Ukraine, any European Union Member State, Iceland, Norway, Liechtenstein, the United Kingdom, the United States of America, or Malaysia.

By selecting “I Confirm” below, you expressly represent and warrant that you are not a citizen or resident of, and are not accessing this website from, any of the jurisdictions listed above. If you do not meet this requirement, you must select “I Do Not Confirm” and refrain from accessing the website.

I Do Not Confirm
I Confirm
Markets
Currency CFDs
Commodity CFDs
Stock CFDs
Index CFDs
Thematic Index CFDs
Live Quotes
Trading Conditions
Client Security
Payment Options
Trading Fees
Benefits
LotBack Program
Trading Platforms
IUX Trade App
IUX WebTerminal
MetaTrader 5
Learning Center
Overview
Articles
Academy
Tools & Analysis
Economic Calendar
Trading Calculators
Technical Analysis
About IUX
About
IUX Reviews
Blog
  • Partner
    • Contact
    Legal & Support
    Regulation
    Privacy Policy
    Help Center