JOINT COMMUNICATIONS FROM THE FSCA CYBER AND IT SECURITY

Joint Communication 2 of 2025: Cloud Computing and Data Offshoring – 25 July 2025

On 25 July 25, the FSCA and Prudential Authority released Joint Communication 2 of 2025, signalling plans to draft a Joint Standard with clear rules for cloud use and data offshoring. This guidance emphasises the role of boards, trustees, and senior management in managing risks tied to these technologies.

Cloud computing is considered a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage facilities, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Source: 

Joint Communication 2 of 2025

The offshoring of data is the storage and/or processing of data outside the borders of South Africa.

The Joint Communication proposes that, when implementing any cloud computing and/or data offshoring solution, financial institutions should:

  • Apply risk-based strategies tailored to their business size and complexity.
  • Consider establishing strong governance structures, processes, and procedures. These could include, for example, formulating a defined policy, board-approved data strategy, and data governance framework that addresses the financial institution’s risk appetite for cloud computing and/or data offshoring.
  • Take all reasonable measures to ensure the confidentiality, integrity, and availability of their data, information technology applications, or systems. Take all reasonable measures to ensure the confidentiality, integrity, and availability of their data, information technology applications, or systems.
  • Consider contractual and other legal requirements for these services and the enforceability of rights and obligations arising from these contractual arrangements.
  • Exercise appropriate due diligence before investing in the use of cloud computing and/or offshoring.
While the full scope of institutions affected is still under review, the authorities plan to publish the draft standard for public consultation in due course. Supervisory oversight on cloud computing and offshoring risks will intensify through 2025 and 2026 as part of regular supervision efforts, aiming to protect the financial sector and align with global best practices.

Any guidance from the FSCA is to be welcomed, given that increasingly, data is stored in the cloud offshore.

Joint Communication 3 of 2025: For consultation: Determination of the notification template in terms of Joint Standard 1 of 2023 – IT Governance and Risk Management for Financial Institutions and Joint Standard 2 of 2024 – Cybersecurity and Cyber Resilience Requirements for Financial Institutions – 3 September 2025

Joint Communication 3 of 2025, issued for consultation on 3 September 2025, introduces a draft notification template for financial institutions to comply with Joint Standard 1 of 2023 (IT Governance and Risk Management) and Joint Standard 2 of 2024 (Cybersecurity and Cyber Resilience).

The Communication standardises how institutions report IT governance, risk management, cybersecurity incidents and cyber resilience measures to the Financial Sector Conduct Authority and Prudential Authority. You can view the reporting template here.

Its goal is to improve regulatory oversight, enhance operational and cyber risk management, and ensure consistent, timely incident reporting to strengthen the financial sector’s resilience against IT and cyber threats. Institutions and stakeholders are invited to comment on the proposed template.
Comments are due on the templates by 5 October 2025.

Don’t miss the deadline for input on the new notification templates! 

Engage our strategic consultants to prepare your submission or discuss compliance before the October 5, 2025, comment due date.

Contact Us

COOKIE POLICY

Welcome to our website.

1. Introduction

This Cookie Policy explains how we use cookies and similar technologies on our website axioconsult.com. This policy is designed to help you understand what cookies are, how we use them, and the choices you have regarding their use.

2. What Are Cookies

Cookies are small text files that are stored on your device (computer, tablet, or mobile phone) when you visit certain websites. They are widely used to enhance your online experience by remembering your preferences and actions over time. Cookies are not harmful and do not contain personal information like your name or payment details.

3. How We Use Cookies

We use cookies for various purposes, including:

    • Essential Cookies: These cookies are necessary for the basic functioning of our website. They enable you to navigate our site, use its features, and access secure areas.
    • Analytical/Performance Cookies: These cookies help us understand how visitors use our website. They provide information about which pages are visited most frequently, how long visitors stay on each page, and whether they encounter any error messages. This data helps us improve the performance and usability of our website.
    • Functionality Cookies: These cookies allow our website to remember choices you make (such as your username, language, or region) and provide enhanced, personalised features.
    • Targeting/Advertising Cookies: These cookies are used to deliver advertisements that are relevant to your interests. They may also limit the number of times you see an ad and help measure the effectiveness of ad campaigns.

 

4. Your Cookie Choices

You have the option to manage your cookie preferences. You can usually modify your browser settings to accept, reject, or delete cookies. Please note that if you choose to block or delete cookies, some features of our website may not function properly.

5. Third-Party Cookies

We may allow third-party service providers to use cookies on our website for the purposes outlined in Section 3. These providers may also collect information about your online activities over time and across different websites.

6. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in technology, law, or our data practices. Any changes will become effective when we post the revised policy on our website.

7. Contact Us

If you have any questions about our Cookie Policy or how we use cookies on our website, please contact us at

By continuing to use our website, you consent to the use of cookies as described in this Cookie Policy.