The Financial Services Tribunal (FST) has overturned the debarment of a former Nedbank Commercial Manager who emailed herself confidential information on her last day of employmentnot because her conduct was acceptable, but because the bank followed the wrong legal process.
Johanna Maria du Toit was employed as a Commercial Manager at Nedbank and, as a result of her role, was registered as a financial services representative under the Financial Advisory and Intermediary Services Act (FAIS Act) . She resigned at the end of April 2025.
The bank debarred her in September 2025 after establishing that she had forwarded confidential information to her private email address at 23:51 on her last day of employment.
She approached the tribunal seeking to overturn the decision.
The Legal Technicality
At the heart of the matter was whether Nedbank was entitled to debar Du Toit under Section 14 of the FAIS Act.
The tribunal noted that although the alleged misconduct occurred while Du Toit was still employed, the bank only became aware of the conduct after she had ceased to be its representative.
According to Section 14(1)(b) of the FAIS Act, the reasons for a debarment must have occurred and become known to the financial services provider while the individual was still a representative.
The tribunal clarified: if the reason for debarment occurred or only became known after the person ceased to be a representative, the financial services provider may not debar the individual itself. Instead, it must refer the matter to the Financial Sector Conduct Authority (FSCA) for possible action.
The Finding
The tribunal found that Nedbank had adopted the incorrect procedure because the facts giving rise to the debarment were not known to the bank during Du Toit’s employment. It was therefore not permitted to debar her under Section 14 of the FAIS Act.
If warranted, the tribunal held, the bank should instead have approached the regulator for appropriate action.
As a result, the tribunal upheld Du Toit’s application for reconsideration and set aside the debarment.
What This Means
The ruling does not condone Du Toit’s conduct. Emailing confidential information to a private account on one’s last day raises legitimate concerns about data security and potential misuse. The bank’s concerns may well have been valid.
But under the law, process matters. The FAIS Act sets out clear rules for debarment, and those rules exist to protect the rights of individuals facing serious professional sanctions. Nedbank followed the wrong pathand its decision could not stand.
The matter could now be referred to the FSCA, which has the authority to investigate and, if appropriate, impose its own sanctions. Du Toit is not off the hook; she is simply back in the right queue.
The Bigger Picture
For financial institutions, the case is a reminder that compliance is not just about what you do, but how and when you do it. A valid concern, pursued through the wrong procedure, yields an invalid outcome.
For the FSCA, it’s a signal that debarment referrals may increase as banks learn to follow the law.
And for Du Toit, the ruling offers a reprievebut not necessarily a resolution. The facts of what she did have not been adjudicated. That process may yet come.
