Retirement funds administer a significant amount of personal and financial information. Moreover, they hold about R4.3 trillion in invested assets, about half of the country’s GDP. Introducing the two-pot system adds flexibility and access for members, increasing the number of transactions in retirement funds. This combination of information, assets and flexibility represents a high level of risk when it comes to the technology infrastructure and protocols deployed to process information and transactions safely.
In this environment, cybersecurity, and keeping information safe, is an increasingly critical concern and risk mitigation area for retirement fund trustees.
Because of this, the Financial Sector Conduct Authority (FSCA) and the Prudential Authority (PA) published Joint Standard 2 of 2024: Cybersecurity and Cyber Resilience Requirements for Financial Institutions (“the Joint Standard”). Retirement funds, and retirement fund administrators, are considered financial institutions in the context of this Joint Standard. Trustees must, therefore, prioritise awareness and proactive measures to safeguard their members’ retirement savings from cyber threats.
The Joint Standard sets out the minimum standards for sound practices and processes of cybersecurity and cyber resilience for categories of financial institutions. Key components include requirements for implementing security-by-design principles in software development, establishing access controls, and ensuring proper incident response protocols.
Retirement funds will have to implement processes and make sure they have the tools and technology to prepare them for cyber-attacks as well as respond to and recover from such attacks.
The Joint Standard addresses requirements relating to governance, cybersecurity strategy and framework, cybersecurity and cyber resilience fundamentals, cybersecurity hygiene practices, as well as regulatory reporting.
Joint Standard 2 of 2024 requires financial institutions to:
This Cookie Policy explains how we use cookies and similar technologies on our website axioconsult.com. This policy is designed to help you understand what cookies are, how we use them, and the choices you have regarding their use.
Cookies are small text files that are stored on your device (computer, tablet, or mobile phone) when you visit certain websites. They are widely used to enhance your online experience by remembering your preferences and actions over time. Cookies are not harmful and do not contain personal information like your name or payment details.
We use cookies for various purposes, including:
You have the option to manage your cookie preferences. You can usually modify your browser settings to accept, reject, or delete cookies. Please note that if you choose to block or delete cookies, some features of our website may not function properly.
We may allow third-party service providers to use cookies on our website for the purposes outlined in Section 3. These providers may also collect information about your online activities over time and across different websites.
We may update this Cookie Policy from time to time to reflect changes in technology, law, or our data practices. Any changes will become effective when we post the revised policy on our website.
If you have any questions about our Cookie Policy or how we use cookies on our website, please contact us at
By continuing to use our website, you consent to the use of cookies as described in this Cookie Policy.