- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Neil Hodge2025-01-02T13:00:00
New rules that push IT firms providing “critical” services to the U.K.’s financial sector to share more data about cyberattacks and the measures they have taken to maintain resilience have been broadly welcomed by industry experts. However, concerns remain over how suppliers will be classified and how key data might be gathered and shared.
The U.K.’s three key financial regulators–the Financial Conduct Authority (FCA), Bank of England, and Prudential Regulation Authority–have set out key duties on “critical” third parties to report major incidents like cyberattacks, natural disasters, and power outages. The actions will provide U.K. financial regulators with regular assurance that cyberthreats are being identified and mitigated so that the U.K. financial sector is not at risk.
These companies–yet to be designated by HM Treasury and the regulators, but which are likely to be mainly large tech firms–will also need to conduct resilience testing and scenario-based exercises, which could involve collaborating with financial services firms, payment systems, and other financial market infrastructures (FMIs).
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
A prominent risk management firm has issued its predictions for the top five risks for business in 2025, along with guidance for how organizations should prepare and respond.
The European Union’s Digital Operational Resilience Act, which is set to take effect next year, will require financial services firms to implement stronger measures to protect not only themselves from disruption caused by cyberattacks but also the sector as a whole.
Top-of-mind issues addressed at Compliance Week’s Third-Party Risk Management & Oversight Summit, held June 3-4 in Atlanta, included safe deployment of artificial intelligence, assessing vendor viability and sustainability, understanding the role of procurement in risk ranking, the intersection (or lack thereof) between data privacy and cybersecurity, and many others.
New rules on cyber risk management across the EU put execs firmly in the crosshairs for noncompliance and are likely to apply to a wider range of organizations than many business leaders may initially think. However, there are also concerns that the rules may become muddled across the wide bloc. ...
As Donald Trump begins his transition to become president, there are questions about the fate of tech companies, as well as regulators from multiple administrations. Google in particular is fighting a high-profile antitrust ruling after an investigation started by Trump in 2020 could be resolved in his next administration.
Breaches of the EU’s GDPR can cost companies substantial sums and huge reputational damage. Now some are warning that the implementation of the EU’s AI Act will be just as far-reaching, and could potentially lead to similar numbers of cases.
