FCA Outlines Guidelines for Tackling Technology Risk in Financial Firms
The Financial Conduct Authority has seen a 138% increase in technology outages and an additional 18% increase in cyber incidents in the year to October. These stats were highlighted by Megan Butler, FCA Executive Director of Supervision Investment, Wholesale and Specialists in a speech on tech and cybersecurity on November 27.
However, Butler specified that the increase is a reflection of more financial firms reporting incidents, rather than a higher prevalence of incidents overall. Despite this increase, underreporting remains a problem.
The speech also emphasised the concept of “impact tolerances” and the need for firms to improve their ability to “recover and learn from operational disruptions,” as outlined in a discussion paper on operational resilience, jointly published by the FCA and the Bank of England in July.
Key themes covered in the speech included the impact and key issues surrounding tech outages, as well as FCA’s recommendations for how firms should manage tech outages.
There is a lack of understanding and appreciation of the impact of cyber vulnerability and cyber incidents. Butler highlighted the lack of clarity around incident response plans, particularly with regard to third-party tech contractors, as a key issue facing the financial sector.
“The tech landscape is characterised by massive outsource functionality in IT, with chief information officers (CIOs) commanding armies of semi-permanent contractors, or unregulated third parties, Butler stated. “Yet only 66% of large firms, and 59% of smaller firms, tell us that they understand the response and recovery plans of their third parties.”
A transcript of the full speech, including recommendations for improving operational resilience, is available on the FCA website.