South African Reserve Bank consults on cloud computing and data offshoring framework for the national payment system

The South African Reserve Bank’s National Payment System Department has published a consultation paper proposing a policy position and regulatory framework for payment institutions and operators that use cloud computing and offshore data in South Africa’s national payment system. The proposals would allow payment institutions and operators to use cloud computing and, for entities that are not payment system financial market infrastructures (FMIs), to offshore only non-critical payment data and processes, subject to prior South African Reserve Bank approval. Clearing and settlement services and related data, systems and infrastructure for payment system FMIs (including payment clearing house system operators and real-time gross settlement operators) would have to be processed and stored within South Africa, with offshoring prohibited and cloud use limited to onshore cloud services, subject to specified exclusions for designated cross-border settlement systems. The paper also sets out proposed requirements on supervisory access to data and records, pre-migration information submissions (including criticality assessments and provider details), ongoing notification of material changes and adverse events, data protection aligned to the Protection of Personal Information Act, and governance, risk management, business continuity and exit planning, with the possibility of requiring firms to modify arrangements or reintegrate activities where compliance or oversight is impeded. Comments are invited using the South African Reserve Bank template by 15 May 2025.