Financial sector faces pressure to meet FSCA Cyber Resilience Standards

Troye CEO Helen Kruger. (Image: Troye)
Troye CEO Helen Kruger. (Image: Troye)

The FSCA's Joint Standard on Cybersecurity and Cyber Resilience is set to commence in June 2025, putting pressure on South African financial institutions to align with the stringent requirements established by the Financial Sector Conduct Authority (FSCA) in collaboration with the South African Reserve Bank (SARB).

With South Africa’s financial sector being one of the country’s most targeted industries, the Joint Standard is designed to mitigate the growing risks posed by cyber threats, protecting both the institutions themselves and the broader financial system from disruptive cyber events. This will affect organisations including, but not limited to, banks, mutual banks, insurers, retirement funds and fund administrators, and collective investment scheme managers.

Troye, which positions itself as a leading IT solutions provider and Arctic Wolf partner, is committed to helping financial institutions and any other organisation required to comply to meet these demanding cyber security standards. Through their collaboration with Arctic Wolf, Troye offers a range of tailored solutions to not only meet FSCA compliance requirements but also improve institutions' overall cyber security resilience against evolving threats.

According to Troye CEO Helen Kruger, the Joint Standard details several essential cyber security requirements that institutions must meet. "A foundational requirement is for organisations to develop a comprehensive cyber security strategy tailored to their specific risk profile, size and complexity.

"This strategy must undergo regular review and updates to ensure continued effectiveness, and robust governance structures with clearly defined roles must be established, making management responsible for collaborating with other stakeholders to ensure cyber resilience," she explains.

In addition to the strategy and operational aspect of cyber security, financial institutions will be required to implement stringent identity and access management protocols, application and system security policies, network security measures, security awareness training programmes, incident response capabilities and more.

Regular testing of cyber resilience is another critical mandate, with institutions required to conduct ongoing vulnerability assessments, penetration testing and cyber incident simulations to assess their readiness against potential threats. Significant cyber security incidents must be promptly reported to relevant authorities, ensuring transparency and enabling swift regulatory responses.

With the deadline approaching, Kruger cautions that institutions must act decisively to achieve compliance and avoid serious regulatory consequences.

Troye’s partnership with Arctic Wolf offers financial institutions and partners that may also need to comply, a seamless path to meet the FSCA’s rigorous standards. Leveraging Arctic Wolf’s cutting-edge cyber security operations and Troye’s local expertise on cyber security solutions and red teaming exercises, institutions can transition smoothly into compliance while enhancing their cyber resilience.

Cyber resilience assessment (CRA)

Arctic Wolf provides all customers with a comprehensive CRA, which enables financial institutions to assess their cyber security readiness against industry standards such as NIST and CIS, identifying gaps to ensure regulatory compliance.

Managed detection and response (MDR)

Troye offers 24/7 MDR services that monitor network, endpoint and cloud environments in real-time. This proactive threat detection and response capability helps financial institutions mitigate potential cyber threats before they escalate, ultimately covering a large portion of the FSCA requirements from protection to detection, to response and recovery.

Continuous vulnerability management

Troye also provides continuous vulnerability management, which identifies and addresses security gaps before they can be exploited. "Our services cover identity infrastructure monitoring and data loss prevention, aligning with FSCA requirements for robust access management and asset protection," Kruger adds.

Incident response and real-time remediation

Arctic Wolf’s Incident Response services provide quick action in the event of a cyber incident, minimising disruption and damage. Customers collaborate with Arctic Wolf’s Concierge Security Team to develop pre-incident plans, ensuring that institutions are well-prepared for any cyber event.

"With Arctic Wolf’s Security Journey, Troye provides continuous compliance support to help institutions maintain alignment with the FSCA’s Joint Standard," Kruger concludes. "This ongoing partnership ensures that businesses not only meet regulatory requirements but also stay ahead of emerging cyber threats through regular updates and best practices."

As the FSCA’s Joint Standard on Cybersecurity and Cyber Resilience comes into force in 2025, financial institutions must prioritise compliance.

Share

Troye

Troye is a black-empowered IT solutions and managed services provider, dedicated to enabling an agile, secure, and productive hybrid workforce with a focus on user experience. We specialise in digital transformation by optimising processes, modernising IT platforms, and delivering service excellence. As a Citrix Platinum Partner, we provide innovative solutions that reduce risk, maximise ROI, and enhance business efficiency.

Since 1998, Troye has implemented high-performance, secure, and cost-effective IT systems, including digital workspace and virtualisation solutions. Our extensive cybersecurity offerings include managed detection and response, incident response planning, data breach prevention, and SOC as a service, ensuring comprehensive protection for your business.

Leveraging Citrix Cloud and Workspace technologies, we deliver scalable solutions tailored to your needs. Our partnerships with leading vendors such as Citrix, NetScaler, Arctic Wolf, Nutanix, Check Point, HPE Aruba, Veeam, Redstor, VMware, and others enable us to provide reliable services that drive digital transformation.

Editorial contacts