On March 29, 2021, the Financial Conduct Authority (FCA) published final rules that will create a new operational resilience framework for banks, building societies, solvency II firms, recognized investment exchanges, enhanced scope senior managers and certification regime firms, and those authorized or registered under the Payment Services Regulations 2017 or Electronic Money Regulations 2011. The
cyber
HM Treasury inquiry into IT failures in the financial services sector
At the end of 2018 the UK Treasury Committee announced that it would launch an inquiry into information technology (IT) failures in the financial services sector. The Treasury Committee has stated that it will appoint a specialist advisor to help provide analysis and aid the inquiry.
The past 18 months have seen numerous IT failures in the financial services sector. Equifax, Barclays and TSB have all suffered incidents, to name a few. TSB is arguably the highest profile case, when 1.9 million customers were logged out of their online banking accounts for up to a month and with some customers also claiming to have been able to view other customers’ bank details. This occurred after the bank attempted to migrate customer information from its former owner to current owner Banco Sabadell.
The inquiry by the Treasury Committee is set to explore the common causes of such operational incidents, to better understand what consumers have lost as a result of the failures, and also to determine whether regulators such as the Bank of England Prudential Regulation Authority and the Financial Conduct Authority have the necessary ability and power to hold firms involved to account.
Continue Reading HM Treasury inquiry into IT failures in the financial services sector
FCA guidance on tackling cyber crime
The Financial Conduct Authority recently released guidance regarding cyber resilience (in the form of new webpages) which FCA regulated firms should take account of. While many larger regulated firms have substantial cyber resilience systems in place, the FCA is well aware that all firms are still vulnerable to attack, and that cyber attacks can…
More Data Vulnerabilities, Cyber Breaches Detected in Healthcare Exchanges
Government audits continue to reveal that millions of people’s personally identifiable information is at risk. Continuous audit reports by the Office of the Inspector General (OIG) of The Department of Health and Human Services (HHS) reveal that online health care insurance exchanges could be the next juicy target for hackers looking for consumers’ personal information. To date, the OIG has identified security vulnerabilities in the federal exchange, and in the state exchanges in California, Kentucky, and New Mexico. While all the audited entities have begun the necessary bulwarking of their exchanges, there is room for improvement.
Continue Reading More Data Vulnerabilities, Cyber Breaches Detected in Healthcare Exchanges
Electric Grid Cyber Threat Concerns Raised Last Week During an Intense Push for General Cybersecurity Legislation
This post was also written by Amy Mushahwar.
Since three cyber security bills passed the House in April (H.R.2096, H.R.3523, and H.R.3834), all eyes have been on Washington for cyber security developments in the Senate. This past week there were several. The week began with a hearing on Tuesday, July…