Skip to main content

Joint Standard 1 of 2023 introduces crucial IT governance and risk management guidelines tailored explicitly for financial institutions. This new standard, issued by the Financial Sector Conduct Authority (FSCA) and the Prudential Authority (PA) under the Financial Sector Regulation Act of 2017, aims to bolster the resilience, security, and efficiency of IT systems across the financial sector.

This post tells you about the key impacts of Joint Standard 1 of 2023, practical steps for compliance, and how we can help meet the new requirements.

Deadline for compliance

Joint Standard 1 of 2023 comes into effect on 15 November 2024. Financial institutions must ensure they fully comply with all standard aspects the new date.

Financial institutions can significantly improve their IT governance and risk management practices by following the steps below, ensuring greater resilience, security, and compliance in a rapidly evolving technological landscape.

What does this mean for financial institutions?

  1. Enhanced IT governance and risk management frameworks: Financial institutions must now implement comprehensive IT governance and risk management frameworks. These frameworks should align with the institution’s overall business strategy and be reviewed annually to adapt to market, technological, and regulatory changes.
  2. Strengthened oversight and accountability: The governing body and senior management are responsible for ensuring compliance with the new standard. This involves defining clear roles and responsibilities, overseeing IT risk management programmes, and maintaining robust internal controls.
  3. Rigorous IT strategy requirements: Institutions must develop an IT strategy that includes specific action plans, performance monitoring, and measures to align IT objectives with business goals. Any significant deviations from the strategy must be reported to the relevant authorities.
  4. Comprehensive IT risk management: The standard mandates a detailed IT risk management framework that includes policies, standards, and procedures to manage IT risks. This framework should identify, assess, and prioritise IT assets and threats, implementing appropriate risk mitigation strategies.
  5. Robust IT operations and incident management: Financial institutions must establish IT service management policies covering change, incident, and problem management. Ensuring efficient IT operations, maintaining an up-to-date IT asset inventory, and implementing backup and restoration procedures are also crucial.
  6. Protection of sensitive information: Institutions must safeguard sensitive or confidential information, such as customer data. This involves implementing logical access controls, data loss prevention measures, and conducting regular independent reviews to ensure compliance with data protection laws.
  7. Resilience and business continuity: Financial institutions must develop IT resilience and business continuity plans, including disaster recovery sites and regular testing of recovery procedures. These plans should address potential IT-related crises to ensure continuous service delivery during disruptions.

What actions should financial institutions take?

To comply with Joint Standard 1 of 2023, financial institutions should:

  • Review and update governance structures: Engage the governing body and senior management in IT governance and risk management. Clearly define and document roles and responsibilities.
  • Develop a comprehensive IT strategy: Formulate an IT strategy aligned with business goals. Regularly review and update this strategy to address emerging risks and technological advancements.
  • Implement a robust IT risk management framework: Develop and maintain policies and procedures for effective IT risk management. Conduct regular risk assessments and update the framework as needed.
  • Ensure efficient IT operations: Establish IT service management frameworks covering all aspects of IT operations. Implement stringent change management and incident response processes.
  • Safeguard sensitive information: Adopt robust data protection measures and conduct regular independent reviews to ensure compliance with data protection regulations.
  • Enhance IT resilience and business continuity: Develop and test IT resilience and business continuity plans regularly. Ensure redundancy and geographical separation of critical IT infrastructure to mitigate disruption impacts.

How we can help you

  • Governance structure review: Assess and update governance structures to meet new requirements.
  • IT strategy development: Formulate and align IT strategy with business goals.
  • Risk management framework: Implement comprehensive IT risk management policies and procedures.
  • Operational efficiency: Establish IT service management frameworks for smooth operations.
  • Data protection: Develop robust data protection measures and compliance checks.
  • Resilience planning: Create and test IT resilience and business continuity plans.
  • Training and awareness: Provide training for staff on new standards and IT risk management.
  • Compliance audits: Conduct audits to ensure adherence to the standard.
  • Regulatory reporting: Assist with timely and accurate reporting to authorities.
  • Ongoing support: Offer continuous support and updates to keep your organisation compliant.

For further details and support in implementing Joint Standard 1 of 2023, feel free to contact us.

Leave a Reply