FSCA Communication 34 of 2023 – Cybersecurity and Cyber Resilience Requirements for Financial Institutions

FSCA COMMUNICATION 34 OF 2023 (GENERAL) Submission to Parliament of draft Joint Standard – Cybersecurity and Cyber Resilience Requirements for financial institutions

1. The purpose of this Communication is to inform stakeholders that on 30 November 2023, the following draft Joint Standard and supporting documents were submitted to Parliament in terms of section 103(1) of the Financial Sector Regulation Act, 2017 (Act No. 9 of 2017) (FSR Act): 1.1 Joint Standard – Cybersecurity and Cyber Resilience Requirements for financial institutions (Joint Standard); 1.2 Statement supporting the Joint Standard; and 1.3 Consultation Report on the Joint Standard.
2. The Joint Standard sets out the principles for cybersecurity and cyber resilience that financial institutions must comply with, including requirements that – 1.1 promote the adoption of fundamental cybersecurity fundamentals and hygiene practices to preserve confidentiality, integrity and availability of data and IT systems; 1.2 ensure that financial institutions undertake systematic testing and assurance regarding the effectiveness of their security controls; 1.3 ensure that financial institutions establish and maintain cyber resilience capability, to be adequately prepared to deal with cyber threats; and 1.4 provide for notification by the regulated entities of material cyber incidents to the Authorities. The documents referred to in paragraph 1 are available on the FSCA’s website at www.fsca.co.za.
3. For more information regarding the draft Joint Standard and/or this Communication, please contact the Regulatory Frameworks Department of the Authority by emailing andile.mjadu@fsca.co.za. KATHERINE GIBSON DEPUTY COMMISSIONER FINANCIAL SECTOR CONDUCT AUTHORITY Date of publication: 7 December 2023