Cyber-resilience in FMA-regulated financial services

Cyber-risk encompasses all risk of loss, disruption, or damage to a firm caused by failure in its information technology systems – from both internal and external threats. The interconnectedness of the financial sector means any part of it might be an entry point for a wider cyberincident.

As part of the FMA’s role in promoting fair, efficient and transparent markets, we want to ensure financial service providers and consumers are aware of and prepared for cyber-risks, and that providers have proportionate controls to mitigate risks and ensure cyberresilience.

Guidance: Cyber-resilience in FMA-regulated financial services

This report summarises the findings of our thematic review of cyber-resilience in New Zealand financial services, and provides guidance for firms in areas where we have identified the need for improvement. It will be useful for our regulated sectors, to help ensure they comply with our expectations and best practice.