The FMA has published an information sheet of principles and resources to help licensed FAPs develop their cyber resilience.
The regulator says standard conditions for full financial advice providers licences include a requirement to have and maintain a business continuity plan that includes procedures for responding to, and recovering from, events that impact on cybersecurity and continuity.
Additionally, the new Code of Professional Conduct for FAPs requires providers to ensure client information is protected against loss and unauthorised access, use, modification or disclosure.
FMA Director of Supervision James Greig says: “Within this newly-licensed population are many individuals and entities who have not previously been subject to compliance obligations for cybersecurity, including many small or single-adviser businesses.
“Although the information sheet is specifically for financial advice providers, cyber resilience is of critical importance to all licensed entities.”
It is up to licensees to design their own policies, processes and controls to suit the nature and scale of their individual business, says Greig.
In 2019 the FMA conducted a thematic review of market participants’ cyber resilience. The report provided guidance for firms in areas where the FMA identified the need for improvement.