Draft proposals for managing IT risks

Posted on

The Financial Sector Conduct Authority (FSCA) and the Prudential Authority (PA), published a draft Joint Standard on Information technology risk management for public consultation.

The main objective of the Joint Standard is to prescribe the requirements that a financial institution must comply with in relation to information technology risk management.

The draft Joint Standard is to be made under section 107, read with sections 105, 106 and 108 of the Financial Sector Regulation Act, 2017 (Act No. 9 of 2017) (FSR Act) and is intended to apply to:

  • a bank, a branch of a foreign institution or a bank controlling company registered or authorised under the Banks Act, 1990 (Act No. 94 of 1990);
  • a mutual bank registered under the Mutual Banks Act, 1993 (Act No. 24 of 1993);
  • an insurer licensed under the Insurance Act, 2017 (Act No. 18 of 2017);
  • a manager of a collective investment scheme registered under the Collective Investment Scheme Control Act, 2002 (Act No. 45 of 2002);
  • a market infrastructure registered in terms of the Financial Markets Act 2012 (Act No. 19 of 2012);
  • a discretionary financial services provider (FSP), as contemplated in the Code of Conduct for Administrative and Discretionary FSPs, 2003; and
  • an administrative FSP, as contemplated in the Code of Conduct for Administrative and Discretionary FSPs, 2003.

Background

Information Technology (IT) risks can pose significant adverse technology failures to financial institutions, potentially compromising their viability. For this reason, IT risk management is fundamental for a financial institution to achieve its strategic, corporate, operational, and reputational objectives.

The introduction of the fourth industrial revolution further changed how financial institutions interact with their customers, increasingly deploying more advanced technology and online systems. Financial institutions are also faced with the challenge of keeping pace with the needs and preferences of their customers who are embracing financial innovation as well as the improved use of technology in the delivery of financial products and services.

Digitisation, digitalisation and other emerging technologies have promoted IT to become an integral part of the business enablement of strategies including the ability to incorporate customer needs. Technologically enabled financial innovation has also resulted in new business models, applications, processes, or products with an associated material effect on financial markets and institutions and the provision of financial services. These developments have also led to an increased change in the nature and scope of risks in the financial sector. Such risks include strategic risk, operational risk, cyber-risk and compliance risk.

The advancement of IT requires financial institutions to fully understand the magnitude and intensification of IT risks from these developments. In this regard, financial institutions must put in place adequate and robust risk management systems as well as operating processes to ensure that they appropriately identify, manage and monitor IT risks.

Please click here to download all the applicable information.