The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: FCA Enforcement

  • From Vol. 4 No.4 (Feb. 28, 2018)

    FCA Head of Technology Outlines Regulator’s Cybersecurity Expectations and Three Key Lessons

    The U.K. Financial Conduct Authority, like its U.S. counterpart the SEC, wants to ensure that financial firms are taking the necessary proactive steps to keep up with the growing and shifting cyber threats. In a recent speech, Robin Jones, FCA’s Head of Technology, Resilience & Cyber outlined ways for organizations to build effective cyber capability and accountability, protect critical information, detect cyber attacks and respond to them quickly and effectively. He also emphasized key lessons from recent high-profile attacks. For more on the FCA’s views on cybersecurity, see “FCA Director Lays Out Cybersecurity Expectations for Financial Services Firms” (Oct. 5, 2016).

    Read Full Article …
  • From Vol. 2 No.20 (Oct. 5, 2016)

    FCA Director Lays Out Cybersecurity Expectations for Financial Services Firms

    To safeguard sensitive personal and financial data and assets, and to protect the stability of the financial markets, an industry-wide “security culture” is necessary in the financial services sector. Firms of all sizes and profiles must actively and continually refine their governance, detection and prevention methods in response to the ever-evolving threat. This was the theme of a speech delivered by Nausicaa Delfas, Director of Specialist Supervision for the U.K. Financial Conduct Authority (FCA), at the recent FT Cyber Security Summit.  The key points of the speech are directed at financial firms, but offer useful insight into the U.K. regulator’s priorities and advice for any company looking to improve its “security culture.” For a comparison of the FCA and SEC stances on cybersecurity, see our two-part series “Navigating FCA and SEC Cybersecurity Expectations (Part One of Two)” (Jan. 6, 2016); Part Two (Jan. 20, 2016). 

    Read Full Article …
  • From Vol. 2 No.1 (Jan. 6, 2016)

    Navigating FCA and SEC Cybersecurity Expectations (Part One of Two)

    Given the increased scrutiny of cybersecurity by governments around the globe, regulated entities operating in more than one jurisdiction must be aware of the relevant regulatory cybersecurity expectations.  This two-part series looks at the operations of the U.K. Financial Conduct Authority (FCA) and the SEC, both of which have increased their focus on cybersecurity, but with differing approaches.  Part One discusses the FCA and SEC as regulators of financial services in their respective jurisdictions and outlines the guidance issued, and the methods adopted, by the two regulators.  Part Two will explore how the financial sector is navigating the current regulatory environments, including existing guidance, in the U.S. and abroad and how the industry can simultaneously satisfy the requirements of each regulator.  See also “Meeting Expectations for SEC Disclosures of Cybersecurity Risks and Incidents (Part One)” (Aug. 12, 2015) and Part Two (Aug. 26, 2015).

    Read Full Article …