On November 27, 2018, the FCA published a report entitled "Cyber and Technology Resilience: Themes from cross-sector survey 2017-2018." The FCA compiled the report by requesting 296 firms during 2017 and 2018 to provide a self-assessment of their cyber and technological capabilities, focusing on governance, delivery of change management, managing third-party risks and the effectiveness of cyber defenses. The FCA analyzed the responses and considered data from firm's responses to recent operational incidents to produce the report.
In the report, the FCA identifies areas of strength as well as areas where improvement is needed. Areas for improvement include people, third-party management and protection of a firm's key assets. The FCA will be considering these areas in the 2019 supervisory plans.
This area is gaining increasing focus, both in the U.K. and globally. The BoE, the U.K. Prudential Regulation Authority and the FCA published a joint discussion paper in July 2018, entitled "Building the U.K. financial sector's operational resilience," indicating that a step change is needed by firms and financial market infrastructure in their approach to operational resilience. A U.K. Parliamentary Committee inquiry into IT failures in the financial services sector was also recently launched.
The report is available at: https://www.fca.org.uk/publication/research/technology-cyber-resilience-questionnaire-cross-sector-report.pdf, details of the joint discussion paper are available at: https://finreg.shearman.com/uk-regulators-seek-views-on-improving-operational and details of the Parliamentary inquiry are available at: https://finreg.shearman.com/uk-parliamentary-committee-launches-inquiry-into-.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
