|        About Good Returns  |  Advertise  |  Contact Us  |  Terms & Conditions  |  RSS Feeds

NZ's Financial Adviser News Centre

GR Logo
Last Article Uploaded: Monday, August 15th, 8:13AM


Latest Headlines

FMA sets its sights on cyber security: a new to-do list for embattled financial services providers

The financial services sector recorded the highest number of cyberattacks of any industry group in the first quarter of this year, according to a report by CERT NZ, a government-owned cybersecurity business.

Monday, June 27th 2022, 12:40PM

by Jenni McManus

All up, the sector reported 91 attacks, mainly involving phishing and credential harvesting. The next most-attacked industry groups were healthcare and special assistance (13 attacks) and manufacturing (12).

The Financial Markets Authority (FMA) cited these figures last week as it released a new cyber security information sheet for financial services businesses, setting out in detail its expectations about how cyberattacks should be prevented, contained and reported, and how harm to customers might be mitigated.

It warns that the financial services sector is a popular target for cyber criminals and the increasing digitisation of the industry makes it more vulnerable. Attacks are increasing in frequency, sophistication and severity, it says.

The information sheet is the second piece of cyber-guidance the FMA has released to financial services providers in the past three years and is by far the most prescriptive.

The first, in 2019, was a thematic review of cyber resilience within the entities the FMA regulates. “Following the thematic, we expected entities to reflect on our findings and, where necessary, improve their cyber resilience capabilities,” it said.

That the FMA would be “enhancing” its regulatory approach to cyber and operation resilience was also flagged in its annual corporate plan for FY21/22.

So, in the wake of this latest information sheet, market participants can expect a “heightened focus” by the regulator. This will include “reviewing entity obligations, enhancing our monitoring approach and engaging with stakeholders and other regulators to raise awareness and capability”.

With the increase in cyber threats and technology-related outages, the regulator says there appear to be “shortcomings” in the cyber resilience and operating systems of entities it regulates.

These include under-investment in technology and the use of unsupported or legacy systems.

The requirements are now clear. All entitles licensed by the FMA must have effectives systems, policies, processes and controls to meet their market services obligations, and secure IT systems. Financial advice providers have specific obligations.

In addition, financial services providers must be aware of the risks that potentially impact their organisations, including supply chain risk, and must understand their own capabilities. They also need to have in place “appropriate” governance, training, incident response management and reporting and remedial structures.

All systems, controls and policies must be regularly reviewed to identify vulnerabilities specific to each business. To deal with cyber threats, businesses need have plans in place to do (at least) the following: identify, protect, detect, respond and recover.

Boards and senior management need a strong understanding of the state of their operating systems and technology, and the cyber risks facing the organisation, the FMA says. And because cyber risk exists at all levels of a business, all staff should be given cyber security training.

Businesses regulated by the FMA should notify the regulator of any cyber security event that materially disrupts or affects their ability to provide their regulated services or has a material adverse impact on customers.

The focus should be on preventing cyberattacks and mitigation. Businesses need to be able to demonstrate this by having effect controls, governance, processes, reporting and frameworks in place.

If an attack results in the disclosure of personal information, as defined by the Privacy Act 2020, businesses need to be aware of their statutory obligations. If customers are affected by a service issue or outage, “entitles should facilitate the best possible outcomes for affected customers”.

Once an incident has been contained and resolved, the business should conduct a comprehensive inquiry to understand the root cause. The FMA wants to see a post-incident report “as soon as practicable” after the event.

In its 2019 thematic review, it said firms should subscribe to CERT’s free security advisories via email on by following these alerts on Twitter.

“We do not believe there is any FMA-regulated sector in New Zealand that is safe from cyberattacks,” it said. “Financial services firms should not allow their size, or lack of it, to create a false sense of security.”

Tags: FMA

« Controversial and coming soon, but how broad is COFI’s reach?Advisers face steeper PI premiums, free run-off cover disappears »

Special Offers

Comments from our readers

No comments yet

Sign In to add your comment



Printable version  


Email to a friend
News Bites
Latest Comments
Subscribe Now

Weekly Wrap

Previous News
Most Commented On
Mortgage Rates Table

Full Rates Table | Compare Rates

Lender Flt 1yr 2yr 3yr
AIA 6.35 5.25 5.45 5.99
ANZ 6.34 5.59 6.05 6.29
ANZ Blueprint to Build - - - -
ANZ Special - 4.99 5.45 5.69
ASB Bank 6.35 ▼4.99 5.45 5.69
Avanti Finance 6.65 - - -
Basecorp Finance 7.25 - - -
Bluestone 6.89 - - -
BNZ - Classic - 4.95 5.39 5.69
BNZ - Mortgage One 6.39 - - -
BNZ - Rapid Repay 6.39 - - -
Lender Flt 1yr 2yr 3yr
BNZ - Std, FlyBuys 6.39 5.55 5.99 6.29
BNZ - TotalMoney 6.39 - - -
CFML Loans 7.25 - - -
China Construction Bank - 5.35 5.80 5.99
China Construction Bank Special - - - -
Co-operative Bank - First Home Special - 4.89 - -
Co-operative Bank - Owner Occ 6.25 4.99 5.39 ▼5.69
Co-operative Bank - Standard 6.25 5.49 5.89 ▼6.19
Credit Union Auckland 5.95 - - -
First Credit Union Special 5.85 5.35 5.85 -
Heartland Bank - Online 4.60 ▼4.79 ▼5.15 ▼5.14
Lender Flt 1yr 2yr 3yr
Heretaunga Building Society 6.50 5.60 6.00 -
HSBC Premier 6.34 5.09 5.34 5.59
HSBC Premier LVR > 80% - - - -
HSBC Special - - - -
ICBC 6.00 ▼4.79 5.15 ▼5.69
Kainga Ora 5.85 5.31 5.58 5.97
Kainga Ora - First Home Buyer Special - - - -
Kiwibank 6.00 5.95 6.45 ▼6.59
Kiwibank - Offset 6.00 - - -
Kiwibank Special - 4.95 5.45 ▼5.69
Liberty 4.84 - - -
Lender Flt 1yr 2yr 3yr
Nelson Building Society ▲6.95 5.55 6.15 -
Pepper Money 5.29 - - -
Resimac 5.59 6.54 6.44 6.98
SBS Bank 6.29 ▼5.39 ▼5.79 5.99
SBS Bank Special - ▼4.89 ▼5.29 5.49
Select Home Loans 6.89 - - -
TSB Bank 7.05 5.65 6.09 6.39
TSB Special 6.25 4.85 5.29 5.59
Unity 5.65 4.95 5.55 -
Wairarapa Building Society 6.49 5.55 6.15 -
Westforce credit union - Special - 5.35 5.85 -
Lender Flt 1yr 2yr 3yr
Westforce credit union - Standard 5.85 6.05 6.55 -
Westpac 6.39 5.55 6.05 6.29
Westpac - Offset 6.39 - - -
Westpac Special - 4.95 5.45 5.69
Median 6.34 5.33 5.79 5.83

Last updated: 15 August 2022 8:19am

About Us  |  Advertise  |  Contact Us  |  Terms & Conditions  |  Privacy Policy  |  RSS Feeds  |  Letters  |  Archive  |  Toolbox  |  Disclaimer
Site by Web Developer and