FCA tells financial firms to increase operational resilience after CrowdStrike chaos

Britain's financial watchdog has urged firms to strengthen their defences against major technology disruptions following the CrowdStrike incident that caused global chaos in July 2024.

The Financial Conduct Authority said issues linked to third-party providers were the leading cause of operational incidents reported to the regulator between 2022 and 2023. Financial firms have been given until March 2025 to prove they can maintain critical services during "severe but plausible scenarios" similar to the CrowdStrike crisis.

The July incident occurred when CrowdStrike released a faulty Falcon content update for Microsoft Windows devices, affecting 8.5 million systems worldwide. The disruption led to thousands of flight cancellations and impacted various sectors including banking, healthcare, and retail.

Delta Airlines is now suing CrowdStrike, claiming the computer outage cost the airline more than $500 million after approximately 7,000 flights were cancelled.

The regulator noted that firms with detailed mapping of third-party relationships were able to respond more effectively during the outage. Those with pre-defined communication plans and clear contractual responsibilities also managed the crisis better.

The FCA has called on companies to take several preventive steps, including improving third-party risk controls and ensuring contracts clearly outline responsibilities for service monitoring and incident notification.

In the UK, the incident highlighted the continued importance of cash availability, with Link, the cash machine provider, reporting a spike in withdrawals on the morning of the outage. The provider said the event demonstrated that society could not safely become cashless without ensuring the resilience of digital systems.

While the regulator observed "varying degrees of operational impact on regulated firms" from the CrowdStrike incident, it reported "minimal consumer harm." However, it emphasised that all firms, regardless of how they were affected, should learn from the incident to improve their ability to handle future disruptions.



Share Story:

Recent Stories


Safeguarding economies: DNFBPs' role in AML and CTF compliance explained
Join FStech editor Jonathan Easton, NICE Actimize's Adam McLaughlin and Graham Mackenzie of the Law Society of Scotland as they look at the role Designated Non-Financial Businesses and Professions (DNFBPs) play in the financial sector, and the challenges they face in complying with anti-money laundering and counter-terrorist financing regulations.

Ransomware and beyond: Enhancing cyber threat awareness in the financial sector
Join FStech editor Jonathan Easton and Proofpoint cybersecurity strategist Matt Cooke as they discuss the findings of the State of the Phish 2023 report, diving into key topics such as awareness of cyber threats, the sophisticated techniques being used by criminals to target the financial sector, and how financial institutions can take a proactive approach to educating both their employees and their customers.

Click here to read the 2023 State of the Phish report from Proofpoint.

Cracking down on fraud
In this webinar a panel of expert speakers explored the ways in which high-volume PSPs and FinTechs are preventing fraud while providing a seamless customer experience.

Future of Planning, Budgeting, Forecasting, and Reporting
Sage Intacct is excited to present FSN The Modern Finance Forum’s “Future of Planning, Budgeting, Forecasting, and Reporting Global Survey 2022” results. With participation from 450 companies around the globe, the survey results highlight how organisations are developing their core financial processes by 2030.