Benefits

Cybersecurity Duties for Retirement Funds: JS 2 of 2024

Benefits

FSCA JOINT STANDARD 2 OF 2024: CYBERSECURITY AND RESILIENCE

ONGOING REQUIREMENTS FROM RETIREMENT FUNDS AND TRUSTEES

Although Joint Standard (JS) 2 of 2024 took effect on 1 June 2025, ongoing compliance requires continued efforts beyond the implementation date. JS 2 of 2024 outlines specific obligations for financial institutions, like retirement funds, to make sure they stay compliant with cybersecurity and cyber resilience standards. It goes to great lengths to set out detailed roles and responsibilities to safeguard members from potential cyber threats, attacks and/or breaches.

Trustees must be aware that if they have drafted a policy and ticked the corresponding box, that is not the end of the story; ongoing responsibilities are still required. We have summarised below the trustees’ ongoing responsibilities:

1. Review the fund’s cybersecurity strategy

The fund’s cybersecurity strategy must be reviewed at least annually to:

    • address changes in the cyber threat landscape; and
    • incorporate cyber risk management into the fund’s governance structures with independent oversight: and
    • ensure that it remains aligned with the fund’s other policies and other applicable laws (for example, the Protection of Personal Information Act).

2. Update policies, processes and controls

The fund’s cybersecurity policies, standards, processes and procedures must be continuously updated to reflect evolving risks, updates in technology and increased sophistication of cyber threats, including the ability to recover from cyber events.

3. Conduct regular testing and assurance

The Fund must undertake systematic testing, ongoing monitoring and validation of their cybersecurity measures to evaluate the effectiveness of their security protocols – including regular penetration testing, vulnerability assessments and other cybersecurity exercises to identify and address weaknesses.

4. Incident management and reporting

Retirement funds must maintain effective detection and response capabilities, including the ability to manage and mitigate cyber incidents.

Funds are required to notify the FSCA or Prudential Authority of material cyber incidents within 24 hours, using the prescribed template.

5. Ongoing training and awareness

Ongoing trustee training is mandatory to make sure trustees remain abreast of evolving cyber risks and incidents. Training programmes must be relevant in the rapidly changing fintech landscape.

6. Governance and oversight

Ongoing reporting is required to ensure that the trustees, or a relevant sub-committee, are kept meaningfully informed of the fund’s cyber security and resilience position.

7. Third-party risk management

Funds must conduct ongoing monitoring of third-party service providers to manage supply chain vulnerabilities. This includes maintaining an inventory of critical service providers and ensuring business continuity plans are in place.

8. Continuous improvement

The regulators expect retirement funds to continuously improve their cybersecurity and cyber resilience practices, adapting to new threats and regulatory guidance. This includes integrating lessons learned from incidents, either their own or incidents in the wider industry.

Remember, your retirement fund is a financial institution as defined and runs the risk of incurring administrative penalties if it does not comply with JS 2 of 2024. Your fund administrators are referenced separately, and they must also comply with JS 2 of 2024. The FSCA has specifically noted that retirement funds cannot simply rely on their administrator’s cybersecurity controls alone.

Stay Compliant. Stay Secure.
If you’re unsure about your fund’s compliance with FSCA Joint Standard 2 of 2024 or need support in strengthening your cybersecurity governance, contact us today. Our team is ready to assist trustees and retirement funds in meeting their ongoing obligations with confidence and clarity.

Contact Us

Cybersecurity Duties for Retirement Funds: JS 2 of 2024 Read More »

South Africa Retirement Fund Updates

Benefits

SOUTH AFRICA RETIREMENT FUND UPDATES

Clarity on the application of the in duplum rule on outstanding fund contributions

The in duplum rule is a legal principle originating from Roman law and part of South African common law. The rule limits the amount of interest that can accumulate on a debt. It essentially states that the total amount of unpaid interest cannot exceed the original outstanding capital amount of the debt. In other words, once the unpaid interest equals the principal debt, the interest stops accruing. The rule aims to protect debtors from excessive interest accumulation and encourages lenders to pursue debt recovery promptly.

There have been significant differences of opinion in the case law.

In 2023, the KwaZulu-Natal High Court ruled in Municipal Workers Retirement Fund v Umzimkhulu Local Municipality that the in duplum rule does not apply to statutory interest on late pension fund contributions under section 13A of the Pension Funds Act (PFA). After this case, the Office of the Pension Funds Adjudicator (OPFA) issued Communication 1 of 2024 confirming that it supported the view of the court that the in duplum rule does not apply to interest arising from the non-payment of arrear contributions in terms of section 13A(7).

However, in March 2025, in Blue Crane Route Municipality v Municipal Workers Retirement Fund, the Eastern Cape High Court handed down a judgment that the in duplum rule does apply to arrear contributions.  This prompted the OPFA to issue Communication 1 of 2025 on 8 May 2025, in which they reconsidered their position on the matter and confirmed that the in duplum rule does, in fact, apply to outstanding employer contributions to a retirement fund.

The Information Regulator’s online portal for reporting security compromises

From 1 April 2025, all organisations must report any security compromises, commonly referred to as information breaches, on the Information Regulator’s (IR) eServices portal using the new Security Compromises Reporting functionality.

To access the eServices portal, visit the IR’s website at https://inforegulator.org.za and click on the eServices portal link at the top of the page.

Remember, to submit a breach notification, both the retirement fund and its Information Officer must be registered.

FSCA’s survey on two-pot fees

In September 2024, the FSCA surveyed 111 retirement fund administrators and six self-administered funds to assess two-pot retirement system fees.

Their key findings can be summarised as:

  • Average costs: The average withdrawal fee is R357, with 37 administrators charging flat fees (R50–R500, most between R250–R350) and 12 using variable fees (R10 - R750). Once-off implementation costs reached R1.6 billion, with 65% tied to system upgrades.
  • Challenges faced: Funds faced high withdrawal request volumes, system-related issues, payment delays, and slow account verification. Many administrators absorbed initial costs, but some passed them on via higher monthly/base fees and/or savings pot withdrawal fees, raising concerns about cross-subsidisation between members.
  • Ongoing intentions: The FSCA will continue to scrutinise fees for fairness and transparency, engaging outliers, including both those providers who are charging above-average fees as well as providers who claim to not have invested in system development at all. The FSCA will monitor long-term cost impacts as the system stabilises and matures.

The FSCA aims to ensure fees align with costs incurred, promoting transparency and protecting retirement fund members.

Retirement fund trustees and management committees are encouraged to discuss their fees with their consultant, to appreciate the context of the FSCA’s survey at a point in time when information around two-pot implementation was not completely understood, and to make sure that their fees are reasonable.

Stay Informed, Stay Compliant: What You Should Do Next
To navigate these updates effectively, retirement fund stakeholders should review their compliance strategies, consult with experts, and stay engaged with regulatory developments. Proactive action today ensures protection and readiness for tomorrow.

Contact Us

South Africa Retirement Fund Updates Read More »

Section 14 Transfers: FSCA RF Notice 5 of 2025

Benefits

Section 14 Transfers: FSCA RF Notice 5 of 2025

Determination of forms for applications in respect of amalgamations and transfers

The FSCA RF Notice 5 of 2025 provides the updated forms to be used for applications involving amalgamations and transfers of retirement fund benefits under Section 14 of the Pension Funds Act (PFA). These updates were needed to align the forms with the two-pot retirement system, requiring funds to specify members’ different components separately when applying for transfers or amalgamations.

This update improves transparency and consistency in how retirement fund transfers are processed, thereby protecting transferring members’ interests since the implementation of the two-pot system.

Draft FSCA RF Notice [-] of 2025: Exemption of retail funds from the requirements of Section 14

While we’re on the topic of Section 14 transfers, the FSCA has issued draft RF Notice [-] of 2025 proposing to exempt retail funds (retirement annuity (RA) funds and preservation funds) from the requirements of Section 14(1) of the PFA.

Normally retirement funds must comply with the formal procedures set out in S14 of the PFA before any amalgamation or transfer can take place. However, Section 14(9) empowers the FSCA to grant exemptions subject to certain conditions. The exemption has been drafted in response to industry requests, recognising that retail funds differ from occupational pension and provident funds because members join these funds voluntarily and transfers occur at the member’s request, often following financial advice.

Unlike occupational funds, retail fund transfers are individual and voluntary. Members are aware of these transfers and thus, the full Section 14 process is considered unnecessary.

The exemption applies to transfers:

  • Between retirement annuity funds,
  • Between preservation funds,
  • From preservation funds to retirement annuity funds.

Conditions for the exemption include:

  • Compliance with paragraph 16 of FSRA Conduct Standard 1 of 2019,
  • Proper record-keeping by retail funds,
  • Transfer of assets and liabilities within 180 days,
  • Adjusting transferred assets with fund returns from the effective date to final settlement.

In our opinion. The draft exemption will simplify and speed up retail fund transfers while maintaining member protection and regulatory oversight- concomitantly it is welcomed.

Stakeholders are invited to submit comments to the FSCA by 5 June 2025.

Be Part of the Change
The proposed exemption aims to streamline retail fund transfers while preserving member safeguards. If you’re involved in retirement fund administration or financial planning, now’s your chance to influence policy. Submit your comments to the FSCA before 5 June 2025.

Contact Us

Section 14 Transfers: FSCA RF Notice 5 of 2025 Read More »

The FSCA’s draft Conduct Standard for Section 13B pension fund benefit administrators

The FSCA’s draft Conduct Standard for Section 13B pension fund benefit administrators

Benefits
The FSCA’s draft Conduct Standard for Section 13B pension fund benefit administrators

The FSCA’s draft Conduct Standard for Section 13B pension fund benefit administrators

The FSCA’s Conduct Standard relating to Section 13B pension fund administrators is a new regulatory framework designed to replace the outdated Board Notice 24 of 2002. It aims to strengthen governance, compliance, and fair treatment of customers, in other words retirement funds and their members, by benefit administrators who administer pension fund benefits.

The FSCA has confirmed that the amended draft Conduct Standard, incorporating industry’s comments, was submitted to Parliament on 1 April 2025.

Axiomatic considers the following to be the main points of the Conduct Standard

    • Governance and business conduct: Administrators must implement a robust governance framework, including detailed policies that ensure compliance with the Treating Customers Fairly (TCF) principles. This includes documenting, monitoring, and regularly reviewing governance effectiveness.
    • Fit and proper requirements: Directors, senior managers, and heads of control functions must meet specific fit and proper standards to ensure competent and ethical leadership.
    • Administration agreements and outsourcing: The standard sets clear requirements for administration agreements with funds, including indemnity and fidelity insurance. Outsourcing of administration functions must be to FSCA-approved administrators, with proper oversight and controls in place.
    • Conflicts of interest: Administrators must adopt and implement conflict of interest policies, ensuring all employees are aware of these policies and that conflicts are managed effectively.
    • Communication and complaints management: Clear rules govern communication with funds and members, including disclosures and structured complaints handling processes with proper record keeping.
    • Data management: The standard prescribes strict data management and record keeping requirements, including minimum retention periods and controls over third party data handling.
    • Financial and operational controls: Administrators must maintain sound financial practices, including trust accounts, auditing, and statutory reporting. Operational procedures must ensure data security and accurate administration.

The draft Conduct Standard proposes an implementation period of 6 months for administrators to comply. The FSCA, however, has agreed to a staggered implementation, with some conditions coming into effect on publication date, while others will allow for either a 6- or 12-month implementation period.

Pension funds

Note to reader:
This is a very comprehensive Conduct Standard with numerous details and implications for administrators. If you fulfil an administrative function or an oversight role, we suggest you read the Conduct Standard.

Compliance Starts with a Conversation
Understanding the FSCA’s draft Conduct Standard is crucial. Speak to our team for professional advice and a clear path forward.

Contact Us

The FSCA’s draft Conduct Standard for Section 13B pension fund benefit administrators Read More »

Reminder: Annual PAIA reporting for retirement funds due by 30 June 2025

Benefits

Reminder: Annual PAIA reporting for retirement funds due by 30 June 2025

Retirement funds, as private bodies under the Promotion of Access to Information Act (PAIA), must submit annual reports about their PAIA activities by 30 June 2025. This report details how the fund has processed requests from people asking for information, for the period 1 April 2024 to 31 March 2025. 

The Regulator uses these reports to assess overall compliance with PAIA, understand trends in information requests, and gauge public awareness and usage of the Act

The fund’s Information Officer or Deputy Information Officer is responsible for making the submission. 

The report must be submitted online through the Information Regulator’s website or directly on the Regulator’s eServices portal on https://eservices.inforegulator.org.za  as follows:

  1. Log in with ID number and password
  2. Verify identity with the OTP sent
  3. Click on “Submit annual PAIA reports”
  4. Click on “New submission”
  5. Complete the reporting per relevant body registered on the user’s profile

Avoid Penalties: File Your PAIA Report Today
The Information Regulator requires annual submissions by 30 June. Complete yours now.

Contact Us

Reminder: Annual PAIA reporting for retirement funds due by 30 June 2025 Read More »

FSCA’s Conduct Standard on financial education

Benefits

FSCA’s Conduct Standard on financial education

We at Axiomatic have always been passionate about financial education (FE). 

In a country where only a small percentage of the population is financially prepared for retirement, financial education has become a critical pillar in ensuring the long-term sustainability and effectiveness of retirement funds. Many members lack a clear understanding of how these funds operate, what benefits they provide, and how their personal financial decisions affect their retirement outcomes.

Financial literacy empowers fund members to make informed decisions about contributions, investment choices, and benefit withdrawals. Without this knowledge, individuals may face avoidable risks such as early withdrawals, inadequate contributions, or poor investment decisions — all of which can significantly undermine their financial security in retirement.

We are therefore pleased that the FSCA has issued FSCA Conduct Standard 1 of 2025: Requirements for Financial Institutions Providing Financial Education Initiatives.

The regulation applies to all financial institutions under the FSCA’s oversight that provide FE programs. These include banks, insurers, retirement funds, and other entities offering structured educational efforts, such as workshops, campaigns, or digital content. Random or one-off actions, like a single article or advertisement, don’t qualify – FE must be deliberate and ongoing to fall under this standard.

When is the Standard applicable to retirement funds?

For most retirement funds, the statement that “Random or one-off actions, like a single article or advertisement, don’t qualify” requires additional scrutiny.

The Conduct Standard implicitly states that it is applicable to retirement funds. Where the fund has a formal FE program run by themselves or a third party, there is no doubt that the fund would be subject to the requirements of the Standard.

However, what if a monthly newsletter were distributed to members? A monthly newsletter could constitute FE if same were a structured, ongoing series of educational content with systematic planning  and  focus on general financial literacy. Given this, it is unlikely that a single newsletter or a monthly newsletter informing members of the performance of their fund would require adherence to the provisions of the Standard. Even if some education is provided, for example, not to panic and make knee-jerk reactions when market volatility is experienced, this could not be considered a structured and ongoing series of FE.

Our opinion is that monthly newsletters as described above would not be subject to the requirements of the Standard.

The purpose and scope of the Conduct Standard

Published on 26 March 2025, this Conduct Standard seeks to enhance financial literacy and financial inclusion in South Africa. With its implementation set for 26 March 2026, financial institutions, including retirement funds, have a year to align with its requirements.

The Standard clearly elucidates what financial education (FE) is:

Financial education (FE) means the process by which financial customers improve their understanding of financial products, financial product providers, financial services, financial service providers, financial concepts and risks and, through objective basic information, instruction and the like, aim to develop the skills and confidence to:

    1. become more aware of financial risks and opportunities.
    2. Make informed financial decisions.
    3. manage their financial affairs more sustainably.
    4. know where to go for financial assistance and recourse, or
    5. take other effective actions to improve their financial well-being and the financial well-being of those under their responsibility.

The FSCA’s mandate includes protecting financial customers, promoting fair treatment by financial institutions, and fostering financial literacy. The Standard directly supports these objectives by setting baseline requirements for financial institutions offering FE programs. Unlike promotional or product-specific activities, the standard focuses on systematic, non-commercial initiatives designed to equip consumers with the knowledge to make informed financial decisions.

Key requirements: governance, measurability, and consumer focus

At its core, the Conduct Standard emphasises governance and accountability. Financial institutions must establish clear oversight for their FE initiatives, ensuring they align with consumer needs and regulatory expectations. This includes appointing qualified staff to develop and manage programs, with content tailored to the target audience’s literacy levels, cultural context, and financial challenges.

One of the most debated aspects during the consultation process was the requirement for measurability.

Institutions must track the effectiveness and impact of their FE programs, using metrics like participant engagement, knowledge retention, or behavioural changes (for example, increased savings or better budgeting).

In response to stakeholders who expressed concern that this could raise costs, the FSCA introduced flexibility, allowing smaller institutions to adopt simpler evaluation methods based on their size, complexity, and risk profile. For instance, a community-based credit provider might use basic surveys to measure impact, while a large bank could deploy sophisticated analytics. This proportional approach ensures that even modest players can comply without abandoning their programs.

Yes, the consequence is that larger institutions with more resources may deliver polished programs, while smaller ones might struggle to compete. However, the FSCA argues that raising the overall quality of FE will benefit consumers, even if the playing field isn’t perfectly level. We agree- some education is better than none.

The standard also prioritises consumer-centric education. FE initiatives must avoid marketing or promoting specific products, focusing instead on general skills like understanding credit, managing debt, or planning for retirement. By fostering impartial education, the FSCA aims to build trust and empower consumers to navigate South Africa’s complex financial landscape.

Implications for retirement funds

Funds need to examine the criteria for FE contained in the Standard to decide if their communication with members constitutes FE as described in the Standard. If the answer is YES and/or the fund has a structured, ongoing series of educational content with systematic planning  and  focus on general financial literacy, then with a 12-month transition period, retirement funds must align their FE programs to comply by March 2026.

You will need to review your existing FE programs, establish governance frameworks, and train staff to meet the standards’ requirements.

Alternatively, request your current consultant to set out a program that meets the requirements of the Conduct Standard.

Conclusion

We are of the opinion that this is a welcome initiative by the FSCA. Retirement funds should be enhancing the financial understanding and literacy of their members so that they understand the importance of planning for their retirement.

Let’s Make Financial Education Meaningful
Make sure you’re aligned with the FSCA’s updated interest rules. Reach out to Axiomatic for expert support.

Contact Us

FSCA’s Conduct Standard on financial education Read More »

COOKIE POLICY

Welcome to our website.

1. Introduction

This Cookie Policy explains how we use cookies and similar technologies on our website axioconsult.com. This policy is designed to help you understand what cookies are, how we use them, and the choices you have regarding their use.

2. What Are Cookies

Cookies are small text files that are stored on your device (computer, tablet, or mobile phone) when you visit certain websites. They are widely used to enhance your online experience by remembering your preferences and actions over time. Cookies are not harmful and do not contain personal information like your name or payment details.

3. How We Use Cookies

We use cookies for various purposes, including:

    • Essential Cookies: These cookies are necessary for the basic functioning of our website. They enable you to navigate our site, use its features, and access secure areas.
    • Analytical/Performance Cookies: These cookies help us understand how visitors use our website. They provide information about which pages are visited most frequently, how long visitors stay on each page, and whether they encounter any error messages. This data helps us improve the performance and usability of our website.
    • Functionality Cookies: These cookies allow our website to remember choices you make (such as your username, language, or region) and provide enhanced, personalised features.
    • Targeting/Advertising Cookies: These cookies are used to deliver advertisements that are relevant to your interests. They may also limit the number of times you see an ad and help measure the effectiveness of ad campaigns.

 

4. Your Cookie Choices

You have the option to manage your cookie preferences. You can usually modify your browser settings to accept, reject, or delete cookies. Please note that if you choose to block or delete cookies, some features of our website may not function properly.

5. Third-Party Cookies

We may allow third-party service providers to use cookies on our website for the purposes outlined in Section 3. These providers may also collect information about your online activities over time and across different websites.

6. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in technology, law, or our data practices. Any changes will become effective when we post the revised policy on our website.

7. Contact Us

If you have any questions about our Cookie Policy or how we use cookies on our website, please contact us at

By continuing to use our website, you consent to the use of cookies as described in this Cookie Policy.