Financial institutions have been invited to comment on the draft requirements for notifying the FSCA and the Prudential Authority of material IT and cyber-related incidents.
The notification requirements apply to financial institutions that are subject to:
- Joint Standard 1 of 2023: IT Governance and Risk Management for Financial Institutions (effective 15 November 2024).
- Joint Standard 2 of 2024: Cybersecurity and Cyber Resilience Requirements for Financial Institutions (effective 1 June 2025).
These Joint Standards allow for the establishment of notification requirements for affected financial institutions.
In Joint Communication 3 of 2025, dated 3 September, the FSCA and the PA announced the release of two draft documents for consultation:
- Draft Determination of the Notification Template, covering Joint Standards 1 and 2.
- Draft Notification Template for material IT and cyber incidents.
Interested parties are invited to submit comments using the template provided. Comments must be sent by 5 October 2025, to:
- PA-Standards@resbank.co.za (attention: Kalai Naidoo).
- FSCA.RFDStandards@fsca.co.za (attention: Andile Mjadu).
