Joint Communication 3 of 2025

Joint Communication 3 of 2025 For consultation - Determination of the notification template in terms of Joint Standard 1 of 2023 – IT Governance and Risk Management for Financial Institutions and Joint Standard 2 of 2024 – Cybersecurity and Cyber Resilience Requirements for Financial Institutions

1. BACKGROUND 1.1 On 10 November 2023 and 17 May 2024, the Financial Sector Conduct Authority and the Prudential Authority (hereinafter collectively referred to as the Authorities) published Joint Standard 1 of 2023 – IT Governance and Risk Management for Financial Institutions1 and Joint Standard 2 of 2024 – Cybersecurity and Cyber Resilience Requirements for Financial Institutions2 respectively. 1.2 The Joint Standards enable the determination of notification requirements for financial institutions that are subject to the Joint Standards.
2. PURPOSE 2.1 The purpose of this Joint Communication is to notify all interested parties of the publication of the following documentation for consultation: 2.1.1 Draft Determination of the Notification Template for Joint Standard 1 of 2023 – IT Governance and Risk Management for Financial Institutions and Joint Standard 2 of 2024 – Cybersecurity and Cyber Resilience Requirements for Financial Institutions, attached hereto as Annexure A; and 2.1.2 Draft Notification template for material IT and cyber incidents, attached hereto as Annexure B.
3. CONSULTATION 3.1 Comments on the draft determination and notification template must be submitted to the Authorities using the comment template attached hereto as Annexure C. 1 Effective 15 November 2024. 2 Effective 1 June 2025.

3.2 Comments are due on 5 October 2025 and must be submitted to PA-Standards@resbank.co.za for the attention of Kalai Naidoo and FSCA.RFDStandards@fsca.co.za for the attention of Andile Mjadu. UNATHI KAMLANA FUNDI TSHAZIBANA Commissioner: Chief Executive Officer: Financial Sector Conduct Authority Prudential Authority DATE: 3/09/2025 DATE:3/09/2025