FMA publishes consultation document to improve operational and cyber resilience
FMA publishes consultation document to improve operational and cyber resilience | Insurance Business New Zealand
Insurance News
FMA publishes consultation document to improve operational and cyber resilience
The document tackles the proposal to introduce a new standard condition for licence holders
Insurance News
By
Kenneth Araullo
The Financial Markets Authority (FMA) – Te Mana Tātai Hokohoko has published a consultation document discussing its proposal to introduce a new standard condition for certain financial market licence holders, with the standard focusing on business continuity and technology systems.
With this new standard, the FMA seeks to ensure that market service providers are prepared to respond to business continuity and cyber risks when they emerge. Operationally resilient businesses are important for the integrity of Aotearoa’s financial markets, and this new standard should help consumers have confidence that their information and investments are being looked after properly, the FMA said.
The consultation is relevant to managers of registered schemes, providers of discretionary investment management services, derivatives issuers, and prescribed intermediary services. The new standard condition proposes that licensees must have and maintain a business continuity plan that is appropriate for the scale and scope of its service, to make sure that their critical technology systems are operationally resilient.
Included in the condition is a stipulation for the licensees, asking them to notify the FMA as soon as possible if they suffer an event that materially affects the supply of their service, and no later than 72 hours after the event. The period given reflects the reliance on technology by relevant licence holders and the likelihood of harm to consumers and investors when disruptions occur.
In 2020, the FMA introduced a business continuity plan (BCP) and technology resilience standard condition for financial advice providers (FAPs) and this requirement is also included in the Conduct of Financial Institutions (CoFI) regime, which comes into force in 2025. The regulator also noted several shortcomings in the cyber resilience and operational systems among the entities it licences, including underinvestment in technology and the use of unsupported or legacy systems.
FMA executive director of response and enforcement Paul Gregory said that the financial services sector is facing increasing technological risks that make it necessary for licensees to meet minimum business continuity and technology standards.
“This proposal continues the FMA’s roll-out of this standard condition across licence types, to reflect the importance of ensuring licence holders can continuously provide their market services. By doing so, consumers and investors can have confidence they can access their services and products, when and how they want or need to,” Gregory said.
What are your thoughts on this story? Please feel free to share your comments below.
Related Stories
Keep up with the latest news and events
Join our mailing list, it’s free!