The Financial Markets Authority (FMA) is increasing its vigilance over sections of the finance industry to make sure they guard against cyber threats and other forms of business disruption.
It is telling them they need to be very careful to ensure business continuity and to protect against cyber hacks.
The FMA earlier imposed these conditions on classes of people such as mortgage brokers, who have been compelled to get a Financial Advice Provider (FAP) licence from earlier this year.
The FMA wants to extend these requirements to several other parts of the finance sector.
These organisations have to be licensed under the Financial Markets Conduct Act 2013, as amended by the Financial Markets (Conduct of Institutions) Amendment Act 2022 (CoFI).
But not all of them have had to apply strict conditions regarding business continuity.
The FMA is now proposing to extend these requirements to groups such as issuers of derivative investments, which can involve immense sums of money, some of it enhanced in value by leverage.
Also coming under the FMA's watchful eye are groups such as peer-to-peer lenders and even crowd funders.
The FMA is proposing to require these operators to have an appropriate and regularly tested business continuity plan (BCP). How they design this is up to them, but their plans must address the sort of threats their business could face.
It is also proposing that where operators rely on technology systems as a core part of providing a service, then these critical systems must be secure, reliable and be included in the BCP.
The FMA also wants operators to protect the confidentiality, integrity and availability of information and/or technology systems.
They would have to report a material breach within 72 hours, which is shorter than the 10-working-day notification requirement for standard FAP licence holders.
The FMA explains the difference by saying it reflects the reliance on technology by the targeted operators and the likelihood of harm to consumers and investors when disruptions occur.
Breaches of cyber security are universally dreaded within the finance industry because they can reveal people's personal financial information. One incident was announced earlier this year by the finance company Latitude.
The FMA is seeking feedback on its proposals.
We welcome your comments below. If you are not already registered, please register to comment.
Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.