On Thursday February 24th, Russia invaded Ukraine. A lot of things changed that day. Over seven decades of relative peace was destroyed and a war broke out. As part of the fight in this war, big players in the western world, including the UK and US have imposed a series of sanctions against Russia. The idea is to pressure Russia back to its country with a failing economy and the firm stance that the allies are not about to stand for this invasion. Whether it will work still remains to be seen, but businesses around the world, at all levels, have had to check in on their operational resilience measures, to ensure that they can continue to function and adapt around the Russian sanctions. To help out businesses, the Financial Conduct Authority has outlined areas that business owners should check over to ensure operational resilience. We’re breaking down the areas that need the most attention as outlined by the FCA. Read on for our guide to operational resilience following the Russian invasion of Ukraine.
Important business services
The initial aspect of operational resilience is ensuring that the implications of the UK, US, and European Union sanctions are dealt with. Think about the short term and long-term effects of these sanctions on your business and your third-party providers.
The next step there is to adapt to these implications. Of course, that is easier said than done, but it will need to occur in order for you to continue operating.
The National Cyber Security Centre, or NCSC, isn’t aware of any specific cyber threats to UK businesses since the invasion but has supported US President Biden in his call for increased cyber security since the invasion was launched. Russia’s tactics are known to include cyberwarfare with a long history of suspected illegal cyber activity aimed at the western world.
The FCA has outlined guidance for operational resilience when it comes to cyber security for businesses of all levels. They site the NCSC’s Cyber Essentials scheme as a point of reference, which details the process to gain classification to be considered cyber safe.
Beyond that, the FCA asks business owners to consider your and your third-party providers, cyber security. You might need to raise staff awareness with extra training or reminding them of ethical phishing campaigns and take steps to ensure that your security is up to scratch to deal with an elevated cyber risk.
Business continuity and incident management
Another element of operational resilience is ensuring your business can function as best as possible. Imagine the sanctions against Russia don’t exist. Now, you’re going to want to make sure everything is in order so that you are in the best condition to face the sanctions. You will have to make sure that your arrangements for business continuity and incident management are up to date. This is critical to making sure you can still function and meet the obligations of your business. It will also help you to ensure that you are keeping up with your compliance obligations even in the face of a worldwide disruption.
It is possible that false information could be being gathered about the operations of your firm or your business’ financial sector, or even about your staff members. In order to cause disruption, bad actors will post these “findings” on social media for your customers and clients to act on. Part of your operational resilience will be to keep an eye out for instances of this and respond.
You should be ready with a clear and concise response, debunking the misinformation being told and assuring customers of their next move.
As part of your business’ operational resilience and the wider resilience of the country, be ready to report to the FCA and any other relevant UK authorities about anything you spot that could cause concern. Keeping the FCA informed of any anomalies, like cyber incidents or outages, information gathered about your staff, etc. will allow the FCA to act.
The FCA can flag up, keep track of and offer specialist advice on these changes. They can help your business minimize the disruption or harm to consumers, industry markets and the wider UK financial sector, but only if they are informed promptly.
The FCA site has a breakdown of how to report an anomaly, which outlines encouraging you to contact your FCA supervisor, using the contact page to get in touch if you don’t have an assigned supervisor, if your firm is dual-regulated by the PRA, informing them, and following additional rules or directions.
There are also other authorities you should contact if you suspect additional issue, like Action Fraud if you believe the action is criminal, the Information Commissioner’s Office for a data breach, the National Cyber Security Centre for a cyber attack and by sharing your incident on the CISP platform for other firms to learn from.
Contact us today to find out how we can help ensure maximum safety.