New Zealand’s Financial Markets Authority (FMA) has released a cyber resilience information sheet for financial advice provider licensees, who are required to have a business continuity plan that includes mitigating digital risks.

The guidance outlines key areas for all licensees to focus on to build and maintain the security and resilience of their technology systems.

It is however up to licensees to design their own policies, processes and controls to suit the nature and scale of their individual business.

“Cyber resilience will be a key focus of our monitoring reviews of all market participants,” Director of Supervision James Greig said.

“Licensees will need to demonstrate not only that they have policies and systems in place, but also that these are widely understood and integrated into their business.

“Given the increasing sophistication and frequency of hacking and data-breaches reported in New Zealand, and the sensitive nature of information that may be held by financial markets participants, it is essential that all licensees give high priority to their cyber resilience capabilities.

“This includes ensuring that cyber security processes remain robust and appropriate for the cyber-related risks faced by the licensee.”

The new financial advice regime that came into force in March requires advice provider licensees to ensure their information technology systems are capable of responding to and recovering from cyber events.

They are expected to protect client information against loss and unauthorised access, use, modification or disclosure.

Click here for the FMA information sheet.