Financial institutions are increasingly reliant on Information Technology (IT) to conduct business and deliver services, especially with the advent of the fourth industrial revolution. The integration of advanced technology and online systems poses both opportunities and challenges, necessitating a proactive approach to IT governance and risk management. Published on November 10th, 2023, the Financial Sector Conduct Authority (FSCA) introduced the 'IT Governance and Risk Management for Financial Institutions, 2023' Joint Standard. This Joint Standard will commence on 15 November 2024.
A summary of the principles and minimum requirements for information technology (IT) governance and risk management that financial institutions must adhere to, will follow.
Who does this apply to?
Roles and Responsibilities:
Regarding the IT Strategy:
Regarding the IT Risk Management Framework:
A financial institution must establishment a comprehensive framework, which must be approved by the governing body, subject to annual review. This framework must include -
Regarding IT Operations:
A financial institution must –
Risks Associated with Financial Products and Services:
A financial institution must -
Notification and Reporting Requirements:
A Financial institution must notify the responsible authority of any material incidents (a systems failure, malfunction, delay, or other disruptive event) within the determined timeframe.
In addition, to the requirements in the paragraph above, the Authorities may, through ongoing supervisory review and evaluation processes, request for specific information or regulatory reports as well as assurance in terms of compliance with this Joint Standard.
This Joint Standard emphasizes the importance of a proactive and adaptable approach to IT governance and risk management, ensuring the resilience and stability of financial institutions in an ever-evolving landscape. Financial entities are encouraged to implement and continuously update these guidelines to fortify their IT infrastructure against potential risks. Rest assured, we are currently in the process of formulating a policy on this matter and will furnish our clients with the template in the upcoming year.
by: Horizon Compliance team