With rapidly evolving developments regarding Russia and Ukraine, the FCA has reiterated that firms need to be vigilant of operational and cyber resilience.
The FCA on 8 March 2022 set out five areas that firms should be watchful of following Russia’s invasion of Ukraine.
- Cybersecurity: firms should review the NCSC’s guidance, and consider their ability, as well as that of third-party providers, to withstand a cyber-attack. Appropriate steps should be taken to strengthen security controls, improve staff knowledge and awareness, and review third-party dependencies, alongside ensuring personnel levels are adequate to address increased cyber risk.
- Important business services: the impacts of sanctions (UK/US/EU) should be reviewed to ensure they do not impact a firm’s ability, or the ability of their third-party providers, to continue to deliver important business services.
- Business continuity and incident management arrangements: firms should ensure formal business continuity and incident management plans and processes exist and are updated, and that responses are comprehensive and coordinated to allow for the firm to continue to meet regulatory obligations should an unexpected event materialise.
- Reporting incidents: the FCA have emphasised that quick notification of cyber incidents or outages to the FCA and other UK authorities is extremely valuable during this period, not least to enable them to provide input and mitigate the risk of harm whether to individual consumers or the sector as a whole. The FCA reminds firms to report material operational incidents to the FCA in “a timely way”.
- False information: firms should be vigilant of false information that may be circulated during times of unrest, and have a clear and concise response plan readily available to help prevent harm to consumers or market integrity.
The complete FCA publication can be found here.
