Teaming up with... AVIVA

Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

We hope you find the Updates useful. If you are
interested in subscribing to our affordable
ABC compliance support package, please
email us at ABC@ukgigroup.com or
call UKGI on our dedicated ABC
contact line 01925 767893.

FCA insights – insights from the 2020 Cyber Coordination Groups

Apr 29, 2021 | FCA

Link(s): Insights from the 2020 Cyber Coordination Groups | FCA

Context

The FCA has provided a broad overview and insight into the discussions held at its quarterly Cyber Coordination Group meetings, with the aim of sharing the valuable insights found in these groups with the wider financial sector.  Cyber threats and their associated harms represent a complex and evolving challenge for the financial sector.  Since 2017, the FCA has brought financial services firms together to collaborate in groups on cyber security and operational resilience.

These Cyber Coordination Groups (CCGs) have aimed to help firms share knowledge and discuss good practices in protecting themselves from cyber threats.  In 2020, the FCA convened 157 firms in 7 CCGs, with each CCG representing a specific sub-sector. The 2020 CCG sub-sectors were: Insurance, Investment Management, Fund Management, Retail Banking and Payments Firms, Retail Investments and Lending, Brokers/Principal Trading Firms and Trading Venues/Benchmark Administration Firms.

Key points to note

The key insights discussed in the publication are:

  1. Some of the major cyber threats and risks that CCG member firms have been faced with include ransomware attacks, denial of service attacks, cloud security, insider threats and inadequate supply chain oversight and security.
  2. CCG firms have identified Zero Trust Security models and Artificial Intelligence as some of the emerging fields within cyber-security.
  3. The change to remote working has put additional strain on cyber-security teams and systems, requiring the need to re-evaluate existing cyber risks and controls. The changed ways of working have also exacerbated the challenges caused by ransomware, supply chain security and insider threats.
  4. There are several common good practices which can be used to mitigate supply chain risks. CCG members identified fourth-party supply chain and Cloud Service Provider (CSP) risks as unique challenges in this space and shared potential mitigation strategies. CCG members also identified shared assurance models as potentially promising improvements to the way firms assess supply chain risk.

Next actions

None – for information and awareness