Implementation of multi factor authentication for director amendments

Dear customers,

On the 4th December 2023, CIPC implemented an identity verification and multifactor authentication for director amendments. As a registrar of companies and a regulator of such, the CIPC has to exercise stringent controls and authentication processes to mitigate the risk of unauthorised director amendments and remove vulnerabilities that enable corruption and corporate crime.

Background

Historically, customer codes and passwords were deemed an appropriate authentication control when transacting with the CIPC; however, with an increase in director amendments, and other criminal activities being prevalent, this “single-factor” authentication has been challenged as a reliable authentication control and is now deemed insufficient.

The purpose of this multi factor authentication therefore, is to provide a high level of assurance that the entity representative logging on to the CIPC system is who they say they are and have the mandate to perform the respective amendments pertaining to the entity.

The multi-factor authentication acts as an additional layer of security to prevent unauthorised users from accessing enterprise accounts and making unauthorised director amendments, amongst other activities. The multifactor authentication offers enhanced data integrity, information security, transacting transparency and verification of user identities.

What are the new features of the authentication process?

  1. No manual processing of Director Amendments and Directors Contact Details, only automated processes available to finalise a transaction(s).
  2. Identity Card (filer and director(s)) Issue Date is now being verified against Department of Home Affairs (DHA). CIPC has no control over mismatch of identification issue dates from DHA on the issued card/book versus the records held at the DHA.
  3. OTP verification are required from the filer and the directors impacted by the changes, i.e, Appointments and Resignations.
  4. It is critical that the filer ensures that the email and cellphone number of the impacted directors are correct and up to date before filing a Director Amendment.

See step-by-step guide on CIPC website.

 Notes to customers:

  1. Only Directors are allowed to make amendments since they will receive OTPs individually, linked to their profiles, which include their contact details such as e-mail and cell phone number.
  2. Should Directors utilise the services of third party provider, they would cede their logon details to the third party provider, thereby compromising access to the entity account; and absolving the CIPC of responsibility of amendments made on the entity account.

Notice 72