Updated in late July 2022, the Financial Conduct Authority (FCA) has laid out the steps a firm should consider regarding its operational and cyber resilience systems and controls following Russia’s invasion of Ukraine. These steps refer to the National Cyber Security Centre (NCSC) calls for increased cyber vigilance within firms. Although the UK has not been under pressure from severe cyber attacks related to Russia’s invasion of Ukraine, the NCSC has appealed for caution and for UK organisations to bolster their cyber defences, by publishing its new guidance on how to mitigate cyber threats[2]. Firms have been urged to place themselves in a heightened state of alert for all types of cyber threats, which, in turn, can:
- Help prioritise necessary cyber security work
- Offer a temporary boost to cyber defences
- Give organisations the best chance of preventing cyber attacks but also knowing what to do and recover quickly when a cyber attack does occur.
Following this actionable guidance from the NCSC can help minimise the risk of a firm’s cyber security being compromised. The steps suggested within the guidance recommend that firms maintain a strengthened long term cyber security posture to ensure sustainability, efficiency, and the wellbeing of their staff.
The FCA encourages firms and financial institutions to assess their ability as well as review their cyber security arrangements, to withstand cyberattacks, making improvement where necessary. This includes taking the necessary actions to strengthen their controls and raise awareness and train staff members on how to deal with elevated cyber risks. The proficiency and suitability of third-party providers should also be assessed whilst also taking into account how UK/US/EU/UN sanctions might influence their capacity to supply crucial business services.
Another aspect to consider, are the risks for those firms which arise from them using Russian technology products and services, regardless of whether they themselves are, or would be a likely target of the Russians. Enterprises and financial institutions should make sure their incident management and business continuity plans are up to date, to guarantee that they can continue to operate and fulfil their regulatory and legal requirements if and when a disruptive or harmful event occurs.
Finally, the FCA encourages firms to be alert to the risk of false information being gathered or shared regarding the operation of the firm, the financial services sector, or the staff of the firm. Contingencies should be in place to provide a prompt and clear response to prevent that information being acted upon. Likewise, firms should be ready to report material operational incidents to the FCA in a timely way. A non-exhaustive list of incidents that should be reported to the FCA include incidents that:
- Result in a significant loss of data
- Result in the unavailability or control of the firm’s IT systems
- Affect a large number of customers
- Result in unauthorised access to the firm’s information systems
Giving information on developing cyber incidents or outages in a timely manner and being as cooperative and open with the FCA as possible, could be extremely valuable so that the FCA and UK authorities can provide specialist expertise and work to minimise harm to consumers, markets, and the wider UK financial sector.
Anti-Financial Crime Support – How can Complyport Help?
Our experienced Financial Crime and Forensics team led by Martin Schofield—one of the world’s leading specialists in the field—brings a wealth of experience to every project we are engaged in. Our highly experienced financial crime professionals and forensic experts, in subjects such as anti-money laundering, counter terrorist financing, anti-bribery and corruption and fraud and regularly help our clients navigate the complexities of the financial crime and money laundering environment. Services offered by Complyport include:
- AML/Fraud policy & training reviews,
- Transaction monitoring / reporting framework reviews,
- Vulnerable Customer Management framework reviews/audits/gap analysis,
- Financial crime health checks and audits,
- Implementation of financial crime, AML, CTF, ABC, Fraud and market abuse controls and frameworks,
- Ongoing advice on financial crime, AML, CTF, market abuse and fraud prevention,
- Authoring/reviewing financial crime policies,
- Outsourced MLRO support
- Outsourced KYC and CDD support,
- Assistance in identifying Politically Exposed Persons (PEPs),
- Assistance in navigating international sanctions,
- Support with preventing market abuse and insider dealing,
- Expert Witness in Financial Crime cases
- Forensics and Investigations
- Design and/or delivery of online or face to face financial crime training
If this article has raised any questions, or you think your firm may require assistance, please contact either Martin Schofield via martin.schofield@complyport.co.uk or Jan Hagen via jan.hagen@complyport.co.uk to book in a free consultation.
About Complyport
Complyport is the City’s market leading consulting firm supporting the UK financial services industry for over 20 years. We specialise in providing Governance, Risk and Compliance services to support the regulated financial services industry to raise standards and thrive.
Complyport advises and assists firms to become authorised and to comply with the rules and requirements of regulators on an ongoing basis. Our vision is to be there for our clients every step of the way, helping them change, grow, and excel through expertise, insight, and innovation, and in so doing to become our clients’ most valued supplier and trusted advisor.
With presence in the UK and EU, as well as via our Associates Network, Complyport can assist firms across multiple jurisdictions.
Complyport’s multidisciplinary consultants possess deep expertise in their field, having acted in FCA skilled person reviews, as expert witnesses in legal cases and as expert investigators for firms or their legal advisers.
Day to day, we conduct audits and reviews of a firm’s products, processes, policies, and procedures to identify scope for business, to determine the impact of regulatory developments and to verify compliance with local regulations. Complyport can also assist firms by providing personnel to cover all the key compliance functions including resourcing individuals to be registered as your Compliance Oversight Function (SMF16) and/or Money-Laundering Reporting Officer (SMF17).
Our clients tell us we live our values; we are driven, agile and collaborative.
