Financial Conduct Authority Offers Advice On Preparing For Cyberattacks
July 25, 2024
Financial regulators worldwide are prioritizing operational resilience as essential. The Financial Conduct Authority (FCA) published its first paper on the topic in 2019, according to an article by Cadwalader.
By the end of March 2025, FCA-regulated firms must confirm that they have conducted testing to ensure they meet impact tolerances for operational risks related to cyberattacks.
The article stressed the importance of identifying critical business services, setting impact tolerances, and conducting scenario testing to prepare for potential operational failures.
In anticipation of its 2025 deadline, the Financial Conduct Authority published an updated guide providing further insights and expectations for firms to meet:
- Regularly assess and justify the importance of business services
- Establish clear boundaries for acceptable disruption levels
- Document and manage third-party relationships required for a firm to deliver each of its important business services
- Conduct rigorous testing to handle severe disruptions
- Perform mapping and scenario testing that identifies and addresses weak points
- Develop, test, and refine disruption response plans
- Ensure comprehensive board-approved assessments
- Embed resilience into corporate culture and risk management
- Continuously monitor and update resilience strategies against emerging risks
The FCA highlights several poor practices, which Cadwalader refers to as “a what-not-to-do guide.”
One example is that impact tolerances often lack sufficient rationale for the firm’s board to understand the parameters set and the reasons behind them. Additionally, impact tolerances frequently reference downtime. Companies should consider other metrics, such as transaction values, the criticality of those transactions, and estimated losses.
Critical intelligence for general counsel
Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.