We use cookies, if you consent to this use, please continue to browse our site.

Here to help with Regulation and Compliance

Compound Growth

Cyber Resilience for Financial Services Firms

Cyber Resilience Self Assessment for Firms (CQUEST)

25 November 2019

In the last week, together with the PRA, the FCA has published a cyber resilience self assessment questionnaire (CQUEST) for Firms. The questionnaire takes the form of an Excel spreadsheet for firms to complete and return to the FCA.

The nature of this Self Assessment Questionnaire is to help both firms and the regulator to better understand the industry’s cyber resilience capability at a high level to provide a valuable snapshot of a firm’s cyber resilience capability, and highlight areas for further development.

The answers provide a valuable snapshot of a firm’s cyber resilience capability, and highlight areas for further development.

There are a total of 48 multiple-choice questions on the self-assessment form that pose questions to firms such as:

This questionnaire follows on from an article previously published by the FCA back in May 2017 about the risks Cyber poses to all financial services firms reminding firms that they should ‘be aware of the threat’ and ‘able to defend themselves effectively, and respond proportionately to cyber events.’

At that time, the FCA advised that their goal was to help firms become more resilient to cyber attacks, while ensuring that consumers are protected and market integrity is upheld.

The FCA advised that firms of all sizes need to develop a ‘security culture’ from the very top (board) down to every employee and that firms should be able to identify and prioritise their information assets such as hardware, software and people.

Each firm should then be able to:

Since then, the FCA has continued to shed light on the risks posed by Cyber threats to firms in Financial Services. In December 2018 they published their Cyber multi-firm review findings into Wholesale Banks and Asset Managers and in March this year, the FCA published a Cyber Security Industry Insights paper.

Cyber Security Insights Paper

The FCA Cyber Security Insights Paper brought together industry insights on cyber resilience.

Since cyber risks pose a threat to consumers and markets, part of the regulator’s role is to help firms become more resilient to cyber-attacks, therefore reducing the frequency and risk of disruption.

Within the Insights Paper, the FCA collated examples shared by firms and set out those they consider to be beneficial for a wider audience which may help those firms not already involved when considering where to prioritise their efforts towards increased cyber resilience.

The FCA advised that the insights into cyber resilience may be particularly relevant for small and medium-sized firms, although of course all firms were encouraged o consider if the sights might be useful to them.

Responsibilities for Firms: Reporting a cyber incident

Firms should remember that under Principle 11 of the FCA Handbook, you must report material cyber incidents.

But what is a material incident? Well, an incident may be material if it:

More information on How to Report a Cyber Incident can be found on the FCA’s focused Cyber Resilience webpage at: https://www.fca.org.uk/firms/cyber-resilience

News & Views News & Views

Read our latest articles, news and views affecting compliance and regulation in the UK Financial Services Industry.

Compliance Support from Compound Growth Ltd

Please contact our Compliance Support Team for a free no obligation discussion of your regulatory requirements and how our regulatory & compliance consultants can help your business move forward compliantly.

Send Email

Call by Telephone:

(020) 3813 2890