Our response and enforcement function is made up of the teams who assess and address conduct that poses harm to New Zealanders at the more significant end of the spectrum, as well as our specialist supervision teams who supervise, monitor and deal with conduct that applies across different sectors.
The FMA’s Operational Resilience team was established in February 2023 as one of four teams in Specialist Supervision.
An ability to anticipate, withstand, recover from and adapt to adverse conditions, attacks, or failures has become a critical priority for the financial services sector. This is largely due to rising threats, third-party dependencies and increased consumer expectations.
The FMA recognises that the operational resilience of financial service providers is vital for supporting the integrity of New Zealand’s financial markets, and the role of the Operational Resilience team supports the sector to deliver critical operations through disruption.
The Operational Resilience team has an eclectic range of skills, from cyber and technical, to analysis and business process engineering, to supervisory, legal and regulatory. These skills are put to great use in a variety of ways to support financial service providers, leading to a varied and interesting work plan.
They regularly respond to incidents reported to the FMA under the requirements of our standard condition on business continuity and technology systems, assessing the notifications, data and trends, and working with firms to determine and act on lessons learned.
They provide expertise to colleagues on engagement and monitoring visits and input into consultations and regulatory policy. Their work also involves getting an up-to-date view of how firms are responding to crisis events or approaching operational resilience to inform our operational resiliency work programme, with a recent example of this being firm responses to the CrowdStrike event.
Other team activities include:
- Cyber simulation exercises, either to be used internally with our frontline teams or domestically (with the other members of the CoFR Cyber Community), or internationally (as part of our Trans-Tasman work);
- Working closely with other government agencies, most notably with the FMA’s sister team at the Reserve Bank, which helps greatly in taking an aligned approach to our dual regulated entities.
Operational Resilience is defined as the ability of an entity to deliver critical operations through disruption. We know that it’s a fast-moving environment and keeping up to speed is crucial. The Operational Resilience team is up for that challenge.
If you have any questions about the work of the Operational Resilience team email [email protected].