The Financial Conduct Authority has confirmed new rules
aimed at improving how firms, including CFD brokers, report operational
incidents and issues involving third-party providers.
Singapore Summit: Meet the largest APAC brokers you know (and those you still don't!)
The regulator said the changes are designed to make
reporting “clearer, more consistent, and easier for firms to follow.” The
updated framework is intended to help authorities respond more quickly to
disruptions such as cyber attacks or power outages. It also aims to give CFD
brokers and other financial firms greater certainty on what to report and when.
The move comes as cyber threats increase in frequency and
complexity. The FCA said that in 2025, more than 40% of reported cyber
incidents involved third parties. Recent disruptions, including outages
affecting services linked to Cloudflare and Amazon Web Services, have
highlighted the sector’s reliance on external providers.
Single Portal Introduced for Reporting Requirements
The FCA said firms have not always reported incidents
consistently and industry participants requested clearer guidance. In response,
the regulator launched a consultation in December 2024 and refined rules to
reduce burden while ensuring key information is received early.
Under the new framework, the FCA, the Prudential Regulation
Regulation
Like any other industry with a high net worth, the financial services industry is tightly regulated to help curb illicit behavior and manipulation. Each asset class has its own set of protocols put in place to combat their respective forms of abuse.In the foreign exchange space, regulation is assumed by authorities in multiple jurisdictions, though ultimately lacking a binding international order. Who are the Industry’s Leading Regulators?Regulators such as the UK’s Financial Conduct Authority (
Like any other industry with a high net worth, the financial services industry is tightly regulated to help curb illicit behavior and manipulation. Each asset class has its own set of protocols put in place to combat their respective forms of abuse.In the foreign exchange space, regulation is assumed by authorities in multiple jurisdictions, though ultimately lacking a binding international order. Who are the Industry’s Leading Regulators?Regulators such as the UK’s Financial Conduct Authority (
Read this Term
Authority, and the Bank of England will operate a single reporting system. Most
directly supervised firms can submit short-form reports, with clearer guidance
on thresholds, definitions, and responsibilities, and duplicative requirements
have been removed for payment service providers and credit rating agencies.
Cyber and Third-Party Risks Monitored
Mark Francis said “resilience is being tested like never
before,” noting “growing cyber threats” and firms’ increasing reliance on third
parties. He added the changes give “clearer rules and practical guidance” and
help the FCA “spot risks, share insights and strengthen sector-wide
resilience.”
The regulator said it will use reported data to identify
trends and share insights with the industry. Where incidents involve
third-party providers, the information will help assess supply chain risks,
highlight the most exposed services, and identify potential critical third
parties within the UK financial system.
Guidance and Implementation Timeline
Alongside the rules, the FCA has published finalised
guidance on incident and third-party reporting, including examples, thresholds,
and form instructions. Firms, including CFD brokers, have 12 months to prepare
before the rules take effect on 18 March 2027.
The Financial Conduct Authority has confirmed new rules
aimed at improving how firms, including CFD brokers, report operational
incidents and issues involving third-party providers.
Singapore Summit: Meet the largest APAC brokers you know (and those you still don't!)
The regulator said the changes are designed to make
reporting “clearer, more consistent, and easier for firms to follow.” The
updated framework is intended to help authorities respond more quickly to
disruptions such as cyber attacks or power outages. It also aims to give CFD
brokers and other financial firms greater certainty on what to report and when.
The move comes as cyber threats increase in frequency and
complexity. The FCA said that in 2025, more than 40% of reported cyber
incidents involved third parties. Recent disruptions, including outages
affecting services linked to Cloudflare and Amazon Web Services, have
highlighted the sector’s reliance on external providers.
Single Portal Introduced for Reporting Requirements
The FCA said firms have not always reported incidents
consistently and industry participants requested clearer guidance. In response,
the regulator launched a consultation in December 2024 and refined rules to
reduce burden while ensuring key information is received early.
Under the new framework, the FCA, the Prudential Regulation
Regulation
Like any other industry with a high net worth, the financial services industry is tightly regulated to help curb illicit behavior and manipulation. Each asset class has its own set of protocols put in place to combat their respective forms of abuse.In the foreign exchange space, regulation is assumed by authorities in multiple jurisdictions, though ultimately lacking a binding international order. Who are the Industry’s Leading Regulators?Regulators such as the UK’s Financial Conduct Authority (
Like any other industry with a high net worth, the financial services industry is tightly regulated to help curb illicit behavior and manipulation. Each asset class has its own set of protocols put in place to combat their respective forms of abuse.In the foreign exchange space, regulation is assumed by authorities in multiple jurisdictions, though ultimately lacking a binding international order. Who are the Industry’s Leading Regulators?Regulators such as the UK’s Financial Conduct Authority (
Read this Term
Authority, and the Bank of England will operate a single reporting system. Most
directly supervised firms can submit short-form reports, with clearer guidance
on thresholds, definitions, and responsibilities, and duplicative requirements
have been removed for payment service providers and credit rating agencies.
Cyber and Third-Party Risks Monitored
Mark Francis said “resilience is being tested like never
before,” noting “growing cyber threats” and firms’ increasing reliance on third
parties. He added the changes give “clearer rules and practical guidance” and
help the FCA “spot risks, share insights and strengthen sector-wide
resilience.”
The regulator said it will use reported data to identify
trends and share insights with the industry. Where incidents involve
third-party providers, the information will help assess supply chain risks,
highlight the most exposed services, and identify potential critical third
parties within the UK financial system.
Guidance and Implementation Timeline
Alongside the rules, the FCA has published finalised
guidance on incident and third-party reporting, including examples, thresholds,
and form instructions. Firms, including CFD brokers, have 12 months to prepare
before the rules take effect on 18 March 2027.
