The Financial Conduct Authority has confirmed new rules aimed at improving how firms, including CFD brokers, report operational incidents and issues involving third-party providers.

The regulator said the changes are designed to make reporting “clearer, more consistent, and easier for firms to follow.” The updated framework is intended to help authorities respond more quickly to disruptions such as cyber attacks or power outages. It also aims to give CFD brokers and other financial firms greater certainty on what to report and when.

Join the inaugural Finance Magnates Singapore Summit 2026, which will bring together brokers, fintechs, banks, EMIs, wealth managers, and hedge funds across APAC.

The move comes as cyber threats increase in frequency and complexity. The FCA said that in 2025, more than 40% of reported cyber incidents involved third parties. Recent disruptions, including outages affecting services linked to Cloudflare and Amazon Web Services, have highlighted the sector’s reliance on external providers.

Single Portal Introduced for Reporting Requirements

The FCA said firms have not always reported incidents consistently and industry participants requested clearer guidance. In response, the regulator launched a consultation in December 2024 and refined rules to reduce burden while ensuring key information is received early.

• FP Trading Signs Up with Financial Commission for External Dispute Resolution
• “Data Centre Capacity Has Not Been an Issue”: Brokers Are Confident in Singapore’s FX Growth
• After 20 Years at Saxo Bank, Casper Andreas Solbakken Steps Down Amid Ownership Change

Under the new framework, the FCA, the Prudential Regulation Regulation Like any other industry with a high net worth, the financial services industry is tightly regulated to help curb illicit behavior and manipulation. Each asset class has its own set of protocols put in place to combat their respective forms of abuse.In the foreign exchange space, regulation is assumed by authorities in multiple jurisdictions, though ultimately lacking a binding international order. Who are the Industry’s Leading Regulators?Regulators such as the UK’s Financial Conduct Authority ( Like any other industry with a high net worth, the financial services industry is tightly regulated to help curb illicit behavior and manipulation. Each asset class has its own set of protocols put in place to combat their respective forms of abuse.In the foreign exchange space, regulation is assumed by authorities in multiple jurisdictions, though ultimately lacking a binding international order. Who are the Industry’s Leading Regulators?Regulators such as the UK’s Financial Conduct Authority ( Read this Term Authority, and the Bank of England will operate a single reporting system. Most directly supervised firms can submit short-form reports, with clearer guidance on thresholds, definitions, and responsibilities, and duplicative requirements have been removed for payment service providers and credit rating agencies.

Cyber and Third-Party Risks Monitored

Mark Francis said “resilience is being tested like never before,” noting “growing cyber threats” and firms’ increasing reliance on third parties. He added the changes give “clearer rules and practical guidance” and help the FCA “spot risks, share insights and strengthen sector-wide resilience.”

The regulator said it will use reported data to identify trends and share insights with the industry. Where incidents involve third-party providers, the information will help assess supply chain risks, highlight the most exposed services, and identify potential critical third parties within the UK financial system.

Guidance and Implementation Timeline

Alongside the rules, the FCA has published finalised guidance on incident and third-party reporting, including examples, thresholds, and form instructions. Firms, including CFD brokers, have 12 months to prepare before the rules take effect on 18 March 2027.