FCA Updates Rules for Cyber Incident Reporting and Third-Party Service Providers

The UK’s Financial Conduct Authority (FCA) has issued new rules to clarify reporting requirements for cyber incidents and third-party service providers. The updates aim to improve transparency and consistency in how financial firms disclose security events and dependencies on external vendors. No specific technical details, dates, or numerical thresholds were provided in the announcement. The changes apply to regulated entities under the FCA’s jurisdiction in the United Kingdom. The rules focus on streamlining reporting processes without introducing new obligations. The FCA’s guidance is intended to enhance oversight of operational resilience in the financial sector.