The FCA’s Business Plan for Minimising Operational Risks in 2022/23

The FCA is the conduct regulator for approximately 50,000 financial services institutions and markets. The regulator recently made announcements regarding their business plan for the next 12 months and what this means for businesses who operate in UK markets. A key focus from the FCA’s strategy covers ‘minimising the impact of operational disruptions’. This umbrella term used by the FCA includes responses to cybersecurity and why this is becoming an increasing concern in the financial services industry.

In the last two years, the FCA has significantly transformed how they work as a regulatory operator. This has been greatly influenced by the onset of the COVID 19 pandemic and as a consequence, the FCA have been seeking to continue to evolve and change so they can provide adequate, effective and safe regulation for all market participants. As part of this transformative process, they have carried out a deep dive into their own operations with a goal of establishing how to use data and technology to make informative decisions regarding consumer interests.

The FCA has recorded a great growth in digital services supplied to consumers within the financial services markets. Both customers and businesses continue to have access to more and more data so they, in theory,  can make key decisions regarding investments and finances faster and more effectively. However, whilst this greater access and speed brings greater opportunities within the digital finance and fintech world, it also opens a pandoras box of risks that can evolve very quickly. Operational risks that can arise due to this new financial climate include increased danger of cyberattack. Due to this, the FCA has set the intention to improve their technologies and capability to find and stop harm faster, whilst also seeking to strengthen the resilience of the firms they manage. In the next two to three years, the FCA will be assessing the resilience of all financial firms by analysing their business continuity plans, their incident response frameworks and their cyber security and third-party management. The FCA will be placing great scrutiny on firms who cannot adhere to and meet their current or new resilience guidelines.

Outsourcing Risk Management to Third Parties

As the FCA places greater pressure on financial firms to have adequate risk detection and management, we will be working with clients to mange this demand, implementing our Automated Incident Response Engine ‘AiRE’  and Security Operations Centre, Seceon aiSIEM. Both of these platforms are award winning. They are industry leading adaptive and intelligent security information and event management platforms.This technology empowers us to support our clients with their overall IT architecture, whilst also giving them a 360 degree view of their managed security service. Through this service, RFA will be helping clients minimise the impact of operational disruptions that could be onset by cyber terrorism or cybercrime. Being able to protect a firm’s financial data from cybercrime is critical to protect both the firm’s employees and their clients from a data breach.

The threat of cyber attack continues to grow in momentum as the world of digital finance continues to expand. The FCA understands such attacks are inevitable and can lead to operational disruptions. However, these risks need to be managed and firms must be in a position to protect themselves by investing in their resilience in the event of an attack. By investing in adequate risk detection and management, firms will be adhering to the FCA’s future guidelines, whilst also protecting themselves, their employees and their investors.