FCA – Do they notice IT at all?

Looking at the FOI requests submitted to the FCA In August 2015 there was an interesting question about IT.

“Please provide me with a list of fines (issued by the FCA to banks and other financial institutions over the past 7 years) relating to a failure in systems and controls of IT systems.  Please list the data by institution showing the amount, date, and a one line description of the justification for the fine.“

In their response the FCA quite clearly states that “to compile the list of relevant cases we have selected the FCA final notices relating to breaches of the FCA’s Principles for Business (in particular, Principle 3 – Management and control) and out of these selected cases relating to IT failures, including data security breaches.”  They also say that “We have interpreted ‘other financial institutions’ to mean all other authorised firms”.

As an aside there are much more relevant SYSC & COBS rules that could be applied.  However as IT underpins pretty much the entire market from IFA’s through Investment managers & Insurance companies all the way up to Banks and there are a load of really specific rules that cannot be satisfied if a firm’s IT goes awry, I was looking forward to a long list of misdemeanours and fines.

This is it, 5 cases in 6 years.