United Kingdom (and EU regulation)

New FCA webpage concerning events in Ukraine and operational and cyber resilience

By Simon Lovegrove (UK) on March 9, 2022 Posted in Regulation and compliance, United Kingdom

On 8 March 2022, the FCA published a new webpage stating that although the National Cyber Security Centre (NCSC) is not aware of any current specific cyber threats to the UK following events in Ukraine, firms should be vigilant.

The FCA recommends that firms should review the NCSC’s guidance outlining actions all organisations should consider in response to the current situation. The FCA also encourages firms to review the NCSC’s Cyber Essentials scheme.

The FCA mentions that firms should:

Consider their ability and the ability of their third party providers to withstand a cyber-attack.
Take all appropriate steps to shore up their controls, including raising staff awareness that may, for example, include re-running staff ethical phishing campaigns.
Consider if their staffing levels are appropriate to deal with an elevated cyber risk.
Consider the implications of the continuing unrest and UK/US/EU sanctions and how that might impact it and its third-party providers including whether this could affect the delivery of important business services.
Ensure that their business continuity and incident management arrangements are up to date, ensuring that the firm can continue to function and meet its regulatory obligations in the event of unforeseen disruption.
Be ready to report material operational incidents to the FCA in a timely way.