The UK financial regulator, the Financial Conduct Authority (FCA), has advised institutions to better prepare for disruptive IT meltdowns by strengthening their defenses.
The warning follows the major Crowdstrike earlier in 2024, which affected 8.5 million Windows machines worldwide, and the FCA wants to ensure future incidents don’t bring the banking sector to a standstill.
The banking sector was hit hard by the outage, losing an estimated $1.15 billion in damages, second only to the healthcare sector, which took a hit of around $1.94 billion.
Lessons learned
Now the FCA is urging firms to become ‘operationally resilient’ in line with their rules to avoid further losses.
The risk of more incidents is ‘serious but plausible’, the FCA warned, but even then firms will need to continue providing crucial services.
This push from the FCA comes ahead of a hard deadline as it introduces operational resilience requirements for the financial sector in March 2025. These rules aim to mitigate the impact and limit the instability of any disruptions, thereby protecting consumers and market integrity.
There is a reliance on unregulated third parties to provide business services, the FCA says. This has put industries at risk, with just one update having the potential to cripple services around the world.
“These disruptions highlight firms’ increasing reliance on unregulated third parties to provide important business services,” the FCA said in a statement.
“We encourage all businesses, regardless of how they have been affected by the CrowdStrike incident, to consider these lessons and improve their ability to respond to and recover from future disruptions.” the supervisor continued.
Following the Crowdstrike incident, the FCA says the organizations that recovered fastest were those whose testing procedures met the standard by prioritizing which systems to bring online first and minimizing the impact across the board.
Via The registry