In Regulatory Wrap for the week to November 8, Jennie Clarke explores regulatory stances on operational resilience, especially in light of the CrowdStrike incident in July.
In this week’s Regulatory Wrap, we consider the idea of “bouncebackability” – a concept that many organizations, including financial, must critically assess due to increasing risk of disruptive events. Regulators like the Financial Conduct Authority (FCA) have shared their thoughts on how to handle operational resilience matters.
1. The FCA recently published its “Lessons for Operational Resilience” report, which revisits the CrowdStrike incident, what went wrong, and how firms can avoid a repeat instance in the future
2. Sturdy operational resilience strategies are particularly important considering legislation like the Digital Operational Resilience Act (DORA), which requires that firms must maintain a higher level of resilience standards
3. The FCA revealed that the firms least affected by the CrowdStrike incident were those that ran tests for disruptions that were “severe but plausible” to identify critical operations and communications strategies to prepare
4. The CrowdStrike incident has proved the potential impacts of reliance on public cloud providers, demonstrating how private cloud-based solutions offer more security and control
5. The FCA advised that firms consider if their current testing scenarios can safeguard against future severe disruptions
This week’s Regulatory Wrap is brought to you by our Head of Content, Jennifer Clarke.
Operational resilience is constantly being put to the test in today’s increasingly complex cyber environment, and is especially imperative in the case of third-party providers trusted to assist with critical business operations. Resultingly, firms should deliberate their dependence on large providers and the implications that overreliance on public clouds could have.
