The FCA has published some pointers that firms should consider regarding operational and cyber resilience following Russia’s invasion of Ukraine.
Firms are advised to consider the following:
- the firm’s ability, and that of its third-party providers, to withstand a cyber attack and to follow their actionable guidance as a priority, to reduce the risk of cyber compromise. The NCSC has issued guidance for various sizes of firms;
- the implications of the continuing unrest and UK/US/EU sanctions and how that might impact the firm and any third-party providers, and whether this could affect business services continuing;
- updating any business continuity and incident management arrangements to ensure regulatory obligations are met in the event of unforeseen disruption;
- reporting material operational incidents to the FCA in a timely way; and
- be alert to the risk of false information being gathered or shared about the operations of a particular firm and prepare a prompt, clear response to try and prevent that information being acted upon.