Recent FCA outcomes and a speech by the ECB earlier this month are stark reminders that financial resilience alone is not a sufficient safeguard to operate in today’s increasingly complex risk environment – firms must have robust, resilient operational systems in place, as well.
From an enforcement perspective, the past couple of years have seen significant outcomes relating to outsourcing and cybersecurity arrangements and we have also seen an increase in intervention and enforcement action by the FCA, including in relation to firms breaching requirements imposed on them as a result of inadequate implementation, testing and monitoring of controls designed to comply with requirements imposed by the regulator. In a recent speech by the markets and executive director of the FCA at the Financial Crime Summit, the FCA reemphasised the importance of making “strategic interventions” to prevent fires from breaking out rather than “constantly hosing down fires where they arise”. Financial crime in particular has been a consistent area of enforcement action where inadequate systems and controls has often been the key breach.
It is clear that, in the eyes of the regulators, a robust approach to operational resilience, and diligent implementation, testing and monitoring of new and updated IT or other systems when they are put in place, should be taken as seriously by firms as the financial and commercial factors that drive the business. Against this regulatory backdrop, we set out in our latest briefing some key lessons learned from recent FCA outcomes for firms to consider when carrying out systems/operational changes and updates.
Read more in the full article here: Regulators reinforce importance of IT, systems and operational resilience: Key considerations for firms | Global Regulation Tomorrow