FCA to Prioritize Cybersecurity and Innovation amid Brexit

In preparation for Brexit, the Financial Conduct Authority (FCA) says it aims to assign resources to key sector areas that present the greatest risk, and where intervention could benefit the most. Significant amounts of work at a governmental and regulatory level have already gone into bolstering defenses for the UK’s fintech and asset management sectors, in both of which the country holds the number two global spot, ahead of the current Brexit date in March 2019.

“The business plan is an important way in which we are transparent about our priorities for the year,” said Andrew Bailey, chief executive of the FCA, at a press conference held on April 9. “We recognize that this year we need to dedicate a significant amount of resource to withdrawal from the EU. As a result, setting our priorities this year has involved a particularly rigorous level of scrutiny and challenge to focus on areas where we see the greatest potential for harm.”

Among its listed priorities, the FCA will target areas such as data security, innovation, and competition. The latest business plan issued by the regulator looks at initiatives such as helping firms through the FCA’s Project Innovate programme, which launched in 2014, testing the viability of regulatory sandboxes, working towards a blueprint for a potential global sandbox, issuing cost-effective studies on using regtech and advanced analytics, and as a follow up to a crypto-asset taskforce announced by HM Treasury in March 2017, the body will also publish a discussion paper outlining its policy on cryptocurrencies. The FCA had issued an advisory on April 6, saying that dealers in cryptocurrency derivatives are likely to need authorization from the regulator.

As firms grapple with the rapidly developing technologies and growing use of data, the regulator will also dedicate its resources to prioritizing cybersecurity and exploring the dangers and opportunities of using emerging technologies such as distributed ledger and artificial intelligence. 

“Our approach is to sustain a regulatory environment where consumers and firms can maximize the opportunities of competition, innovation and big data while reducing or mitigating the associated harms,” the FCA business plan says. 

Bailey said that the importance of data security has “increased,” given the spike in cyber breaches. Cyber attacks are one of the financial sector’s biggest issues and the regulator aims to ensure firms and their technologies are more resilient to help reduce the risk and frequency of disruption and enhance market integrity, he explained. The key to managing the problem, he suggested, lies in managing data.

“There are two parts to this around data, one as we highlight [in the business plan] is the security of personal data because we have seen quite a few big incidents in the last 12 months of data being lost. Secondly, is around the issues of the use of data,” he said.

One of the key areas also addressed in the business plan is the risk associated with outsourcing to unregulated third-party providers. The FCA will look at firm’s resilience to security breaches, known as ring-fencing. The plan states that: “Over 2018/19 we will increase our understanding of both outsourced services and core infrastructure provision across different sectors through several pieces of thematic and firm-specific work.”

Throughout the next year, the regulator intends to further bolster the industry’s defenses by working closely with firms, Bank of England, HM Treasury, the National Cyber Security Centre, the National Crime Agency and global bodies such as International Organization of Securities Commissions and Financial Stability Board. 

“Over the next year, we will strengthen our supervisory assessments of the highest impact firms to better understand their current and planned use of technology, resilience to cyber attacks and staff expertise,” the plan says.