RSA FSCA, RSA CB IT Risk Management


On Nov. 10, RSA FSCA, RSA CB issued joint standard on IT, risk.


  • RSA FSCA, RSA CB issued joint standard on principles for information technology (IT) governance and risk management that financial institutions must comply with.
  • Joint standard issued in line with sound practices and processes in managing IT risk.
  • Follows Jun. 2021, FSCA proposed standard on IT risk management, see #108090.
  • Application
  • Joint standard applies to financial institutions, i.e. bank, controlling company, insurer.
  • Institutions must ensure any risks re IT risk from juristic persons, branches structured under the bank or controlling company (local and foreign), including all relevant subsidiaries, catered for and mitigated in application of requirements of joint standard.
  • Minimum requirements and principles set out in joint standard must be implemented to reflect the nature, size, complexity and risk profile of a financial institution.
  • Joint standard must be read in conjunction with all relevant financial sector laws.
  • IT Strategy
  • Financial institutions must ensure IT strategy is approved by governing body.
  • Strategy must align with overall business strategy; must be regularly reviewed (at least annually), re market, industry, technology, other relevant developments.
  • Risk Management Framework
  • IT risk management framework must be set up to manage risks systematically.
  • May form part of the enterprise risk management framework of a financial institution.
  • Must be approved by the governing body and reviewed regularly, but at least annually
  • Effectiveness
  • Joint standard commences on Nov. 15, 2024.

Regulators RSA FSCA
Entity Types Bank; BHC; IHC; Ins; SIFI
Reference PR, Com 4/2023, RN, 11/10/2023
Functions Compliance; C-Suite; Financial; Legal; Operations; Reporting; Risk; Technology; Treasury
Countries South Africa
Category
State
Products Banking; Insurance; Securities
Regions EMEA
Rule Type Final
Rule Date 11/10/2023
Effective Date 11/15/2024
Rule Id 191271
Linked to Rule :108090
Reg. Last Update 11/10/2023
Report Section International

Last substantive update on 11/15/2023