Joint Communication 4 of 2023 – IT Governance and Risk Management Standard

1 Financial Sector Regulation Act, 2017 Joint Communication 4 of 2023 Publication of the Joint Standard 1 of 2023 – Information Technology (IT) Governance and Risk Management

1. PURPOSE This Communication informs stakeholders that today and pursuant to section 60(3)(b)(vi) and 42(b)(vi) of the Financial Sector Regulation Act (FSR Act), the Executive Committee of the Financial Sector Conduct Authority and the Prudential Committee of the Prudential Authority (the Authorities) have published the following documents: 1.1 Joint Standard 1 of 2023: Information Technology (IT) Governance and Risk Management (Joint Standard); 1.2 Statement of Need, Expected Impact and Intended Operation supporting the Joint Standard; and 1.3 Consultation Report.
2. SUMMARY 2.1 The Joint Standard sets out the principles for IT governance and risk management that financial institutions must comply with, in line with sound practices and processes in managing IT risk. 2.2 On 9 June 2021, the draft Joint Standard was released for public consultation with comments due on 26 July 2021. During July and August 2022, the Authorities consulted further on the amended Joint Standard with commentators from the previous consultation, in terms of section 101 of the FSR Act, 2017. The Joint Standard was tabled in Parliament on 23 May

2.3 More detail on the need, expected impact and intended operation of the Joint Standard can be found in the document referred to in paragraph 1.2 of this Communication. 2.4 The process for making regulatory instruments is prescribed in Chapter 7 of the FSR Act. The said process has now been concluded, and the Authorities therefore published the final Joint Standard. 2.5 The Joint Standard commences on 15 November 2024. 3. ENQUIRIES 3.1 The documents referred to in paragraph 1 are available on the Authorities’ websites at www.fsca.co.za. or www.resbank.co.za. FINANCIAL SECTOR CONDUCT AUTHORITY PRUDENTIAL AUTHORITY DATE: 06.11.2023 DATE: