Blog

Cyber crime update and reporting requirements

Graeme Stewart

Graeme Stewart

2 December 2021

We last wrote on cyber crime in our article A brief adviser guide to cyber security.

Since then, we've seen a significant increase in cyber attacks on financial services firms.  

In this update, we want to remind you of the FCA expectations on the reporting of an operational incident to the FCA. 

Just what does the FCA expect? 

Under principle 11 of the FCA’s principles for businesses, firms are required to deal with the FCA in an open and cooperative way, and disclose to the FCA anything relating to the firm of which the FCA would reasonably expect notice. 

The FCA expects a firm to report to them of material operational incidents. An incident may be material if it: 

  • Results in significant loss of data 
  • Results in the unavailability or control of a firm’s IT systems 
  • Affects a large number of customers 
  • Results in unauthorized access to a firm’s information systems 

The FCA say that this list is not exhaustive. 

If a firm considers the incident to be material, they should report this: 

  • By contacting the firm’s named supervisor (if applicable) 
  • Using the FCA contact page (if the firm does not have a named supervisor) 
  • Informing the PRA (If the firm is joint authorised) 

Firms must also consider if the incident needs to be reported to anybody else: 

  • If you believe the incident is criminal. Firms should contact Action Fraud via the website or by calling 0300 123 2040 
  • If the incident involves a data breach firm may be required to report this to the ICO 
  • For cyber incidents firms may be required to report to the National Cyber Security Centre 
  • Firms can help other firms by sharing details of the incident to the CiSP platform (The Cyber Security Information Sharing Partnership) 

In summary 

Cyber crime remains a real and growing risk to advisory firms and it is important firms are up to speed with FCA expectations when dealing with cyber crime incidents.  

It's also worth reminding firms that there is a wealth of information to help firms with this. Paradigm’s cyber crime hub page contains further links and articles on patches, what are they and why are they so important, as well as details on multi-factor authentication. 

What is essential in this environment is a culture where firms regularly update their protection software and provide training for all staff to keep abreast of company procedures and protocols. 

Reading this blog counts towards your CPD!

Click here to add this session to your Paradigm CPD log.


21 December 2023

PTs remain a big part of the marketplace


21 December 2023

Not all wine and roses but outlook is better


15 December 2023

Artificial Intelligence: A vision for the future


12 December 2023

Reflecting on 2023


11 December 2023

Mental Health Matters: Menopause


8 December 2023

Looking ahead: Reasons to be cheerful about the market in 2023


17 November 2023

Why TikTok could be a winning tactic for brokers


30 October 2023

How advisers can improve the quality metrics with insurers


27 October 2023

The Aggregator Market - Friend or Foe?


25 October 2023

Don’t let Charter support remove advice from the mortgage process


3 October 2023

How to strengthen your defences against cyber threats


29 September 2023

White Dragon Communications


8 September 2023

Advisers deserve recognition for keeping borrowers on lender books


8 September 2023

Claims history of an insurance should form core part of assessing true value of insurance and advic


23 August 2023

The good, the bad & the ugly of using Artificial Intelligence (AI)


14 August 2023

Accessibility in your marketing


14 August 2023

Choosing the right social media platform for you


7 August 2023

Staying safe online


7 August 2023

Search engine optimisation: the process of making your site better for search engines. 


4 August 2023

The blasé attitude towards sudden mortgage withdrawals is not good enough


1 August 2023

Is your content compliant?


10 July 2023

The argument for higher proc fees for better quality business is undeniable


22 June 2023

Product withdrawal timescales and how brokers can adapt


1 June 2023

We're not in mini-Budget territory yet!


24 May 2023

Skipton’s 100 per cent mortgage should be replicated, not feared


30 April 2023

Protection And Mortgage Fair Value Assessments – What Is My Actual Responsibility?


6 April 2023

Lenders will compete on mortgage rates, but don’t expect a price war


27 March 2023

Vulnerable Customers and Economic Abuse


Paradigm

THIS SITE IS FOR PROFESSIONAL INTERMEDIARY USE ONLY AND NOT FOR USE BY THE GENERAL PUBLIC.

APCC Member
Paradigm Consulting is a Member of the Association of Professional Compliance Consultants

Paradigm Consulting is a trading name of Paradigm Partners Ltd
Office address: Paradigm Partners Ltd, Paradigm House, Brooke Court, Wilmslow, Cheshire, SK9 3ND
Paradigm Partners Ltd is registered in England and Wales. No.09902499. Registered Office: As above

Paradigm Mortgage Services LLP
Office address: 1310 Solihull Parkway, Birmingham Business Park, Birmingham B37 7YB
Registered in England and Wales. Company No: OC323403. Registered Office: Paradigm House, Brooke Court, Lower Meadow Road, Wilmslow, SK9 3ND
Paradigm Mortgage Services LLP is a Limited Liability Partnership.

Paradigm Protect is a trading name of Paradigm Mortgage Services LLP
Office address: 1310 Solihull Parkway, Birmingham Business Park, Birmingham B37 7YB
Paradigm Mortgage Services LLP is registered in England and Wales. Company No: OC323403. Registered Office: Paradigm House, Brooke Court, Lower Meadow Road, Wilmslow, SK9 3ND
Paradigm Mortgage Services LLP is a Limited Liability Partnership.