Financial services firms in the U.K. must prepare now for new reporting rules aimed at promoting operational resilience in the face of increasing global threats. Key issues for compliance include understanding what issues will cross the threshold for reporting obligations, how incidents are defined, and how they should be reported.
From March 18, 2027, all U.K. financial firms regulated by financial and banking regulators, the Financial Conduct Authority (FCA), the Prudential Regulation Authority (PRA), and the Bank of England must follow new rules and comply with a common regime for reporting operational – including cyber – incidents. The FCA published guidance on its final rules in March explaining what firms should do now to prepare.
