On 17 May 2024, the Financial Sector Conduct Authority and the Prudential Authority (jointly: Authorities) published Joint Standard 2 of 2024: Cybersecurity and Cyber Resilience (Joint Standard).
The Joint Standard applies to ‘financial institutions’ as defined in the Joint Standard, such as pension funds registered under the Pension Funds Act 1956 (PFA) and an administrator approved in terms of section 13B of the PFA.
The purpose of the Joint Standard is to set and enforce a standard for financial institutions to manage and mitigate cybersecurity risks, and the Joint Standard sets out minimum requirements and principles for sound practices and processes of cybersecurity and cyber resilience for financial institutions to adopt.
The Joint Standard requires financial institutions to adopt robust cybersecurity and resilience against cyberattacks, and also expects financial institutions to implement security controls that are commensurate with their risk appetites based on the nature, complexity, risk profile and size of their financial operations.Â
The governing body of a pension fund (financial institution) is ultimately responsible for ensuring compliance with the requirements set out in the Joint Standard. Accordingly, where a pension fund outsources certain cybersecurity administrative activities to administrators and investment managers, the relevant pension fund’s board of trustees retains the full responsibility for ensuring compliance with the Joint Standard.  Â
The Joint Standard is available here and it will come into effect on 1 June 2025.
For more information, please access the recording here .
