The FSCA and the Prudential Authority (PA) have published, for comment, the draft Joint Standard: Cybersecurity and Cyber Resilience Requirements, which sets out the minimum standards for sound practices and processes of cybersecurity and cyber resilience for certain financial institutions.
The draft Joint Standard, issued in terms of the Financial Sector Regulation Act, applies to banks, mutual banks, insurers, collective investment schemes, market infrastructures, discretionary and administrative FSPs, retirement funds and OTC derivative providers.
The draft Joint Standard seeks to ensure that these financial institutions implement processes and have tools and technology that will prepare them for cyber-attacks and enable them to respond to and recover from such attacks.
In their joint communication, the FSCA and the PA said although the proposed Joint Standard will place an additional administrative burden on the affected financial institutions, the FSCA and the PA cannot, at this stage, ascertain the full extent of the expected impact or any other unintended consequences.
It said information about the expected impact of the Joint Standard was important to assist the authorities to determine the extent to which the requirements can or should be applied to small and medium-sized financial institutions.
On a welcome note, the communication also noted: “It is critical to ensure that regulatory requirements do not place an undue regulatory burden and/or barriers to entry in respect of smaller financial institutions. However, it is equally critical to ensure that regulatory requirements mitigate the relevant risks and an appropriate balance in this regard must therefore be struck.”
In an attempt to strike this balance, the proposed requirements facilitate the proportional application of the Joint Standard and provide that the requirements must be implemented in accordance with the risk appetite, nature, size and complexity of a financial institution.
The documents relating to the Joint Standard, including the comment template, can be downloaded from the FSCA’s website > Documents for consultation > General FSCA legislation.
Comments must be submitted, using the comments template, to PA-Standards@resbank.co.za for the attention of Mrs Kalai Naidoo and Mr Andile Mjadu, on or before 15 February.