23 June 2022

Cyber security must be a priority for financial sector, FMA says

Media Advisory
MR No. 2022 – 17

The Financial Markets Authority (FMA) - Te Mana Tātai Hokohoko has published an information sheet to help financial services firms enhance the resilience of their technology and operational systems, and meet any relevant licence obligations.

The information sheet notes financial services are a popular target for cyber criminals – the sector recorded the highest number of reported incidents across all other industries in New Zealand for the quarter ended March 2022.

The FMA says there appear to be shortcomings in the cyber resilience and operational systems among entities it licenses, including underinvestment in technology and the use of unsupported or legacy systems.

All entities licensed by the FMA must meet the following obligations:

  • “to have, at all times, adequate and effective systems, policies, processes and controls that are likely to ensure you will meet your market services licensee obligations in an effective manner”.
  • “IT systems used to deliver the licensed market service must be secure and reliable. Your arrangements ensure they perform efficiently and the associated risks are managed”.

Financial advice providers have specific obligations for business continuity and technology systems.

In 2019, the FMA published a thematic review of cyber resilience in FMA-regulated entities, which highlighted the regulator’s expectations around cyber and operational resilience.

ENDS