Skip to content

Russian invasion of Ukraine: operational and cyber resilience

What has happened?

In a communication issued in March 2022, the FCA set out points for firms to consider regarding their operational and financial services cyber security resilience following Russia’s invasion of Ukraine. Although the National Cyber Security Centre (NCSC) is not aware of any current specific cyber threats to the UK following the events in Ukraine, firms are expected to be vigilant.

What do you need to do?

The following areas were focused on.

Financial services cyber security

The FCA recommends that firms review the NCSC’s guidance outlining actions all organisations should consider in response to the current situation.

The NCSC has set out more guidance for small and medium-sized firms, as well as for microbusinesses and sole traders. Firms can also review the NCSC’s Cyber Essentials scheme.

Firms need to consider their ability, and that of any third-party providers, to withstand a cyber attack. They should take all appropriate steps to improve their controls, including raising staff awareness, which may, for example, include re-running ethical (simulated) phishing campaigns. They can also consider whether staffing levels are appropriate to deal with an elevated cyber risk.

Important business services

Firms should consider the implications of the continuing unrest and UK/US/EU sanctions, how that might impact them and any third-party providers, and whether this could affect their ability to deliver important business services.

Business continuity and incident management

Firms should ensure their business continuity and incident management arrangements are up to date, ensuring that they can continue to function and meet their regulatory obligations in the event of unforeseen disruption.

Reporting incidents

Firms should be ready to report material operational incidents to the FCA in a timely way. During this period, it could be extremely valuable to the FCA and other UK authorities to be notified quickly of developing cyber incidents or outages, so that they can provide specialist expertise and work to minimise harm to consumers, markets and the wider UK financial sector.

False information

Firms should be alert to the risk of false information being shared about the operations of a particular firm or the financial services sector. This could be, for example, information shared on social media. If false information is circulated about a firm, it should have a prompt, clear response to try to prevent that information from being acted upon.

How can we help you?

If you’d like to know more about how we can help you with your financial services cyber security, business continuity or FCA reporting arrangements, or with any other regulatory compliance issues, our specialist team is here to help.

Contact us today on 0207 436 0630 – or email info@thistleinitiatives.co.uk.