Next event:

QA Financial Forum: Milano 2019

23 January, 2019
News and research on financial software quality assurance and risk management

FCA Outlines Guidelines for Tackling Technology Risk in Financial Firms

27 November 2018
In order to tackle an epidemic of cyber incidents and growing cyber risk, financial firms must implement comprehensive strategies to improve their cyber resilience, said the FCA's Megan Butler.

The Financial Conduct Authority has seen a 138% increase in technology outages and an additional 18% increase in cyber incidents in the year to October. These stats were highlighted by Megan Butler, FCA Executive Director of Supervision Investment, Wholesale and Specialists in a speech on tech and cybersecurity on November 27.

However, Butler specified that the increase is a reflection of more financial firms reporting incidents, rather than a higher prevalence of incidents overall. Despite this increase, underreporting remains a problem.

The speech also emphasised the concept of “impact tolerances” and the need for firms to improve their ability to “recover and learn from operational disruptions,” as outlined in a discussion paper on operational resilience, jointly published by the FCA and the Bank of England in July.

Read more: Bank of England Conducts Resilience Test of UK Financial Sector

Key themes covered in the speech included the impact and key issues surrounding tech outages, as well as FCA’s recommendations for how firms should manage tech outages.

There is a lack of understanding and appreciation of the impact of cyber vulnerability and cyber incidents. Butler highlighted the lack of clarity around incident response plans, particularly with regard to third-party tech contractors, as a key issue facing the financial sector.

“The tech landscape is characterised by massive outsource functionality in IT, with chief information officers (CIOs) commanding armies of semi-permanent contractors, or unregulated third parties, Butler stated. “Yet only 66% of large firms, and 59% of smaller firms, tell us that they understand the response and recovery plans of their third parties.”

A transcript of the full speech, including recommendations for improving operational resilience, is available on the FCA website.

Get the latest
by email

Newsletter Sign-Up
First Name*
Last Name*
Email*

I understand my contact details will be entered into your database and used to contact me by email with QA Financial's newsletter. See our privacy policy here.

Opted-in to receive newsletter
Source - newsletter sign-up form