As the financial sector continues to evolve, so do the threats it faces. In response, the Financial Sector Conduct Authority and Prudential Authority have introduced Joint Standard 2 of 2024 to enhance cybersecurity and cyber resilience across financial institutions in South Africa.
What Does This Mean for You?
- Comprehensive Guidelines
This standard provides detailed requirements for managing and mitigating cybersecurity risks, ensuring robust defences against evolving threats.
- Applicability
It applies to a wide range of financial institutions, including banks, insurers, pension funds, and more.
- Implementation Deadline
The standard comes into effect on 1 June 2025, giving institutions just over six months to prepare.
Compliance Requirements:
To comply with Joint Standard 2 of 2024, financial institutions must:
- Establish robust cybersecurity governance and risk management frameworks.
- Implement appropriate security controls and cyber resilience capabilities.
- Conduct regular risk assessments and update security measures.
- Provide cybersecurity awareness training to employees.
- Ensure third-party service providers meet the required security standards.
- Monitor, detect, and respond to cyber incidents effectively.
- Report cyber incidents to the Prudential Authority and Financial Sector Conduct Authority as required.
This Joint Standard is essential for enhancing the cybersecurity posture of financial institutions in South Africa and ensuring the stability and integrity of the financial sector.
See below the complete document as published.