In today’s digital age, cybersecurity has become a critical concern for financial institutions worldwide. The increasing frequency and sophistication of cyber-attacks pose significant risks to the stability and integrity of financial systems. In South Africa, the Financial Sector Conduct Authority (FSCA) and the Prudential Authority (PA) have recognised the urgent need to address these challenges. During 2024, they published Joint Standard 2 of 2024, titled “Cybersecurity and Cyber Resilience,” which sets out detailed requirements and principles for sound practices and processes relating to cybersecurity and cyber resilience and which comes into effective on 01 June 2025. (EBnet, 2024)
The importance of cybersecurity and resilience
Cybersecurity refers to the body of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorised access. Cyber resilience, on the other hand, is the ability of an entity to continuously deliver the intended outcome despite adverse cyber events. Together, these concepts form the backbone of a robust defence strategy against cyber threats.
The financial sector, including banks, insurers, retirement funds, and collective investment scheme managers, is particularly vulnerable to cyber-attacks due to the sensitive nature of the data they handle and their interconnectedness within the financial system (EBnet, 2024). A successful cyber-attack on one institution can have cascading effects, potentially compromising the stability of the entire financial system. Therefore, it is imperative for financial institutions to adopt comprehensive cybersecurity and resilience measures.
The new Joint Standard: A step forward
The Joint Standard 2 of 2024 issued by the FSCA and PA aims to ensure that financial institutions establish sound and robust processes for managing cyber risks (EBnet, 2024). This standard is applicable to various financial institutions, including pension funds, and outlines the minimum requirements and principles for sound practices and processes of cybersecurity and cyber resilience (FSCA and PA, 2022).
The standard emphasises the importance of a proactive approach to cybersecurity, which includes the following key elements:
Impact on pension funds
Pension funds, as custodians of retirement savings for millions of South Africans, are particularly impacted by the new Joint Standard. The standard requires pension funds to implement comprehensive cybersecurity measures to protect the sensitive data they handle and ensure the continuity of their operations in the face of cyber threats (EBnet, 2024). The board of trustees of the pension fund will be responsible for ensuring compliance with the Joint Standard and will have ultimate oversight over the fund’s service providers.
The fund therefore needs to ensure that their service providers, such as administrators and investment managers, also comply with the same cybersecurity and resilience standards. This integrated approach ensures that all entities within the pension fund ecosystem are aligned in their efforts to mitigate cyber risks.
From here
The publication of Joint Standard 2 of 2024 by the FSCA and PA marks a significant step forward in enhancing the cybersecurity and resilience of South Africa’s financial sector. By setting out clear requirements and principles for managing cyber risks, the standard provides a robust framework for financial institutions, including pension funds, to protect themselves and their clients from the growing threat of cyber-attacks.
As the digital landscape continues to evolve, it is essential for financial institutions to remain vigilant and initiative-taking in their cybersecurity efforts. By embracing the new joint standard and continuously improving their cyber resilience, they can safeguard their operations, maintain the trust of their clients, and contribute to the stability of the broader financial system.
References
EBnet. (2024, 05 23). FSCA publishes final joint standard on cybersecurity. Retrieved from EBnet: https://www.ebnet.co.za/fsca-publishes-final-joint-standard-on-cybersecurity-and-cyber-resilience-requirements-for-financial-institutions/
FSCA and PA. (2022, 12 09). Joint Communication 4 of 2022. Retrieved from FSCA: https://www.fsca.co.za/Regulatory%20Frameworks/Regulatory%20Frameworks%20Documents/FSCA-PA%20Joint%20Communication%204%20of%202022.pdf