Financial Sector Regulation and the Prudential Authority published Joint Standard 2 of 2024 on Cybersecurity and Cyber Resilience Requirements

​​The Financial Sector Regulation (FSCA) and the Prudential Authority (PA) published Joint Standard 2 of 2024 on Cybersecurity and Cyber Resilience Requirements on 17 May 2024.

The Joint Standard 2 of 2024 (Joint Standard) applies to all financial institutions as defined in the Joint Standard. It sets out the requirements for sound practices and processes relating to cybersecurity and cyber resilience for financial institutions. The Joint Standard is expected to commence on 1 June 2025. The FSCA and PA will formally publish the effective date by publishing a notice on their websites.

The Joint Standard requires financial institutions to:

  • Mitigate and cater for any risks relating to cybersecurity and cyber resilience from juristic persons structured under a bank, the insurer, or the insurance group when applying the requirements of the Joint Standard.
  • Notify the responsible authority of cyber incidents or information security comprises they classify as a material incident. The specific format and manner for reporting these incidents are yet to be determined.
  • Establish and maintain a regularly reviewed cybersecurity strategy to manage cyber risks and address changes in the cyber threat landscape.
  • Identify business processes and information assets that support business and the delivery of services, conduct risk assessments on its critical operations and information assets and maintain an inventory of all its information assets. Implement appropriate and effective cybersecurity practices to prevent the impact of potential cyber incidents.
  • Ensure that access to information is limited to authorised users and devices only. Develop data loss prevention policies and measures to prevent and detect unauthorised use of sensitive data and information. Implement a cybersecurity awareness programme to maintain a high level of awareness among all users.
  • Maintain effective cyber resilience capabilities to monitor, detect, respond and recover from cyberattacks on IT systems. Establish a data backup strategy to ensure that any sensitive information stored in the backup media is secured.
  • Regularly test all elements of its cyber resilience capacity and security controls to assess vulnerabilities and determine its overall effectiveness.
  • Establish a regularly reviewed access control policy and process to enforce strong password security controls for users to access IT systems and information assets. Secure administrative accounts and grant privileged access only when necessary.
  • Implement multi-factor authentication for all users with access to critical system functions, including user accounts utilised to access applications containing sensitive information. Protect the network from unauthorised access and disruption through the implementation of security controls at its network perimeter.
  • Test and apply security patches to address vulnerabilities in IT assets. Maintain written security standards for hardware and software configurations to minimise exposure to cyber threats. Implement endpoint protection to prevent malware infection.

The Joint Standard strengthens the financial sector'​​​​s cyber defences. Financial institutions have one year to comply, requiring proactive measures for a smooth transition and a more secure future.​​


These materials are provided for general information purposes only and do not constitute legal or other professional advice. While every effort is made to update the information regularly and to offer the most current, correct and accurate information, we accept no liability or responsibility whatsoever if any information is, for whatever reason, incorrect, inaccurate or dated. We accept no responsibility for any loss or damage, whether direct, indirect or consequential, which may arise from access to or reliance on the information contained herein.

© Copyright Webber Wentzel. All Rights reserved.

Webber Wentzel > News > Financial Sector Regulation and the Prudential Authority published Joint Standard 2 of 2024 on Cybersecurity and Cyber Resilience Requirements
Johannesburg +27 (0) 11 530 5000
Cape Town +27 (0) 21 431 7000
Validating email against database, please wait...
Validating email: please wait...
Email verified: Please click the confirmation link sent to your mailbox, also check junk/spam folder. If you no longer have access to this email address or haven't received the verification email then email
Email verified: You are being redirected to manage your subscription
Email could not be verified: Please wait while you are redirected to the Subscription Form
Unanticipated error: Saving your CRM information Subscription Form