UK Conduct Regulator Issues Guidance on Financial Crime Controls and Information Security During COVID-19

The U.K. Financial Conduct Authority has issued guidance on financial crime controls and information security for financial services firms during COVID-19. The FCA notes the increase in cyber-crime during the COVID-19 pandemic, the risks of which may be magnified by operational disruptions arising from working from home arrangements. Firms are expected to be proactive in managing the increased risks during this period, including being vigilant about the potential increase in cyber risks, ensuring they maintain appropriate governance and oversight arrangements, reviewing the impact of COVID-19 on their information security defenses and ensuring that general notification requirements are followed and significant cyber incidents are reported.

The FCA's guidance on information security urges firms to remain vigilant to new types of fraud and to make any Suspicious Activity Reports in a timely manner. Firms should also ensure risk controls are maintained, although the FCA accepts that firms may need to reprioritize or delay some anti-money laundering and counter-terrorist financing activities. Delays to certain AML/CTF activities will be considered reasonable provided the firm does so on a risk basis and there is a clear plan to return to usual processes as soon as reasonably possible. The guidance also restates the FCA's flexibility on CDD requirements, which should continue to be carried out in accordance with the Joint Money Laundering Steering Group's guidance or, in the case of CBILS and BBLS loans, in accordance with the FCA's separate guidance for lenders entering into loans under those schemes.

View the information security section of the FCA's COVID-19 response page.

View the FCA's guidance on financial crime systems and controls.

View details of the FCA's guidance on CDD requirements.

View details of the FCA's guidance on the CBILS and BLLS.

Return to main website.