Next event:

QA Financial Forum: Milano 2019

23 January, 2019
News and research on financial software quality assurance and risk management

Monitoring operational resilience and outsourced services are key priorities for FCA in latest Business Plan

9 April 2018
The Financial Conduct Authority (FCA) has published its Business Plan for 2018/19 setting out its key priorities for the coming year, including data security, resilience and outsourcing in a bid to tackle the increasing threat of cyber-attacks

In its 2018/19 Business Plan, the London-based Financial Conduct Authority (FCA) has outlined that it plans to tackle the increasing threat of cyber-attacks by addressing the industry’s operational resilience and assessing risks associated with outsourcing and third-party providers.

The FCA explained that cyber-attacks in the financial services sector are becoming more frequent and widespread, and this threat is potentially made worse by the use of complex and ageing IT systems, outsourcing of operations and the growing transfer of data between firms.

The plans laid out by the FCA are to ensure that firms are more resilient to cyber-attacks and technology outages, so reducing the risk and frequency of disruption and ensuring new and replacement technologies are resilient.

In the Plan, the FCA explained that “technology plays a pivotal role in delivering financial products and services. It enables firms’ innovation and supports their business strategies. New technologies can lead to harm if they are not safely adopted and managed. For example, new technologies such as distributed ledger (blockchain) and artificial intelligence rely on access to sensitive and high quality data”.

Risks of outsourcing

In the Plan, the FCA noted that an increasing number of firms are outsourcing the delivery of major and critical services often to unregulated providers. Regulated firms should have appropriate oversight and control over third-party providers and take responsibility for the service they provide, it said, and doing so will reduce the risk of third-party failures or weak controls which could lead to operational disruption, unauthorised loss or disclosure of consumer data.

“One area we are focusing on is outsourcing arrangements where the service provider supports many firms and so the impact of any disruption is magnified. Over 2018/19, we will increase our understanding of both outsourced services and core infrastructure provision across different sectors through several pieces of thematic and firm-specific work. This will include diagnosing how firms use third parties, their concentration in the market and the potential harm that results, and join up its work on resilience,” the FCA said.

The FCA works closely with global bodies such as the International Organisation of Securities Commissions (IOSCO), Group of Seven (G7), Financial Stability Board (FSB) and others who prioritise data security, resilience and outsourcing.

Photo: Copyright 2013 Bloomberg

Get the latest
by email

Newsletter Sign-Up
First Name*
Last Name*

I understand my contact details will be entered into your database and used to contact me by email with QA Financial's newsletter. See our privacy policy here.

Opted-in to receive newsletter
Source - newsletter sign-up form