The Changing Cybersecurity Landscape 

The Financial Sector Conduct Authority (FSCA) has recognised the critical need for robust cybersecurity measures and stronger cyber resilience in financial institutions. To address this, Joint Standard 2 of 2024 (Cybersecurity and Cyber Resilience Requirements for Financial Institutions) will take effect from 2 June 2025, reinforcing the already existing Joint Standard 1 of 2023. These standards apply to financial institutions, including retirement funds and their administrators.


The second Joint Standard requires the establishment of a structured framework to mitigate cyber risks, outlining minimum security requirements and best-practice principles. Compliance will not only be a regulatory necessity but a key safeguard in protecting members from fraud, identity theft, and financial loss.

 

Prescient’s Approach: Global Standards for Local Resilience

At Prescient, our cybersecurity strategy does not exist in isolation. As part of a global financial services group, we align our approach with international regulations such as the Digital Operational Resilience Act (DORA) in the European Union. This, combined with South African standards, enhances our ability to detect, prevent, and respond to cyber threats, ensuring data integrity and financial security across our operations.
By integrating international best practices with local regulatory requirements, we maintain a robust and adaptable cyber resilience framework that protects not only retirement funds but also the broader financial ecosystem.

 

The AI Factor: A Double-Edged Sword

Artificial Intelligence (AI) is revolutionising financial services, but it also introduces new risks. A recent South African court case, Mavundla v MEC Department of Co-Operative Government and Traditional Affairs and Others (Case No. 7940/2024P), highlighted the dangers of blindly relying on AI-generated information. While AI can streamline operations, retirement funds must remain vigilant against AI-powered cyber fraud and misinformation.
AI-based cyber threats, such as deepfake scams and phishing attacks, pose a real and growing risk to fund administrators, trustees, and members. Retirement funds must ensure that AI-driven tools enhance security rather than introduce vulnerabilities. At Prescient, we employ stringent AI governance policies and leverage advanced security frameworks to mitigate these risks.

 

Lessons from Recent Cyber Fraud Cases

The Gerber v PSG Wealth Financial Planning (Pty) Ltd (36447/2021) [2023] ZAGPJHC 270 case serves as a stark reminder of the consequences of inadequate cybersecurity. The court found that PSG had a contractual responsibility to deploy adequate technological systems to prevent client financial losses due to cyber fraud.
For retirement funds, this case underscores the critical duty of boards of trustees to safeguard member assets. Cybersecurity is not just an IT issue—it is a governance and fiduciary responsibility. Boards must act with due care, diligence, and good faith, ensuring that service providers have effective cybersecurity measures in place.

 

The Two-Pot System and Cybersecurity

With the Two-Pot system now well established, members have increased access to their retirement fund savings, creating new vulnerabilities. Fraudsters will inevitably target withdrawal processes, making cyber resilience a top priority for fund administrators. Strong authentication processes, real-time fraud monitoring, and enhanced member education are essential to preventing cyber-related financial losses.

 

The Role of Retirement Fund Administrators and Trustees

Prescient Fund Administration (the appointed administrator for the Prescient retirement funds), in collaboration with the broader Prescient Group, has implemented rigorous IT governance, operational resilience, and cybersecurity measures. Our continuous monitoring and deployment of cutting-edge security solutions help mitigate cyber threats and protect member funds from digital fraud.
However, the responsibility does not rest solely with administrators. Boards of trustees must ensure that all outsourced partners—administrators, investment managers, and IT service providers—comply with cybersecurity regulations. This includes adherence to the Protection of Personal Information Act (POPIA), the FSCA Joint Standards, and sound cyber governance principles.

The Path Forward: Proactive Cyber Resilience

Cyber threats are not static—they evolve daily. Retirement funds must adopt a forward-thinking cybersecurity approach, incorporating:

•    Continuous cybersecurity training for administrators and trustees
•    Regular penetration testing and security audits
•    Multi-factor authentication (MFA) and encrypted transactions
•     Incident response plans for rapid cyber breach mitigation
•    Collaboration with industry leaders and regulators to stay ahead of threats

As cyber risks grow, so too must our collective vigilance. By integrating global best practices with local regulations, Prescient remains committed to ensuring that retirement funds—and the hard-earned savings of South Africans—are secure in the digital age.

The time to act is now. Are your retirement funds ready?

 

Disclaimer:

The Prescient Retirement Funds (“the Funds”) are registered with the Financial Sector Conduct Authority and approved by the South African Revenue Services for tax purposes. The Funds are administered by Prescient Fund Administration (Pty) Ltd (Reg. No: 2023/697717/07, “Prescient Fund Administration”). Prescient Fund Administration is an approved retirement benefits administrator (Licence No: 24/810) under section 13B of Pension Funds Act, 24 of 1956 and a Juristic Representative of Prescient Fund Services (Pty) Ltd, an authorised Financial Services Provider (Licence No: 43191) under the Financial Advisory and Intermediary Services Act, 37 of 2002. This document was written by the Prescient Retirement Funds for information purposes only and does not constitute advice or a solicitation for investments. It is subject to copyright and may not be altered, copied or reproduced in whole or in part without the written permission of Prescient Retirement Funds. The Funds and their trustees, and / or Prescient Fund Administration cannot be held liable for damages or loss suffered as a result of any action taken based on the information in this document.