https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / Webber Wentzel RSS ← Back
Africa|Financial|Paper|SECURITY|Services|Products|Operations
Africa|Financial|Paper|SECURITY|Services|Products|Operations
africa|financial|paper|security|services|products|operations
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

Data Protection and Cybersecurity in the Open Finance space


Close

Embed Video

Data Protection and Cybersecurity in the Open Finance space

Webber Wentzel

17th August 2023

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

The FSCA has published a draft paper addressing the risks and possible remedies arising from data sharing in Open Finance, on which it is seeking public comment

The future of financial services is digitisation. As with all digital applications, data is a critical component, and it has immense commercial value in the financial services industry. 

Advertisement

In June 2023, the Financial Sector Conduct Authority (FSCA) published a draft paper on Open Finance. The draft paper refers to Open Finance as "the practice of consent-based financial data sharing and payment initiation, with suitably authorised third parties, safely and ethically".

Open Finance is seen as a beneficial tool in addressing financial inclusion, as it will allow financial institutions to create financial products and services that will meet the needs of consumers. The draft position paper highlights five use cases for Open Finance that leverage consumer financial data to offer personalised financial services and products. These are: (1) account aggregation, (2) financial management, (3) payment initiation, (4) alternative lending and (5) insurance. 

Advertisement

The FSCA notes it is important to cater for new risks, particularly where a consumer's financial data is concerned. These risks include: (1) privacy and protection of personal data, (2) misconduct, (3) operations and cybersecurity, and (4) fraud.

Cyber security and data protection

Each participant in the Open Finance space faces unique risks and challenges, and the FSCA has noted that some remedies can be utilised to mitigate these risks:

It is important to assess the suitability of Open Finance in South Africa, taking into consideration the existing privacy and data protection regulatory frameworks and the possible need for developments in the regulatory space, given that Application Programming Interfaces (APIs) and TPPs lie outside the current framework. The FSCA acknowledges that South Africa has existing regulatory frameworks to deal with data protection, privacy and cybersecurity. The intention is not to create a new regime for Open Finance but to amplify existing frameworks. The existing frameworks discussed were as follows:

Protection of Personal Information Act, 4 of 2013 (POPIA), which provides for sharing information through voluntary, specific and informed consent;

Cybercrimes Act 19 of 2020, which criminalises certain cyber-related acts, including the disclosure of data messages which are harmful; and

Draft Joint Standard for Cybersecurity and Cyber Resilience Requirements (draft Cyber Joint Standard), which sets out the minimum standards for sound practices and processes to ensure that financial institutions are equipped to respond, react, and recover from cyber-attacks.

Regulatory Proposals 

The Draft Position Paper makes several proposals, including: 

The draft paper is open for public comment until mid-August. The FSCA intends to use the submissions from the industry to finalise its policy positions around Open Finance.  

Given the ever-increasing risks associated with cybersecurity and privacy (including frequent ransomware attacks and the sale of user credentials), any responses to the draft paper (and hopefully any outcomes arising from it), should align with the existing cybersecurity and privacy principles set out in our law. In our view, a consolidated approach between regulators and industry sectors on these cybersecurity and privacy principles remains the desired outcome. We believe that specific requirements on these items should only be imposed where it is strictly necessary to achieve a desired outcome. This will increase harmonisation across sectors and reduce barriers to entry for new participants.

Written by Karl Blom, Partner & Lerato Lamola, Associate Director from Webber Wentzel

 

 

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options

Email Registration Success

Thank you, you have successfully subscribed to one or more of Creamer Media’s email newsletters. You should start receiving the email newsletters in due course.

Our email newsletters may land in your junk or spam folder. To prevent this, kindly add newsletters@creamermedia.co.za to your address book or safe sender list. If you experience any issues with the receipt of our email newsletters, please email subscriptions@creamermedia.co.za