Attempting to misuse an FSP’s confidential data, even where these attempts are unsuccessful, signals a fatal lapse in integrity that warrants debarment. This is the key take-away from two decisions by the Financial Services Tribunal (FST) involving representatives who sent client information to their private email accounts after handing in their resignations.
The Tribunal handed down the decisions this month after considering the reconsideration applications, both of which were brought by former bank employees.
One of the applicants was Christo Wiesner, who was employed in 2010 as a divisional manager in First National Bank’s Private Clients division.
Wiesner resigned on 2 January 2024, intending to join a competitor. The following day, he sent two emails from his FNB email to his personal Gmail account.
According to FNB, the first email contained confidential information concerning its customers, specifically client-specific details for two clients, and the second included a list of high-net-worth customers, with proposals, personal financial details, and sources of wealth.
FNB’s IT risk assessment team intercepted the emails, triggering Wiesner’s suspension and an investigation. On 29 January, before his notice period ended, he was told to attend a disciplinary inquiry, where he faced two charges:
- Breach of confidentiality by forwarding customer information without a valid business reason.
- Sending a list of offshore clients’ confidential data to his Gmail account without consent or justification.
Wiesner was found guilty of both charges and served with a notice of intention to debar in May 2024.
In his response to the notice, Wiesner denied intent to breach confidentiality. He “committed a genuine error for which he immediately and contritely apologised”. The error should be seen in the light of his otherwise impeccable service record and the character testimonials he filed.
FNB did not accept Wiesner’s defences and debarred him in July last year.
Wiesner applied for reconsideration the following month and sought a suspension of the debarment. The chairperson of the Tribunal dismissed the suspension application, finding Wiesner’s submission that the debarment had been procedurally unfair to be unfounded.
The Tribunal said the purposes for which Wiesner sent the confidential information to his private email address were irrelevant.
It doubted that the emails had been sent in error. Even on “the most charitable interpretation of the facts”, the “so-called ‘error’ impugns the applicant’s fitness” to act as a FAIS representative.
It was clear that Wiesner’s conduct contravened the FAIS Act and the undertakings that he provided to FNB. “This conduct indicates a lack of integrity.”
The Tribunal concluded that, under the circumstances, FNB was obliged to debar Wiesner under section 14(1)(a) of the FAIS Act and dismissed the reconsideration application.
Second reconsideration application
The other applicant was Monehela Lecheko, who was employed as an account manager at Standard Bank Insurance Brokers.
The incident leading to his debarment occurred after Lecheko resigned on 20 May 2024, with his 30-day notice period set to end on 19 June 2024.
On 7 June, Lecheko sent two emails from his work email to his personal Gmail account containing client information. The first email, titled “Kindergarden”, included two Excel attachments. This email was intercepted by Standard Bank’s internal security system and redirected to his manager, who at 1.37pm that day instructed him to surrender his work laptop. At 1.49pm, Lecheko attempted to send a second email, titled “Baby Formula 2”, attaching an Excel file that also contained client data. This second attempt was similarly intercepted.
Following these events, Lecheko’s work laptop was retrieved from his home, and he was placed on garden leave (excused from working the remainder of his notice period).
On 21 June, Lecheko was notified that he was required to attend a post-termination REDS (Register of Employees Dishonesty System) inquiry. It was alleged that he had sent Standard Bank’s client data to his personal email “without the respondent’s knowledge, consent or authorisation”, violating the bank’s policies on confidentiality.
In August, the chairperson of the inquiry found Lecheko guilty of the alleged misconduct. The ruling highlighted that the client information sent to Lecheko’s Gmail account included “virtually his entire portfolio since the commencement of his employment with the respondent”, which began in 2016.
Standard Bank debarred Lecheko in September last year.
Lecheko lodged a reconsideration application and applied for an order to suspend the debarment pending the outcome of the reconsideration application. The application for suspension was dismissed.
Applicant’s submissions
Lecheko acknowledged attempting to send client information to his personal email account. However, he challenged the basis and fairness of the debarment on various grounds.
He argued that the clients in question did not belong to Standard Bank. He had sourced clients during his employment with the bank and had also brought clients with him before joining Standard Bank.
Lecheko described the email attachments as “dormant client lists”. His intention was to reconnect with his clients to offer them new products unavailable through Standard Bank.
Lecheko asserted that sharing client information with colleagues was routine at Standard Bank to generate business leads. Such emails were commonly titled “Kindergarden” or “Baby Formula”.
At the hearing before the Tribunal, counsel for Lecheko conceded his client’s conduct was dishonest but argued there were “degrees of dishonesty”, distinguishing between “an attempt at dishonesty” and “actual dishonesty”.
Because Standard Bank’s internal security systems blocked the data transfer, it was contended that Lecheko had not actually succeeded in transferring the client information to his Gmail address. This was compared to criminal law, where “attempted theft” is treated less severely than “theft”, proposing that an unsuccessful attempt should mitigate the consequences.
Lecheko challenged the debarment process, alleging a violation of the audi alteram partem principle (the right to be heard). He argued that his submissions in response to the notice of debarment were received but not adequately considered. The notice of debarment omitted any reference to his submissions, suggesting a lack of due process.
Lecheko highlighted that he ceased employment with Standard Bank on 19 June 2024. He contended that the bank’s decision to pursue the REDS inquiry reflected on its “motive and vindictiveness”.
Tribunal’s decision
In its decision, the Tribunal said Lecheko admitted to attempting to send private and confidential information of the bank’s client data base to his personal Gmail account. The Tribunal noted that “having been caught in the act, he could hardly do otherwise”.
The FST deemed his use of the subject titles “Kindergarden” and “Baby Formula 2” a “misrepresentation” intended to “conceal the attachments and circumvent detection”, because these were not typical titles expected in Standard Bank’s insurance division.
Further, he sought to use this data “for his own purpose, to generate leads and work at his new employer”, fully aware of the prohibitions against such use. His intent was reaffirmed when, minutes after being instructed to surrender his laptop, he attempted a second email transfer.
Lecheko’s employment contract mandated confidentiality of customer information and prohibited its misuse during or after employment, including a non-poaching and solicitation clause barring him from enticing clients to another institution. Having worked at Standard Bank since 2016, he was presumed to be aware of these terms.
The Tribunal said he had access to the client database solely as an incidence of his employment and lacked permission from Standard Bank or the clients to use it as he did. His actions breached both his contract and section 3(3) of the General Code of Conduct, reflecting “deceit and an intention to misappropriate confidential information” for self-interest.
The FST dismissed Lecheko’s claim that sharing client leads with colleagues using titles such as “Kindergarden” or “Baby Formula 2” was common practice. While sharing within the respondent’s interests was logical and lawful, the Tribunal found his explanation “so inherently improbable that it can be rejected outright”.
It also rejected Lecheko’s assertion that the post-employment REDS inquiry showed “vindictiveness”. His contract allowed inquiries post-resignation, and the debarment process complied with the FAIS Act’s six-month timeline.
The FST also rejected claims that Standard Bank violated the audi alteram partem principle. Lecheko had multiple opportunities to present his case – during the REDS inquiry, in his response to the notice of intention to debar, and before the Tribunal.
The Tribunal ruled that the success or failure of the data transfer was irrelevant: “It matters not that the respondent’s internal security mechanism prevented the actual transfer.” Lecheko’s “dishonesty, as well as the intention to act in a dishonest manner”, was evident. His actions risked “serious adverse consequences” for Standard Bank and its clients.
The Tribunal found Lecheko’s conduct “manifestly dishonest”, rendering him not fit and proper, and criticised his “persistence with far-fetched explanations” as evidence of a failure to grasp the gravity of his actions. Consequently, it found no reason to interfere with Standard Bank’s decision to debar him.
Am available I want to learn more
I am doing an assignment on Lecheko’s case