Technology outages in UK financial services sector become more frequent, FCA survey shows

Maria Nikolova

The number of incidents reported to the FCA has increased by 138% in the past year.

The UK Financial Conduct Authority (FCA) has earlier today posted the results of a survey dedicated to cyber and technology resilience, with the findings pointing to a rising number of tech outages in the financial services sector.

The survey covered 296 firms and assessed their technology and cyber capabilities. Firms self-assessed their capabilities and the FCA then analyzed the responses for each firm and across sectors.

Cyber-attacks show no sign of decreasing in volume. They accounted for 18% of the operational incidents reported to the FCA between October 2017 and September 2018. Technology outages in the financial services sector are becoming more frequent. The number of such incidents reported to the FCA has increased by 138% in the year to September 2018.

Most firms ranked cyber resilience as their biggest concern. Firms’ responses highlight cyber weaknesses in 3 areas: people, third party management, and protecting their key assets. Nearly 80% of respondents struggle to maintain a view of what information they hold and of their third parties. Firms also noted challenges in identifying and managing their high-risk staff and then educating those employees with access to critical systems or sensitive data, who are more likely to be targeted by cyber criminals.

Under Principle 11, the FCA expects firms to report major technology outages and cyber-attacks to it. Evidence, however, suggests that firms are under reporting and the FCA reminds all firms of their obligations to report.

Regarding detection of cyber-attacks, only the largest firms report that they have automated systems to spot potential cyber-attacks and support their subsequent response. Smaller firms are mainly reliant on manual processes, or have no processes at all.

Change management is the top root cause for issues reported to the FCA in the past year. The regulator notes that there is a disconnect between firms’ self-assessed strength in change management and the FCA analysis of incidents reported to it. This indicates that poor change management caused 20% of incidents reported to the FCA between October 2017 and September 2018.

Third-party failure is ranked second among root causes. Nearly all firms described discussing cyber risk with their third parties. However, only 66% of large firms and 59% of smaller firms understood their third parties’ response and recovery plans. These figures drop to 22% and 19% (respectively) when it comes to explicitly including third parties in their own testing plans.

Key areas of focus that the FCA has identified, such as third party management and change management, will be considered in its supervisory plans for 2019.

Let’s recall that, in July this year, the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA), presented their joint view on the need for the financial sector to boost its operational resilience. The supervisory authorities envisage that boards and senior management have to assume that individual systems and processes that support business services will be disrupted, and focus on back-up plans, responses and recovery options.

Read this next

Retail FX

Financial Commission adds FX broker Bold Prime to membership roster

The Financial Commission today announced that it has added Bold Prime to its member roster, which is made up of online brokerages operating in FX, derivatives and cryptocurrency markets.

Digital Assets

Despite crypto winter, Cake DeFi paid out $58 million in Q2 rewards

According to its latest ‘Transparency Report,’ Cake DeFi continued its growth trajectory in the three months through June 2022, even as the entire crypto industry experienced macro challenges this quarter.

Retail FX

SimpleFX Review: Cryptos, Spreads, Pros & Cons

SimpleFX combines years of Forex and cryptocurrency experience with a focus on offering resources to retail traders. 

Retail FX

Ironbeam becomes CME clearing member and launches MT5

“The direct clearing aspect along with our low-latency proprietary trading tools and technology solutions make Ironbeam the ideal trading destination.”

Institutional FX

Top 0.07%: oneZero makes it to Inc. 5000 of fastest growing companies in America

oneZero started out by serving the foreign exchange trading community, developing and executing technology that could scale with the growth of the FX market.

Industry News

CFTC wins case against broker for secretly taking other side of client orders in block trades

“As we said at the outset of this case, the illegal use of inside or confidential information undermines confidence in markets and will not be tolerated.”

Technology

BankiFi raises $4.8m to bring embedded banking platform to North America

“Our mission is to make all aspects of cash management and payments easier for SMBs everywhere, and this investment is another huge step to making that a reality.”

Executive Moves

Shieldpay hires ex-Payoneer Chris Andrews as Head of Sales

“We’ll be expanding our position in existing markets and accelerating growth into new verticals, whilst building on our direct and indirect channels.”

Digital Assets

Crypto.com secures preliminary approval to operate in Canada

Crypto.com, one of the longest-established crypto platforms, has become the first digital asset platform to sign a Pre-‘Registration Undertaking’ with the Ontario Securities Commission (OSC) in Canada.

<