FCA & SOX Governance

In recent times, the Financial Conduct Authority (FCA) has issued numerous fines for information security failures, all of which have received wide-ranging coverage in the national press.

The damage in bad PR and loss of faith can be considerable, resulting in the need for extra investment in marketing and resources to counteract the impact of the negative publicity that inevitably comes with a security breach.

Companies suffering from a breach are scrutinised over how secure the information was and how it was breached. Questions will be asked regarding the adequacy of encryption, firewalls, the training of staff and, in some cases, why the information was public facing. Could you answer these questions in a positive light if it was your company?

There are many FCA rules and regulations that businesses in the financial services sector must abide by, but when it comes to securing customer data, the very minimum should be perimeter safeguards to prevent Internet-based data security compromises. In the event that your company were to suffer a security breach resulting in the loss of customer data, would you be able to demonstrate that the necessary steps had been taken to minimise this risk?

If you’re a US organisation, subsidiary or have commercial operations in the US, you will most likely be required to have annual independent security testing to follow information assurance and governance guidelines for Sarbanes-Oxley (SOX) compliance, to ensure Section 404 is being adhered to and sensitive user information is secure.

Regular security testing performed by NTA has become an established feature of best practice, audit and risk management procedures for many companies in the financial sector, and will assist you with demonstrating that due care and diligence has been taken.