FCA Mission Creep

Author: Chris Goodeve-Ballard


As a title, this is probably more prejudicial than is polite – but hey ho – why not?


Those who subscribe to the FCA updates that pop into your inbox at the end of each day will have seen a not altogether unsurprising one regarding cyber security and Russia sent out last week.


https://www.fca.org.uk/firms/operational-resilience/russian-invasion-ukraine


Given what is happening in Ukraine and the ensuing risk to all businesses as well as national infrastructure, this is an entirely sensible message to be putting out there and one with which we at Aldbury International wholly agree.


The part that caught my eye was the paragraph headed “Important Business Services”.


For those of you who have been working on the new PRA and FCA rules that came into force on 31st March, this will be a painfully familiar phrase with a very specific meaning. The vast majority of firms regulated by the FCA were outside the scope of the new rules and this phrase may well have passed them by.


“Important Business Services” has a very specific meaning and there is a methodology by which these services must be identified. The FCA has now referred to this in a release that goes to all regulated firms, not just those covered by the new rules. FCA Final Notices frequently refer to their speeches, press releases and other forms of communication that have been missed or ignored by firms being fined or sanctioned in some way. There is therefore a clear regulatory imperative in understanding the implications of this release particularly by firms who were not in scope of the new rules and have not identified these “Important Business Services”.


Suffice to say that the historical approach to Business Continuity does not come close to helping you identify what is now required.


Aldbury International has been working with regulated firms in this area and understands the requirements of the new rules and the new language that goes with them. Contact us on 020 34475 2953.