Skip to content

Russia's invasion of Ukraine and the importance of an operational and cyber risk defence

Related people
Tom Balogh
Tom Balogh

Executive Director, A&O Consulting

London

View profile →

Anderson Tom
Tom Anderson

Executive Director, A&O Consulting

London

View profile →

Image of Marc Teasdale
Marc Teasdale

Managing Director, A&O Consulting

London

View profile →

Image of Ricki Gupta
Ricki Gupta

Manager, A&O Consulting

London

View profile →

Finlayson-Brown Jane
Jane Finlayson-Brown

Partner

London

View profile →

Johnstone Nikki
Nikki Johnstone

Partner

London

View profile →

Susanna Charlwood

Partner

London

View profile →

18 March 2022

With rapidly evolving developments regarding Russia and Ukraine, the FCA has reiterated that firms need to be vigilant of operational and cyber resilience.

The FCA on 8 March 2022 set out five areas that firms should be watchful of following Russia’s invasion of Ukraine.

  1. Cybersecurity: firms should review the NCSC’s guidance, and consider their ability, as well as that of third-party providers, to withstand a cyber-attack. Appropriate steps should be taken to strengthen security controls, improve staff knowledge and awareness, and review third-party dependencies, alongside ensuring personnel levels are adequate to address increased cyber risk.
  2. Important business services: the impacts of sanctions (UK/US/EU) should be reviewed to ensure they do not impact a firm’s ability, or the ability of their third-party providers, to continue to deliver important business services.
  3. Business continuity and incident management arrangements: firms should ensure formal business continuity and incident management plans and processes exist and are updated, and that responses are comprehensive and coordinated to allow for the firm to continue to meet regulatory obligations should an unexpected event materialise.
  4. Reporting incidents: the FCA have emphasised that quick notification of cyber incidents or outages to the FCA and other UK authorities is extremely valuable during this period, not least to enable them to provide input and mitigate the risk of harm whether to individual consumers or the sector as a whole. The FCA reminds firms to report material operational incidents to the FCA in “a timely way”.
  5. False information: firms should be vigilant of false information that may be circulated during times of unrest, and have a clear and concise response plan readily available to help prevent harm to consumers or market integrity.

The complete FCA publication can be found here.

How we can help

Across our international network, our operational and cyber risk experts can support you during these uncertain times. Please do get in touch with our A&O cybersecurity practitioners, and A&O regulatory consulting advisory practice to learn more about how we support our clients and how we can help you meet the FCA’s expectations during these uncertain times.