In its 2018/19 Business Plan, the London-based Financial Conduct Authority (FCA) has outlined that it plans to tackle the increasing threat of cyber-attacks by addressing the industry’s operational resilience and assessing risks associated with outsourcing and third-party providers. The FCA explained that cyber-attacks in the financial services sector are becoming more frequent and widespread, and this threat is potentially made worse by the use of complex and ageing IT systems, outsourcing of operations and the growing transfer of data between firms. The plans laid out by the FCA are to ensure that firms are more resilient to cyber-attacks and technology outages, so reducing the risk and frequency of disruption and ensuring new and replacement technologies are resilient. In the Plan, the FCA explained that “technology plays a pivotal role in delivering financial products and services. It enables firms’ innovation and supports their business strategies. New technologies can lead to harm if they are not safely adopted and managed. For example, new technologies such as distributed ledger (blockchain) and artificial intelligence rely on access to sensitive and high quality data”.
Risks of outsourcing
In the Plan, the FCA noted that an increasing number of firms are outsourcing the delivery of major and critical services often to unregulated providers. Regulated firms should have appropriate oversight and control over third-party providers and take responsibility for the service they provide, it said, and doing so will reduce the risk of third-party failures or weak controls which could lead to operational disruption, unauthorised loss or disclosure of consumer data. “One area we are focusing on is outsourcing arrangements where the service provider supports many firms and so the impact of any disruption is magnified. Over 2018/19, we will increase our understanding of both outsourced services and core infrastructure provision across different sectors through several pieces of thematic and firm-specific work. This will include diagnosing how firms use third parties, their concentration in the market and the potential harm that results, and join up its work on resilience,” the FCA said. The FCA works closely with global bodies such as the International Organisation of Securities Commissions (IOSCO), Group of Seven (G7), Financial Stability Board (FSB) and others who prioritise data security, resilience and outsourcing. Photo: Copyright 2013 Bloomberg
