The Financial Markets Authority (FMA) has published an information sheet to help financial services firms enhance the resilience of their technology and operational systems and meet any relevant licence obligations.
According to the information sheet, financial services firms are a popular target for cyber criminals, with the sector recording the highest number of reported incidents across all industries in New Zealand for the first quarter of 2022.
The FMA said there are apparent shortcomings in the cyber resilience and operational systems among entities it licenses, including underinvestment in technology and the use of unsupported or legacy systems.
The regulator reminded the financial industry of two obligations that are part of its licencing regime.
Aside from these, financial advice providers have specific obligations for business continuity and technology systems.
In 2019, the FMA published a thematic review of cyber resilience in FMA-regulated entities, which highlighted the regulator’s expectations around cyber and operational resilience. The regulator said that it expects all market participants to have basic response and recovery plans in place, relevant to their regulated service and appropriate for their individual circumstances.