Benefits

Joint Communications From The FSCA Cyber and IT Security

Benefits

JOINT COMMUNICATIONS FROM THE FSCA CYBER AND IT SECURITY

Joint Communication 2 of 2025: Cloud Computing and Data Offshoring – 25 July 2025

On 25 July 25, the FSCA and Prudential Authority released Joint Communication 2 of 2025, signalling plans to draft a Joint Standard with clear rules for cloud use and data offshoring. This guidance emphasises the role of boards, trustees, and senior management in managing risks tied to these technologies.

Cloud computing is considered a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage facilities, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Source: 

Joint Communication 2 of 2025

The offshoring of data is the storage and/or processing of data outside the borders of South Africa.

The Joint Communication proposes that, when implementing any cloud computing and/or data offshoring solution, financial institutions should:

  • Apply risk-based strategies tailored to their business size and complexity.
  • Consider establishing strong governance structures, processes, and procedures. These could include, for example, formulating a defined policy, board-approved data strategy, and data governance framework that addresses the financial institution’s risk appetite for cloud computing and/or data offshoring.
  • Take all reasonable measures to ensure the confidentiality, integrity, and availability of their data, information technology applications, or systems. Take all reasonable measures to ensure the confidentiality, integrity, and availability of their data, information technology applications, or systems.
  • Consider contractual and other legal requirements for these services and the enforceability of rights and obligations arising from these contractual arrangements.
  • Exercise appropriate due diligence before investing in the use of cloud computing and/or offshoring.
While the full scope of institutions affected is still under review, the authorities plan to publish the draft standard for public consultation in due course. Supervisory oversight on cloud computing and offshoring risks will intensify through 2025 and 2026 as part of regular supervision efforts, aiming to protect the financial sector and align with global best practices.

Any guidance from the FSCA is to be welcomed, given that increasingly, data is stored in the cloud offshore.

Joint Communication 3 of 2025: For consultation: Determination of the notification template in terms of Joint Standard 1 of 2023 – IT Governance and Risk Management for Financial Institutions and Joint Standard 2 of 2024 – Cybersecurity and Cyber Resilience Requirements for Financial Institutions – 3 September 2025

Joint Communication 3 of 2025, issued for consultation on 3 September 2025, introduces a draft notification template for financial institutions to comply with Joint Standard 1 of 2023 (IT Governance and Risk Management) and Joint Standard 2 of 2024 (Cybersecurity and Cyber Resilience).

The Communication standardises how institutions report IT governance, risk management, cybersecurity incidents and cyber resilience measures to the Financial Sector Conduct Authority and Prudential Authority. You can view the reporting template here.

Its goal is to improve regulatory oversight, enhance operational and cyber risk management, and ensure consistent, timely incident reporting to strengthen the financial sector’s resilience against IT and cyber threats. Institutions and stakeholders are invited to comment on the proposed template.
Comments are due on the templates by 5 October 2025.

Don’t miss the deadline for input on the new notification templates! 

Engage our strategic consultants to prepare your submission or discuss compliance before the October 5, 2025, comment due date.

Contact Us

Joint Communications From The FSCA Cyber and IT Security Read More »

Constitutional Court Redefines Death Benefit Distribution Under Pension Funds Act

Benefits

Constitutional Court Redefines Death Benefit Distribution Under Pension Funds Act

On 8 August 2025, the Constitutional Court delivered a pivotal ruling in Mutsila v Municipal Gratuity Fund and Others, significantly redefining the interpretation of section 37C of the Pension Funds Act, 1956 (PFA). This decision overturns the precedent established by the Supreme Court of Appeal (SCA) in Guarnieri v Fundsatwork Umbrella Pension Fund, a move widely regarded as both critical and progressive.

Backround

The Constitutional Court examined the application of section 37C of the PFA, which regulates the fair allocation of death benefits to dependants of deceased retirement fund members under the PFA.

The case stemmed from Ms Mutsila’s challenge to the Municipal Gratuity Fund’s (Fund) decision to distribute a substantial portion of her late husband’s death benefit to Ms Masete and her children, identified by the Fund as factual dependents. Ms Mutsila contested the alleged customary marriage between her deceased husband and Ms Masete, as well as their claimed dependency on him.

Key rulings

The Constitutional Court determined that:

  • The Fund failed to adequately investigate the factual dependency of Ms Masete and her children, as mandated by section 37C, which compromised its allocation decision.
  • The Fund relied on unverified information and did not properly exercise its discretionary powers.
  • The SCA erred in concluding that Ms Mutsila had not challenged the dependency findings.

As a result, the Court set aside all prior decisions and directed the Fund to re-evaluate the distribution within three months, based on the circumstances as they existed on 9 April 2014, when the Fund made its initial determination.

Significance of this ruling

This marks the first time the Constitutional Court has interpreted section 37C, making it a landmark decision.

The Court explicitly overruled Guarnieri, which held that dependency for death benefit distribution should be assessed at the time of the determination and that the person must still meet the definition of being a beneficiary at the time of the trustees’ distribution.

The Constitutional Court deemed this approach legally incorrect and impractical for several reasons:

  • Section 37C mandates that dependency be evaluated as of the date of the member’s death, not at the time of distribution.
  • The definition of “dependant” pertains to past dependency, not ongoing dependency.
  • Post death changes in circumstances may influence allocation but do not alter a person’s status as a dependant.

This judgement reinforces the social security purpose of death benefits in retirement funds and underscores the responsibility of funds to safeguard vulnerable dependents.

It establishes a binding precedent for all retirement funds, adjudicators and courts.

It is important that trustees, management committees, sub-committees and service providers revisit their processes and mandates to incorporate this new ruling.

Need Guidance on Death Benefit Distribution?

The recent Constitutional Court ruling in Mutsila v Municipal Gratuity Fund and Others has reshaped the interpretation of section 37C of the Pension Funds Act. If you’re a trustee, fund administrator, or service provider seeking clarity on how this landmark judgement affects your responsibilities and processes, we’re here to help.

Contact us today to ensure your fund’s policies align with the latest legal requirements and to safeguard the rights of all dependents.

Contact Us

Constitutional Court Redefines Death Benefit Distribution Under Pension Funds Act Read More »

Making Sense of Medical Tax Credits in South Africa

Benefits

Making Sense of Medical Tax Credits in South Africa

Let’s face it — medical costs can be overwhelming. Whether it’s your monthly medical aid premium or those unexpected visits to the doctor, it all adds up. But did you know that South Africa’s tax system offers a way to ease some of that financial pressure? It’s called the Medical Tax Credit (MTC) and the Additional Medical Expenses Tax Credit (AMTC). Let’s break it down in simple terms.

What is the Medical Tax Credit (MTC)?

Think of the MTC as a monthly tax rebate for being part of a registered medical aid. It’s not cash in your pocket, but it does reduce the amount of tax you owe, which is always a win. Here’s how it works for the 2024/2025 tax year:
      • R364 per month for you (the main member)
      • R364 for your first dependent
      • R246 for each additional dependent
So, if you’re a family of four, that’s a decent chunk off your tax bill every month!

What is the Additional Medical Expenses Tax Credit (AMTC)?

Now, what about those medical bills your medical aid doesn’t cover? That’s where the AMTC comes in. It helps you get some tax relief for out-of-pocket expenses you cover when your benefits are exhausted like:

  • Doctor visits
  • Dental and optical
  • Prescribed medication
  • Blood tests and x-rays

Here’s the Deal

If no one in your family has a disability, you can claim 25% of the amount that exceeds 7.5% of your taxable income.

If you, your spouse, or a child dependent has a disability, you can claim 33.3% of all qualifying medical expenses, with no income threshold required. There is a rather complex formula that SARS uses to calculate the actual AMTC you are entitled to. To make it easy for you, see the calculator below. By inputting some data, the calculator will show you if you are eligible for a tax rebate.

Why You Should Always Submit Medical Claims — Even If You’re Not Reimbursed

Here’s a tip that could save you time and money: always submit your medical claims to your medical aid, even if your benefits are maxed out. Why? Because those claims show up on your medical aid’s tax certificate, which you’ll need when submitting your tax return.

Let’s say you paid R5,000 out-of-pocket for a specialist visit. If you submitted the claim, even though it wasn’t reimbursed, it will appear on your tax certificate — making it easier to claim under AMTC.

Less Admin, More Peace of Mind

When your medical aid tax certificate includes all your expenses, you don’t have to dig through drawers for receipts or worry about SARS rejecting your claim. It’s all there, neatly documented.

Pro Tip: Keep Your Records

Even if you submit everything to your medical aid, it’s smart to keep:

      • Copies of invoices and receipts
      • Proof of payment
      • Doctor’s notes (especially for disability claims)

Final Thoughts

Medical tax credits might not be the most exciting topic, but they can make a real difference to your finances. By understanding how MTC and AMTC work — and by submitting all your claims — you’re setting yourself up for a smoother tax season and potentially some valuable savings.
Tax Credit 2025 Calculator

Tax Credit 2025 Calculator

Monthly MTC: -

Annual MTC: -

Annual AMTC: -

Total Tax Benefit: -

Every effort has been made to ensure the accuracy of the calculations and information provided in this document. However, the final assessment and determination of tax liabilities remains the responsibility of the taxpayer.

Stay Compliant. Stay Secure.
Don’t miss out on the valuable tax credits you’re entitled to. Get a clear understanding of the MTC and AMTC to ensure you’re reducing your tax liability and keeping more of your hard-earned money.

Contact Us

Making Sense of Medical Tax Credits in South Africa Read More »

Cybersecurity Duties for Retirement Funds: JS 2 of 2024

Benefits

FSCA JOINT STANDARD 2 OF 2024: CYBERSECURITY AND RESILIENCE

ONGOING REQUIREMENTS FROM RETIREMENT FUNDS AND TRUSTEES

Although Joint Standard (JS) 2 of 2024 took effect on 1 June 2025, ongoing compliance requires continued efforts beyond the implementation date. JS 2 of 2024 outlines specific obligations for financial institutions, like retirement funds, to make sure they stay compliant with cybersecurity and cyber resilience standards. It goes to great lengths to set out detailed roles and responsibilities to safeguard members from potential cyber threats, attacks and/or breaches.

Trustees must be aware that if they have drafted a policy and ticked the corresponding box, that is not the end of the story; ongoing responsibilities are still required. We have summarised below the trustees’ ongoing responsibilities:

1. Review the fund’s cybersecurity strategy

The fund’s cybersecurity strategy must be reviewed at least annually to:

    • address changes in the cyber threat landscape; and
    • incorporate cyber risk management into the fund’s governance structures with independent oversight: and
    • ensure that it remains aligned with the fund’s other policies and other applicable laws (for example, the Protection of Personal Information Act).

2. Update policies, processes and controls

The fund’s cybersecurity policies, standards, processes and procedures must be continuously updated to reflect evolving risks, updates in technology and increased sophistication of cyber threats, including the ability to recover from cyber events.

3. Conduct regular testing and assurance

The Fund must undertake systematic testing, ongoing monitoring and validation of their cybersecurity measures to evaluate the effectiveness of their security protocols – including regular penetration testing, vulnerability assessments and other cybersecurity exercises to identify and address weaknesses.

4. Incident management and reporting

Retirement funds must maintain effective detection and response capabilities, including the ability to manage and mitigate cyber incidents.

Funds are required to notify the FSCA or Prudential Authority of material cyber incidents within 24 hours, using the prescribed template.

5. Ongoing training and awareness

Ongoing trustee training is mandatory to make sure trustees remain abreast of evolving cyber risks and incidents. Training programmes must be relevant in the rapidly changing fintech landscape.

6. Governance and oversight

Ongoing reporting is required to ensure that the trustees, or a relevant sub-committee, are kept meaningfully informed of the fund’s cyber security and resilience position.

7. Third-party risk management

Funds must conduct ongoing monitoring of third-party service providers to manage supply chain vulnerabilities. This includes maintaining an inventory of critical service providers and ensuring business continuity plans are in place.

8. Continuous improvement

The regulators expect retirement funds to continuously improve their cybersecurity and cyber resilience practices, adapting to new threats and regulatory guidance. This includes integrating lessons learned from incidents, either their own or incidents in the wider industry.

Remember, your retirement fund is a financial institution as defined and runs the risk of incurring administrative penalties if it does not comply with JS 2 of 2024. Your fund administrators are referenced separately, and they must also comply with JS 2 of 2024. The FSCA has specifically noted that retirement funds cannot simply rely on their administrator’s cybersecurity controls alone.

Stay Compliant. Stay Secure.
If you’re unsure about your fund’s compliance with FSCA Joint Standard 2 of 2024 or need support in strengthening your cybersecurity governance, contact us today. Our team is ready to assist trustees and retirement funds in meeting their ongoing obligations with confidence and clarity.

Contact Us

Cybersecurity Duties for Retirement Funds: JS 2 of 2024 Read More »

South Africa Retirement Fund Updates

Benefits

SOUTH AFRICA RETIREMENT FUND UPDATES

Clarity on the application of the in duplum rule on outstanding fund contributions

The in duplum rule is a legal principle originating from Roman law and part of South African common law. The rule limits the amount of interest that can accumulate on a debt. It essentially states that the total amount of unpaid interest cannot exceed the original outstanding capital amount of the debt. In other words, once the unpaid interest equals the principal debt, the interest stops accruing. The rule aims to protect debtors from excessive interest accumulation and encourages lenders to pursue debt recovery promptly.

There have been significant differences of opinion in the case law.

In 2023, the KwaZulu-Natal High Court ruled in Municipal Workers Retirement Fund v Umzimkhulu Local Municipality that the in duplum rule does not apply to statutory interest on late pension fund contributions under section 13A of the Pension Funds Act (PFA). After this case, the Office of the Pension Funds Adjudicator (OPFA) issued Communication 1 of 2024 confirming that it supported the view of the court that the in duplum rule does not apply to interest arising from the non-payment of arrear contributions in terms of section 13A(7).

However, in March 2025, in Blue Crane Route Municipality v Municipal Workers Retirement Fund, the Eastern Cape High Court handed down a judgment that the in duplum rule does apply to arrear contributions.  This prompted the OPFA to issue Communication 1 of 2025 on 8 May 2025, in which they reconsidered their position on the matter and confirmed that the in duplum rule does, in fact, apply to outstanding employer contributions to a retirement fund.

The Information Regulator’s online portal for reporting security compromises

From 1 April 2025, all organisations must report any security compromises, commonly referred to as information breaches, on the Information Regulator’s (IR) eServices portal using the new Security Compromises Reporting functionality.

To access the eServices portal, visit the IR’s website at https://inforegulator.org.za and click on the eServices portal link at the top of the page.

Remember, to submit a breach notification, both the retirement fund and its Information Officer must be registered.

FSCA’s survey on two-pot fees

In September 2024, the FSCA surveyed 111 retirement fund administrators and six self-administered funds to assess two-pot retirement system fees.

Their key findings can be summarised as:

  • Average costs: The average withdrawal fee is R357, with 37 administrators charging flat fees (R50–R500, most between R250–R350) and 12 using variable fees (R10 - R750). Once-off implementation costs reached R1.6 billion, with 65% tied to system upgrades.
  • Challenges faced: Funds faced high withdrawal request volumes, system-related issues, payment delays, and slow account verification. Many administrators absorbed initial costs, but some passed them on via higher monthly/base fees and/or savings pot withdrawal fees, raising concerns about cross-subsidisation between members.
  • Ongoing intentions: The FSCA will continue to scrutinise fees for fairness and transparency, engaging outliers, including both those providers who are charging above-average fees as well as providers who claim to not have invested in system development at all. The FSCA will monitor long-term cost impacts as the system stabilises and matures.

The FSCA aims to ensure fees align with costs incurred, promoting transparency and protecting retirement fund members.

Retirement fund trustees and management committees are encouraged to discuss their fees with their consultant, to appreciate the context of the FSCA’s survey at a point in time when information around two-pot implementation was not completely understood, and to make sure that their fees are reasonable.

Stay Informed, Stay Compliant: What You Should Do Next
To navigate these updates effectively, retirement fund stakeholders should review their compliance strategies, consult with experts, and stay engaged with regulatory developments. Proactive action today ensures protection and readiness for tomorrow.

Contact Us

South Africa Retirement Fund Updates Read More »

Section 14 Transfers: FSCA RF Notice 5 of 2025

Benefits

Section 14 Transfers: FSCA RF Notice 5 of 2025

Determination of forms for applications in respect of amalgamations and transfers

The FSCA RF Notice 5 of 2025 provides the updated forms to be used for applications involving amalgamations and transfers of retirement fund benefits under Section 14 of the Pension Funds Act (PFA). These updates were needed to align the forms with the two-pot retirement system, requiring funds to specify members’ different components separately when applying for transfers or amalgamations.

This update improves transparency and consistency in how retirement fund transfers are processed, thereby protecting transferring members’ interests since the implementation of the two-pot system.

Draft FSCA RF Notice [-] of 2025: Exemption of retail funds from the requirements of Section 14

While we’re on the topic of Section 14 transfers, the FSCA has issued draft RF Notice [-] of 2025 proposing to exempt retail funds (retirement annuity (RA) funds and preservation funds) from the requirements of Section 14(1) of the PFA.

Normally retirement funds must comply with the formal procedures set out in S14 of the PFA before any amalgamation or transfer can take place. However, Section 14(9) empowers the FSCA to grant exemptions subject to certain conditions. The exemption has been drafted in response to industry requests, recognising that retail funds differ from occupational pension and provident funds because members join these funds voluntarily and transfers occur at the member’s request, often following financial advice.

Unlike occupational funds, retail fund transfers are individual and voluntary. Members are aware of these transfers and thus, the full Section 14 process is considered unnecessary.

The exemption applies to transfers:

  • Between retirement annuity funds,
  • Between preservation funds,
  • From preservation funds to retirement annuity funds.

Conditions for the exemption include:

  • Compliance with paragraph 16 of FSRA Conduct Standard 1 of 2019,
  • Proper record-keeping by retail funds,
  • Transfer of assets and liabilities within 180 days,
  • Adjusting transferred assets with fund returns from the effective date to final settlement.

In our opinion. The draft exemption will simplify and speed up retail fund transfers while maintaining member protection and regulatory oversight- concomitantly it is welcomed.

Stakeholders are invited to submit comments to the FSCA by 5 June 2025.

Be Part of the Change
The proposed exemption aims to streamline retail fund transfers while preserving member safeguards. If you’re involved in retirement fund administration or financial planning, now’s your chance to influence policy. Submit your comments to the FSCA before 5 June 2025.

Contact Us

Section 14 Transfers: FSCA RF Notice 5 of 2025 Read More »

COOKIE POLICY

Welcome to our website.

1. Introduction

This Cookie Policy explains how we use cookies and similar technologies on our website axioconsult.com. This policy is designed to help you understand what cookies are, how we use them, and the choices you have regarding their use.

2. What Are Cookies

Cookies are small text files that are stored on your device (computer, tablet, or mobile phone) when you visit certain websites. They are widely used to enhance your online experience by remembering your preferences and actions over time. Cookies are not harmful and do not contain personal information like your name or payment details.

3. How We Use Cookies

We use cookies for various purposes, including:

    • Essential Cookies: These cookies are necessary for the basic functioning of our website. They enable you to navigate our site, use its features, and access secure areas.
    • Analytical/Performance Cookies: These cookies help us understand how visitors use our website. They provide information about which pages are visited most frequently, how long visitors stay on each page, and whether they encounter any error messages. This data helps us improve the performance and usability of our website.
    • Functionality Cookies: These cookies allow our website to remember choices you make (such as your username, language, or region) and provide enhanced, personalised features.
    • Targeting/Advertising Cookies: These cookies are used to deliver advertisements that are relevant to your interests. They may also limit the number of times you see an ad and help measure the effectiveness of ad campaigns.

 

4. Your Cookie Choices

You have the option to manage your cookie preferences. You can usually modify your browser settings to accept, reject, or delete cookies. Please note that if you choose to block or delete cookies, some features of our website may not function properly.

5. Third-Party Cookies

We may allow third-party service providers to use cookies on our website for the purposes outlined in Section 3. These providers may also collect information about your online activities over time and across different websites.

6. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in technology, law, or our data practices. Any changes will become effective when we post the revised policy on our website.

7. Contact Us

If you have any questions about our Cookie Policy or how we use cookies on our website, please contact us at

By continuing to use our website, you consent to the use of cookies as described in this Cookie Policy.