On 5 July 2018, we published a Discussion Paper jointly with the Prudential Regulation Authority (PRA) and the Bank of England (Bank) about strengthening the operational resilience of financial services firms.
Operational resilience failures pose a risk to the supply of vital services on which the real economy depends. They can also threaten the ongoing viability of firms and cause harm to consumers and market participants.
We highlight the risks posed by cyber-attacks and other disruptive operational incidents, and the financial system’s increasing reliance on and connectedness through technology and data.
In this complex and changing environment, we want firms to be able to withstand, absorb and recover from disruptive operational incidents. Firms should manage their responses to these incidents in a way which considers the needs of those affected, including customers.
This discussion paper is part of our ongoing collaboration and coordinated approach with the PRA and Bank aimed at strengthening firms’ operational resilience.
Firms are already subject to requirements for risk management and business continuity. This discussion paper reminds firms of existing requirements and introduces new ideas:
We encourage responses from all types of FCA authorised and recognised entities, trade associations, and consumer bodies. We are also interested in hearing from individuals and businesses who use authorised and recognised entities’ business services and who may have suffered harm from disruptive events that have affected these services.
Please send your comments by 5 October 2018. The Bank will be coordinating responses.
To respond, email: [email protected]