A consultation document on the FMA’s proposal to introduce a new standard condition covering business continuity and technology systems has been released.
Paul Gregory, FMA Executive Director of Response and Enforcement said: “This proposal continues the FMA’s roll-out of this standard condition across licence types, to reflect the importance of ensuring licence holders can continuously provide their market services.”
Among the proposals are that licensees must make sure their critical technology systems are operationally resilient, and must notify the regulator within 72 hours if they suffer an event that materially affects the supply of its service.
This consultation is relevant to:
- Managers of registered schemes (but not restricted schemes)
- Providers of discretionary investment management services
- Derivatives issuers and
- Prescribed intermediary services (peer-to-peer lending providers and crowdfunding service providers)
The FMA introduced a business continuity plan and technology resilience standard condition for FAPs in 2020, this requirement is also included in the Conduct of Financial Institutions regime which comes into force in 2025.
The FMA has previously noted shortcomings in the cyber resilience and operational systems among entities it licences, including underinvestment in technology and the use of unsupported or legacy systems.
Consultation on the proposal runs until 1 September. Find out more here.