The Financial Conduct Authority (FCA) has advised financial firms in the UK to ensure they are prepared for extreme, yet plausible scenarios such as global technology outages, to reduce potential harm to consumers and markets. This recommendation follows the disruption caused by a botched software update from U.S. cybersecurity company CrowdStrike, which led to a global outage in July.
CrowdStrike’s Falcon platform, known for detecting and responding to cyber threats, experienced an outage on July 19 that caused widespread disruptions, including flight cancellations and major setbacks in industries like banking, healthcare, media, and hospitality. Despite the extensive chaos, the FCA noted that the impact on consumers was minimal.
In its statement, the FCA emphasized that unregulated third-party service failures were a key cause of operational issues between 2022 and 2023. The authority has given firms until March 2025 to ensure their business continuity plans can withstand such disruptions. Key steps for improving resilience include better testing scenarios, stronger third-party risk management, and clearer contracts outlining responsibilities related to service monitoring and incident management.
The FCA encourages all companies, regardless of their involvement in the CrowdStrike incident, to apply these lessons to strengthen their ability to respond to and recover from future operational challenges.
Key Takeaways:
- FCA calls on UK financial firms to enhance preparedness for severe tech disruptions.
- CrowdStrike’s software update failure caused significant global disruptions, highlighting the importance of third-party risk management.
- Firms have until March 2025 to implement improvements in business continuity planning.
