Vitalis Group SA — Regulatory, Legal & Compliance Framework

The insurance licensing and prudential framework, the Prudential Authority and FSCA requirements, conduct and data-protection compliance, and the legal structure.

Vitalis Group SA Business PlanSection 10 › Regulatory, Legal & Compliance Framework

Section 10 · Business Plan

Regulatory, Legal & Compliance Framework

The insurance licensing and prudential framework, the Prudential Authority and FSCA requirements, conduct and data-protection compliance, and the legal structure.

10.1 Regulatory Landscape

South Africa operates a Twin Peaks regulatory framework, with
prudential supervision by the Prudential Authority (housed within the
South African Reserve Bank) and market-conduct supervision by the
Financial Sector Conduct Authority (FSCA). This framework, in force
since 2018, aligns South Africa with international best practice and
provides regulatory predictability over the planning horizon.

Regulator Mandate as it Affects Vitalis
Prudential Authority (PA) Licences insurers, sets prudential standards (capital, governance, reporting), supervises solvency under SAM
Financial Sector Conduct Authority (FSCA) Licences financial service providers, oversees market conduct, TCF and disclosure, supervises advisors
Council for Medical Schemes (CMS) Regulates registered medical schemes (Vitalis Health structured as a health insurance product, not a scheme)
South African Reserve Bank (SARB) Supervises Vitalis Bank under the Banks Act 1990
Information Regulator Supervises POPIA compliance
SARS Tax compliance including premium tax, banking levies
Competition Commission Reviews material acquisitions and partnerships

10.2 Licensing Plan

The Company will pursue four primary licences in parallel, sequenced
to support the product launch plan. Pre-application engagement with the
PA and FSCA commenced in Q3 2025; the formal application process targets
first licence issuance within 6 months of financial close.

Licence Regulator Target Filing Target Approval
Long-term Insurance Class V (Risk) & VI (Investment) Prudential Authority M+1 M+6
Non-life (Short-term) Insurer Prudential Authority M+1 M+6
Health insurance demarcation product FSCA / CMS M+2 M+5
Banking licence (Tier 2) PA / SARB M+9 M+18
FSP Cat I (Investments) FSCA M+12 M+15
Reinsurance acceptance authorisation Prudential Authority M+3 M+8

10.3 Solvency and Capital Framework

Vitalis will operate under the Solvency Assessment and Management
(SAM) framework — South Africa’s adaptation of Solvency II. Under SAM,
insurers must maintain assets sufficient to cover the Solvency Capital
Requirement (SCR), calculated using either the standard formula or an
internal model. Vitalis will use the standard formula at launch with a
long-term plan to develop an internal model for material risk pools.

Year SCR (R M) Eligible Capital (R M) Coverage Ratio Buffer over 150% (R M)
Year 1 250 485 194% 110
Year 2 335 530 158% 28
Year 3 460 720 157% 30
Year 4 630 1,180 187% 235
Year 5 820 1,750 213% 520

10.4 Conduct, TCF and Customer Outcomes

Vitalis embeds the FSCA’s Treating Customers Fairly (TCF) framework
into product design, distribution and after-sales servicing. The six TCF
outcomes — fair treatment central to culture; products meet identified
needs; clear information; suitable advice; products perform as expected;
no post-sale barriers to changing product, switching provider,
submitting a claim or making a complaint — are operationalised through a
Conduct Committee chaired by the COO and reporting quarterly to the
Board Conduct & Customer Committee.

10.5 Data Protection and POPIA

The Protection of Personal Information Act (POPIA) imposes
comprehensive obligations on the collection, processing and cross-border
transfer of personal information. Given the data-intensive nature of the
Vitalis platform, POPIA compliance is treated as both a legal and a
commercial imperative. An external Information Officer has been
appointed; data-protection impact assessments precede every new product
and material vendor onboarding; and aggregate data analytics use only
de-identified data sets.

10.6 Anti-Money Laundering and Sanctions

Vitalis is an accountable institution under the Financial
Intelligence Centre Act (FICA). The compliance programme includes
risk-based customer due diligence, ongoing transaction monitoring,
sanctions screening (UN, OFAC, EU and domestic lists), and timely
reporting of suspicious and unusual transactions. The programme is
supervised by a Money-Laundering Reporting Officer (MLRO) with direct
escalation to the CEO and Board.

Confidential — this business plan is provided to prospective investors and lenders for evaluation purposes only and may not be reproduced or distributed without the written consent of Vitalis Group South Africa (Pty) Ltd.