Financial Sector: Cloud Computing and Disaster Risk Financing Developments

Posted 04 August 2025 Written by Acts Online
Category Financial Sector

Brought to you by SA Legal Academy: The Financial Sector Conduct Authority (FSCA) and Prudential Authority (PA) have issued joint guidance on cloud computing risks, while National Treasury has formalised its strategy for disaster response financing.

In terms of the Financial Sector Regulation Act, No. 9 of 2017, the FSCA and the PA published a joint communication on 25 July 2025 regarding risk mitigation in the utilisation of cloud computing and the offshoring of data. The communication serves to alert financial institutions to specific measures required to manage technical and jurisdictional risks associated with external data hosting.

Cloud Computing and Data Offshoring

The joint communication includes best practice recommendations designed to encourage financial institutions to integrate cloud and offshoring risks into their existing governance, risk management, and reporting processes. The authorities have indicated an intention to:

  • Augment supervisory capabilities to monitor the specific approaches adopted by individual institutions;
  • Evaluate the robustness of risk mitigation strategies regarding data sovereignty and service continuity; and
  • Ensure that offshoring arrangements do not impede the authorities’ ability to perform effective oversight.

Disaster Response Financing Strategy

In terms of the Public Finance Management Act, No. 1 of 1999, National Treasury published the Disaster Response Financing Strategy and an independent report on municipal experiences on 5 August 2025. These documents follow a media statement issued on 1 August 2025 and align with reforms outlined in the 2025 Budget Review (pages 70 and 71).

The strategy focuses on enhancing South Africa’s approach to disaster risk insurance by increasing private sector participation. Key objectives include:

  • Refining the disaster risk financing framework to address vulnerabilities in high-risk municipalities;
  • Leveraging private sector insurance capacity to reduce the fiscal burden on the state; and
  • Implementing recommendations from the independent report titled “Municipal DRF approaches in SA” to improve local government resilience.

Click here to download the Disaster Response Financing Strategy and the Independent Report on Municipal DRF.

What this means for you, your business, or your clients

  • For yourself: Compliance officers and risk managers must familiarise themselves with the FSCA and PA best practice recommendations to ensure personal oversight duties regarding data offshoring are met.
  • For your business: Financial institutions must review and update their internal governance frameworks to explicitly include cloud computing and data offshoring risk assessments ahead of intensified supervisory monitoring.
  • For your clients: Municipalities and private sector insurers should review the new Disaster Response Financing Strategy to identify emerging requirements for public-private insurance partnerships and disaster risk mitigation funding.

Originally published at https://legalacademy.co.za/news/read/financial-sector-policy-and-regulatory-developments-in-the-pipeline

The views expressed herein are those of the author and do not necessarily reflect those of Acts Online. Acts Online accepts no responsibility for the accuracy, completeness or fairness of the article, nor does the information contained herein constitute advice, legal or otherwise.