Proposed condition aims to ensure operational and cyber resilience for businesses in the financial sector
The Financial Markets Authority (FMA) has published a consultation document outlining its plans to introduce a new standard condition for certain financial market licence holders. The proposed condition will focus on business continuity and technology systems, aiming to ensure the operational resilience of businesses in New Zealand's financial markets.
Maintaining resilient operations is crucial for the integrity and availability of the financial markets, and the FMA aims to ensure that market service providers are prepared to address business continuity and cyber risks as they arise. This not only supports well-functioning financial markets but also instils confidence in consumers that their information and investments are being adequately protected, the FMA said.
The consultation pertains to several types of market service licences, including managers of registered schemes (excluding restricted schemes), providers of discretionary investment management services, derivatives issuers, and prescribed intermediary services such as peer-to-peer lending and crowdfunding providers.
The proposed standard condition stipulates that licensees must develop and maintain a business continuity plan appropriate for the scale and scope of their services. This plan should ensure the operational resilience of their critical technology systems. In the event of an incident that significantly impacts the provision of their services, licensees are required to notify the FMA promptly, within 72 hours of the event.
The 72-hour timeframe reflects the reliance on technology by licence holders and the potential harm to consumers and investors when disruptions occur. It also underscores the importance of technology in maintaining robust and efficient financial markets, the FMA said.
The FMA has previously introduced a business continuity planning and technology resilience standard condition for Financial Advice Providers in 2020. This requirement is also included in the upcoming Conduct of Financial Institutions regime, set to take effect in 2025.
The FMA said that it has observed deficiencies in cyber resilience and operational systems among entities it licences, including insufficient investment in technology and the use of unsupported or outdated systems.
“The financial services sector is facing increasing technological risks that make it necessary for licensees to meet minimum business continuity and technology standards,” said Paul Gregory (pictured above), executive director of response and enforcement at the FMA. “This proposal continues the FMA’s roll-out of this standard condition across licence types, to reflect the importance of ensuring licence holders can continuously provide their market services. By doing so, consumers and investors can have confidence they can access their services and products, when and how they want or need to.”
Click here to review the proposal. The consultation period for the proposal will continue until 1 September.
Have something to say about this story? Let us know in the comments below.
