Wealth Manager - the site for professional investment managers

Register free for our breaking news email alerts with analysis and cutting edge commentary from our award winning team. Registration only takes a minute.

FCA cyber review rings a 'loud alarm bell' for fund firms

FCA cyber review rings a 'loud alarm bell' for fund firms

A review into firms' cybersecurity arrangements by the Financial Conduct Authority (FCA) has found some have not tested their defences at all.

Late last year and early this year, the regulator reviewed the cybersecurity of 20 asset management and wholesale banking companies to help them find and counteract risks.

It discovered that, while some had carried out 'extensive programmes' covering staff and systems, some had done 'almost no testing' of their measures whatsoever.

The review did not measure the effectiveness of cyber technical controls.

Piecemeal tests lacking clear responses to identified threats were the most ineffective, the FCA said, while those part of a wider strategy were deemed more valuable.

EY's financial services cyber solutions leader Steve Holt commented: 'The FCA’s findings are a loud alarm call to the UK asset management industry on its cybersecurity. 

'While only covering a small part of the market, it should still be catalyst for firms to review their planning, systems, staff education and relationships with third parties, including the increasing use of cloud providers.  

'With over £8 trillion in assets under management in the UK, it’s not surprising the regulator is focusing on asset managers and will continue to monitor how firms respond.'

Senior figures required more detail to target specific threats and cultivate a productive cyber culture, Holt claimed.

He said: 'The key finding was that boards and senior management still need more information on the specific risks for their individual business.  

'Interestingly, the regulator also asked whether firms are doing enough to link cyber risk with conduct issues, such as market abuse and financial crime. 

'By embedding a security conscious culture, the firms could reduce both their conduct and cyber risks.  

'More worryingly, incident response plans were found to be lacking in impact assessment on customers, reputational damage and the broader market impact.'

Awareness of threats posed by weak cyber security, the FCA found, was lower in firms without specific strategies and where incident response plans broadly fail to acknowledge damage caused to reputation and clients from successful cyber attacks.

Leave a comment!

Please sign in or register to comment. It is free to register and only takes a minute or two.
Citywire TV
Play Hugh Young: the buck stops with me on Asia recovery

Hugh Young: the buck stops with me on Asia recovery

The Veteran Asia Pacific fund manager discusses how he is going to improve the performance of Aberdeen Standard Asia Focus and the other investment trusts run by his team.

Play Tim Steer: fund managers will have to get 'stuck in'

Tim Steer: fund managers will have to get 'stuck in'

The second part of our film with former Artemis and New Star fund manager Tim Steer looks at how his profession has evolved over the past two decades.

2 Comments Play Tim Steer: how to spot a stock disaster coming

Tim Steer: how to spot a stock disaster coming

The former Citywire AAA-rated fund manager has written a book on 22 stock disasters and how forensic examination of annual reports could have spotted them coming.

Read More
Your Business: Cover Star Club

Coverstar club: wealth managers we grilled in 2018 - part 1

Coverstar club: wealth managers we grilled in 2018 - part 1

We featured more than 60 wealth managers from the length and breadth of the UK on our cover last year

Wealth Manager on Twitter