FMA sets forth enhanced standards for business continuity and tech resilience

New notification process also launched

FMA sets forth enhanced standards for business continuity and tech resilience

Insurance News

By Roxanne Libatique

The Financial Markets Authority (FMA) – Te Mana Tātai Hokohoko, New Zealand's financial regulatory body, has announced the rollout of a new standard condition targeting market licence holders, with an implementation date set for July 1.

This move is aimed at strengthening the sectors of business continuity and technological infrastructure within the financial industry.

FMA's new standard condition

Applicable to a specific subset of market service licence categories, this updated requirement encompasses managers of registered schemes (excluding those classified as restricted), entities providing discretionary investment management services, issuers of derivatives, and services acting as prescribed intermediaries, including peer-to-peer lending and crowdfunding platforms.

The essence of this new mandate is twofold: firstly, it necessitates the establishment and maintenance of a business continuity plan that aligns with the entity's operational scale and complexity. Secondly, it underscores the need for critical technological infrastructures to demonstrate resilience against operational disruptions.

Should an incident of material significance impact the provision of services, the licence holder is obligated to report this to the FMA within a maximum time frame of 72 hours following the incident's assessment.

New notification process for reporting incidents related to cyber and operational resilience of tech systems

In parallel with the introduction of this standard condition, the FMA has instituted a reporting mechanism for situations adversely affecting the resilience of critical technological systems.

Licence holders must proactively report any such incidents that potentially jeopardise the smooth functioning of their market services or detrimentally affect their clientele.

To facilitate this reporting obligation, the FMA has unveiled a secure, online notification platform. This platform is designed to simplify the reporting process, guiding licence holders through the requisite information submission and expected procedural steps. This reporting tool is intentionally designed to be straightforward and compatible with the cyber incident notification procedures mandated by the Reserve Bank, aiming to minimise regulatory duplication for entities under the Reserve Bank's jurisdiction.

“The FMA continues to build its regulatory framework for promoting cyber and operational resilience in the financial markets,” said Peter Taylor, director of specialist supervision and response at FMA. “The feedback from our consultation on the new standard condition shows that the market is also supportive of our plan. We have used the feedback to refine our approach and help reduce regulatory burden. The online notification form for reporting of cyber and operational incidents is intended to aid reporting by entities and provide the FMA early notification due to the often time-sensitive nature of these incidents. We have also ensured that Reserve Bank regulated entities are not further burdened by ensuring this process remains compatible with the Reserve Bank requirements.”

In other news from FMA, chief executive Samantha Barrass recently shed light on the strides made within New Zealand's financial advice sector.


Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!