NZ regulator consults on proposed cyber resilience requirement
The Financial Markets Authority (FMA) is seeking submissions on its proposal to introduce a business continuity and technology systems standard condition for certain types of market service licences.
“Operationally resilient businesses are important for the integrity and availability of New Zealand’s financial markets,” the FMA says.
“The FMA wants to ensure that market service providers are prepared to respond to business continuity and cyber risks when they emerge.”
The new standard condition proposes that licensees must have and maintain a business continuity plan that is appropriate for the scale and scope of its service, to make sure that their critical technology systems are operationally resilient.
It will apply to managers of registered schemes but not restricted schemes; providers of discretionary investment management services; derivatives issuers and prescribed intermediary services (peer-to-peer lending providers and crowdfunding service providers).
If the licensee suffers an event that materially affects the supply of its service, it must notify the FMA as soon as possible, and no later than 72 hours after the event.
“The 72-hour period reflects the reliance on technology by the relevant licence holders and the likelihood of harm to consumers and investors when disruptions occur,” the FMA says.
“It also reflects the significance of technology in maintaining sound and efficient financial markets.”
The FMA consultation paper says a similar condition is already in place for providers of a financial advice service, and the same standard condition will apply to financial institutions licensed under the Financial Markets Conduct Act 2013.
Closing date for submissions is September 1.
Click here for the consultation paper.