CATEGORIES
- (3) Negotiating Tax Debt and Payment Arrangements with SARS
- (2)Account / Profile
- (535)Accounting
- (2)Accounting and Finance
- (21)Audit
- (156)Auditing and Assurance
- (1)Business
- (1)Business Management
- (3)Business Rescue
- (94)CIPC
- (7)Compliance
- (18)Ethics and Professionalism
- (46)Financial Reporting
- (1)Government Funding Applications
- (4)Guides
- (1)Individuals Tax
- (19)Law
- (37)Legal and Compliance
- (2)Management
- (5)Miscellaneous
- (22)Money Laundering
- (1)Personal & Professional Development
- (2)Practice Management
- (2)Professional Ethics
- (3)Public Sector
- (145)Regulatory Compliance and Legislation
- (41)SARS Issues
- (26)Sustainability Reporting
- (33)Tax
- (1)Tax Update
- (5)Technology
- (1)Wills, Estates & Trusts
- Show All
FSCA: Cloud computing and offshoring of data
- 12 August 2025
- Law
- South African Accounting Academy
Summary:
The Financial Sector Conduct Authority (FSCA) has issued a Joint Communication with the South African Reserve Bank (SARB) which shares best practices on cloud computing and data offshoring.
Article:
This publication highlights the governance role in managing related risks, and signals the intention to introduce regulatory requirements for financial institutions.
This Joint Communication is applicable to financial institutions as defined in the Financial Sector Regulation Act, 2017 (Act No. 9 of 2017), with the exception of Lloyd’s and branches of foreign reinsurers.
The purpose of this Joint Communication is to:
- inform financial institutions of measures that may be considered in terms of risk mitigation in the utilisation of cloud computing and/or the offshoring of data (i.e., managing the risks associated with cloud computing and/or offshoring of data in terms of appropriate governance, strategy, resilience and risk management practices);
- highlight the important role of boards of directors and senior management of financial institutions in the consideration of cloud computing and/or offshoring of data from a risk management and risk mitigation perspective; and
- inform financial institutions that the Financial Sector Conduct Authority (FSCA) and the Prudential Authority (PA) (together referred to as the ‘Authorities’) intend to issue a regulatory instrument focused on introducing requirements pertaining to the use of cloud computing and data offshoring by financial institutions.
This joint communication also elaborates on recommended best practice regarding cloud computing and data offshoring and the way forward.
Click here to download the 3-page Joint Communication 2 of 2025:
Relevance to Auditors, Independent Reviewers & Accountants:
- Certain clients of yours (e.g. financial institutions as defined in the Financial Sector Regulation Act) must comply with specific laws and regulations, and which you must assess compliance with. If they don’t comply with the relevant laws and regulations, you have certain reporting obligations in terms of NOCLAR (NOn-Compliance with Laws And Regulations) – this could include reporting to management, qualifying your audit opinion, reporting a Reportable Irregularity, etc.
- As an auditor and independent reviewer, you also need to monitor your client’s compliance with all relevant notices/communications issued by the SARB and FSCA as regulators.
Relevance to Your clients:
- This SARB communication provides information to financial institutions as defined in the Financial Sector Regulation Act.
- The client has a duty to report to the relevant regulators, as well as to comply with relevant notices/communications published by the SARB and FSCA as regulators.