E-commerce and online banking services are now commonplace in our lives. However, the regulation and protection of such services has often struggled to keep up with criminals’ increasingly sophisticated methods of attacking these services. It was reported last year that as much as £650 million was thought to have gone missing after a Russian gang of hackers infiltrated the networks of more than 100 financial institutions worldwide.
The UK government and regulatory bodies are now seeking to update and strengthen the UK’s strategy for combatting digital crime. The last few months have seen a number of key strategies released with the aim of protecting consumers and business alike from the threat of cyber-crime within the financial services industry. We summarise below the key recent publications which are relevant to businesses within the FinTech and wider financial services sectors.
The FCA’s Business Plan 2016/2017
One of the main priorities in the FCA’s Business Plan released on 5 April is ‘Innovation and Technology’ within the financial services industry. The Plan recognises the fact that technology has the potential to increase competitiveness, innovation and efficiency, creating benefits for consumers and firms. However, it also highlights the fact that the increased use of technology creates risks, including for operational resilience, cyber-crime, protection of information and financial exclusion.
The Plan highlights the main risks as:
- Increasingly frequent and sophisticated cyber-attacks which pose risks to consumers and markets
- The widespread adoption of technology which can lead to vulnerabilities in the design and management of systems and infrastructure, especially if firms continue to use legacy systems.
- Firms’ reliance on complex IT infrastructures which can make it difficult to maintain key services (e.g. payments) if there is an attack or outage.
- Tighter margins which lead to firms outsourcing more processes over which they have little or no control over security.
- Rigid regulation which may stifle innovation in financial services.
In response to these risks, the FCA wants to support RegTech to enable more efficient and effective regulation and to use its regulation to encourage innovation for the benefit of consumers. It also wants to mitigate the risk of cyber-attacks by working with firms to manage maintenance and changes to infrastructure to ensure firms’ technology supports their current and future business strategy. The FCA is seeking to obtain these outcomes by rolling out a series of planned activities. The FCA will:
- Continue to roll out phases of its ‘Project Innovate’ which will offer support to businesses to help them to introduce innovative financial products and services to the market. Burges Salmon is currently assisting the FCA on its Call for Input on the adoption of RegTech, the results of which will feed into the FCA’s strategy to reduce the regulatory burden on firms in respect of RegTech and FinTech.
- Use its Regulatory Sandbox 1which will create a safe place for businesses to test new technological and innovative products to ensure they meet regulatory requirements.
- Communicate and work with firms with regard to effective IT and operational resilience. Its aim is to reduce the impact of outages and problems with key systems and to increase firms’ ability to manage and protect key assets so they can recover and respond quickly when things go wrong.
- Continue to work collaboratively with the Treasury, the Bank of England and other authorities to ensure a joined-up and risk-based approach to cyber-crime.
The Government’s UK Cyber Security Strategy 2011-2016 Annual Report
In a similar vein, the Cabinet Office released its final Cyber Security Strategy annual report on 14 April. The report considered in detail the achievements of the Strategy in line with a number of key objectives set in 2011: tackling cyber-crime; increasing resilience to cyber-crime; creating an open and stable cyberspace; and promoting education in this area. The report also looks ahead to the future and sets out a number of key initiatives going forward. The Government intends to:
- Launch a further five-year National Cyber Security Strategy later this year to set out its vision for cyber security in 2012 and its objectives.
- Invest £1.9 billion to protect the UK from cyber-attacks.
- Establish a new National Cyber Security Centre to bring together the UK’s cyber expertise to create a unified source of advice and support on cyber security for businesses.
- Launch a programme to grow the UK’s cyber sector, to encourage movement between the public and private sectors to share expertise and innovation.
As is clear from the above, efforts are being made to both promote innovation and technology in financial services, as well as tackling cyber-crime. It is important for FinTech and financial services businesses to be aware of the support on offer and the initiatives being taken in these sectors so they can adequately protect themselves and their customers against the threat of cyber-crime.