• Home
  • News
    • People moves
    • Africa
    • Asia
    • Australia
    • Canada
    • Caribbean
    • Domicile
    • Europe
    • Latin America
    • North America
    • Middle East
    • US
    • US
    • UK
  • Products
    • Funds
    • Pensions
    • Platforms
    • Insurance
    • Investments
    • Private Banking
    • Citizenship
    • Taxation
  • Fintech
  • Regulation
  • ESG
  • Expats
  • In Depth
  • Special Reports
  • Directory
  • Video
  • Advertise with us
  • Directory
  • Events
  • European Fund Selector
  • Newsletters
  • Follow us
    • Twitter
    • LinkedIn
    • Newsletters
  • Advertise with us
  • Directory
  • Events
    • Upcoming events
      event logo
      Sustainable Investment Festival 2021

      The Sustainable Investment Festival will run online from 22-25 June and will include thought-provoking presentations from renowned keynote speakers, innovative breakout events and sessions specifically tailored to meet the information needs of fund selectors, financial advisers, pension consultants, trustees and scheme managers.

      • Date: 22 Jun 2021
      • Online, Online
      event logo
      International Investment Awards 2021

      The 22nd International Investment Awards will take place on 7th October 2021. The II Awards are the longest-running event of their kind and last year saw a record number of categories and entries.

      • Date: 07 Oct 2021
      • Online, Online
      View all events
  • European Fund Selector
International Investment
International Investment

Sponsored by

Sharing Alpha
  • Home
  • News
  • Products
  • Fintech
  • Regulation
  • ESG
  • Expats
  • In Depth
  • Special Reports
  • Video
  • Investments

UK regulator slammed over cyber attack frailties

UK regulator slammed over cyber attack frailties
  • Gary Robinson
  • 10 November 2016
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  

The UK Treasury Committee has questioned the ability of the UK’s Financial Conduct Authority (FCA) to react to cyber attacks due to its lack of IT expertise on the board of directors.

The committee grilled the chairman and chief executive of the financial services watchdog on a range of issues including the recent Tesco Bank cyber theft of an estimated US$3m from more than 9,000 UK customer accounts.

Related articles

  • FCA on lookout for new leader as chair signals exit
  • UK pensions action group urges FCA to ban contingent charging
  • HM Treasury cites ‘significant risk’ for City over 5,500 EU passporting figures
  • FCA sets its sights on offshore insurance failures

At a meeting held earlier this week, the committee was grilling the FCA’s chairman, John Griffith-Jones who was forced to admit that the regulator’s board were “not over endownded’ in IT experience. He was joined by FCA chief executive, Andrew Bailey as the pair were grilled about a number of matters including its response to the attack on Tesco Bank over the weekend.

UK Treasury Committee member Steve Baker MP (Con – High Wycombe) said that he was concerned that the UK financial regulator appeared to have “no technical expertise” on its board of directors. A review of the biographies on the FCA’s website shows that of ten members of the board – who have extensive experience in finance, governance and regulation – none of them have any experience with complex IT systems.

Data breach

The regulator itself was also, as reported, recently left embarrassed when essential financial information was potential put at risk during a data breach at the end of September. During what was a concerning IT meltdown, resulting in key financial information not being available for days, the regulatory website was also forced to close while it fixed its systems.

At the time it was a major concern that the cause of the IT meltdown could have been a cyber attack, although it was later said to have been caused by a hardware issue.

‘Not over endowed’

According to a report in IT Security trade publication, SC Magazine, MP Baker asked the chairman of the board of the FCA if he felt that there was adequate technical expertise on the board at the review meeting held earlier this week.

Griffith-Jones admitted that the regulator was not “over-endowed with technical expertise” but said that it has, in response to the increased threat in this area, recruited a special adviser recently who has a “deep, deep technical background”.

“We thought that was a sensible way forward, to have on hand the equivalent of a board member but with more time available than we would have on the board,” he said.

Baker questioned whether this new member of staff would report directly to the board or the risk committee. Griffith-Jones replied that he would report to the audit committee. Baker then asked Griffith-Jones some IT related questions, presumably to test his knowledge of software engineering. Prior to becoming an MP, Baker was a software engineer, the SC Magazine report said.

Griffith-Jones was not able to answer all of the questions which prompted Baker to tell him: “I feel that these sorts of things should really be implanted in the board if it is going to deliver against these objectives.”

Tesco Bank

Earlier in the meeting, Andrew Tyrie, the Conservative MP who chairs the Treasury Select Committee, grilled the chief executive Andrew Bailey about the Tesco Bank breach and how the FCA had responded to the attack. Bailey said that the attack appeared to be “unprecedented”.

Tyrie told Bailey that following sessions with the FCA and the Prudential Regulatory Authority (PRA) recently, he came away from the FCA session with concerns about its ability to manage cyber-resiliency while the session with the PRA, part of the Bank of England, had been more reassuring.

“We were concerned that the split of the regulator would lead to a lack of coordination among various parties,” he said. Bailey replied that both regulators had been involved in remediating the Tesco Bank incident from Sunday.

Tyrie asked Bailey if Tesco would be able to identify, even without receiving a complaint from an affected customer, every account that had suffered an unauthorised withdrawal. Bailey replied: “Yes, well, they should be able to. And they have assured us they can, and we will ensure they have done that work to our satisfaction.”

In response to a second question from Tyrie, Bailey said that the FCA would have a review to see what lessons could be learned from the response to the incident but didn’t feel that they had been short of any resources when the attack was identified.

  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
  • Topics
  • Investments
  • Regulation
  • UK
  • Andrew Bailey
  • FCA

More on Investments

Singapore businessman Ng Yu Zhi faces more charges over alleged $740bn fraud

  • Regulation
  • 20 April 2021
UK Government to compensate London Capital & Finance investors after 'regulatory failings'

  • Regulation
  • 20 April 2021
Singapore regulator fines Bank J Safra Sarasin S$1m

  • Regulation
  • 16 April 2021
UK regulator bans financial adviser for dishonesty

  • Regulation
  • 15 April 2021
Quilter urges Government crackdown on investment scams in Online Safety Bill

  • Regulation
  • 15 April 2021
Back to Top

Most read

Pension lifetime allowance warning for clients with £500k already invested
Pension lifetime allowance warning for clients with £500k already invested
Dogecoin warning as Bank of England sets up digital currency taskforce
Dogecoin warning as Bank of England sets up digital currency taskforce
UK regulator bans financial adviser for dishonesty
UK regulator bans financial adviser for dishonesty
Singapore businessman Ng Yu Zhi faces more charges over alleged $740bn fraud
Singapore businessman Ng Yu Zhi faces more charges over alleged $740bn fraud
UK's HMRC extends deadline for 'one of the biggest tasks facing advisers'
UK's HMRC extends deadline for 'one of the biggest tasks facing advisers'
  • Contact Us
  • Marketing solutions
  • About Incisive Media
  • Terms and conditions
  • Policies
  • Careers
  • Twitter
  • LinkedIn
  • Newsletters

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017
Loading