New IT Governance Law for SA Financial Institutions

Are You Ready for Joint Standard 1 of 2023?

By 15 November 2024, every financial institution in South Africa must comply with new legal requirements for IT governance and risk management.

Issued by the FSCA and Prudential Authority, this standard will reshape how financial services manage technology, with major implications for risk, compliance, and operational resilience.

Why This Matters

In today’s digital-first financial sector, technology is more than a tool, it is a critical business asset.

From online banking to customer data systems, one failure can shake customer trust and regulatory standing.

Joint Standard 1 of 2023 is not a recommendation. It is a legal obligation under the Financial Sector Regulation Act. Failure to comply could lead to significant consequences.

WHAT FINANCIAL INSTITUTIONS MUST DO

Build and Maintain an IT Risk Register:
Track all known IT risks — from legacy systems to cyber threats — and keep it updated.

Establish Risk Metrics:
Develop measurable indicators to assess IT exposure across your organisation.

Vet and Train All Staff & Providers:
Everyone with IT system access must be fit, proper, and regularly trained in relevant tech and security practices.

Formalise IT Service Management:
From software updates to incident response, every process must be documented and audited.

Prepare for Problems, Not Just Fix Them:
Incident logging, categorisation, and root-cause analysis are required. Simply reacting is no longer enough.

ASSESS YOUR READINESS
COMPLIANCE CHECKLIST

Do you have a living IT risk register?

Are your IT risks measured and tracked with metrics?

Have you vetted all IT staff and vendors?

Is there a documented IT service management framework?

Do you have formal processes for incident and problem management?

Let's get you compliant

Get in touch for more info.

Get started today!

The new regulation is not just about ticking compliance boxes. It’s about recognising that in the 21st century, technology risk is business risk and managing it well is the foundation of sustainable financial services.

New IT Governance Law for SA Financial Institutions

Are You Ready for Joint Standard 1 of 2023?

Why This Matters

WHAT FINANCIAL INSTITUTIONS MUST DO

Build and Maintain an IT Risk Register:Track all known IT risks — from legacy systems to cyber threats — and keep it updated.

Establish Risk Metrics:Develop measurable indicators to assess IT exposure across your organisation.

Vet and Train All Staff & Providers:Everyone with IT system access must be fit, proper, and regularly trained in relevant tech and security practices.

Formalise IT Service Management:From software updates to incident response, every process must be documented and audited.

Prepare for Problems, Not Just Fix Them: Incident logging, categorisation, and root-cause analysis are required. Simply reacting is no longer enough.

ASSESS YOUR READINESS COMPLIANCE CHECKLIST

Do you have a living IT risk register?

Are your IT risks measured and tracked with metrics?

Have you vetted all IT staff and vendors?

Is there a documented IT service management framework?

Do you have formal processes for incident and problem management?

Let's get you compliant

Get started today!

Build and Maintain an IT Risk Register:
Track all known IT risks — from legacy systems to cyber threats — and keep it updated.

Establish Risk Metrics:
Develop measurable indicators to assess IT exposure across your organisation.

Vet and Train All Staff & Providers:
Everyone with IT system access must be fit, proper, and regularly trained in relevant tech and security practices.

Formalise IT Service Management:
From software updates to incident response, every process must be documented and audited.

Prepare for Problems, Not Just Fix Them:
Incident logging, categorisation, and root-cause analysis are required. Simply reacting is no longer enough.

ASSESS YOUR READINESS
COMPLIANCE CHECKLIST