FCA tells financial firms to increase operational resilience after CrowdStrike chaos

Britain's financial watchdog has urged firms to strengthen their defences against major technology disruptions following the CrowdStrike incident that caused global chaos in July 2024.

The Financial Conduct Authority said issues linked to third-party providers were the leading cause of operational incidents reported to the regulator between 2022 and 2023. Financial firms have been given until March 2025 to prove they can maintain critical services during "severe but plausible scenarios" similar to the CrowdStrike crisis.

The July incident occurred when CrowdStrike released a faulty Falcon content update for Microsoft Windows devices, affecting 8.5 million systems worldwide. The disruption led to thousands of flight cancellations and impacted various sectors including banking, healthcare, and retail.

Delta Airlines is now suing CrowdStrike, claiming the computer outage cost the airline more than $500 million after approximately 7,000 flights were cancelled.

The regulator noted that firms with detailed mapping of third-party relationships were able to respond more effectively during the outage. Those with pre-defined communication plans and clear contractual responsibilities also managed the crisis better.

The FCA has called on companies to take several preventive steps, including improving third-party risk controls and ensuring contracts clearly outline responsibilities for service monitoring and incident notification.

In the UK, the incident highlighted the continued importance of cash availability, with Link, the cash machine provider, reporting a spike in withdrawals on the morning of the outage. The provider said the event demonstrated that society could not safely become cashless without ensuring the resilience of digital systems.

While the regulator observed "varying degrees of operational impact on regulated firms" from the CrowdStrike incident, it reported "minimal consumer harm." However, it emphasised that all firms, regardless of how they were affected, should learn from the incident to improve their ability to handle future disruptions.



Share Story:

Recent Stories


The human firewall: Activating employees to safeguard financial data
As financial services increasingly embrace SaaS and cloud-based technologies, they face emerging threats to safeguard sensitive customer data. While comprehensive IT security measures are essential, the active involvement of employees across organisations is pivotal in ensuring the protection of sensitive data.

Building a secure financial future for instant payments: The convergence of ISO 20022 and fraud detection
The financial landscape is rapidly evolving its approach to real-time transactions under the ISO 20022 standard, and financial institutions must take note. With examples such as the accelerated adoption of SEPA Instant Credit Transfers in Europe and proposed New Payment Architecture (NPA) programme in the UK, the need for swift and effective fraud detection is more crucial than ever.

Data Streaming and Consumer Duty: Transforming customer experience in banking
Introduced at the end of July, the Consumer Duty is a game-changing new set of rules and guidance for financial services institutions in the UK, and companies must look to modernise their systems in adherence with it in mind to create the best customer experience possible.

From insight to action: Empowering financial institutions through advanced technology and collaborative information sharing
The use of Information sharing in enhancing financial crime prevention has been universally agreed as being beneficial. However no-one has been able to agree on how information can be shared safely without breaching data protection laws or having the right systems to facilitate this, Information sharing has re-emerged as a major consideration for financial institutions (FIs) ahead of the Economic Crime and Corporate Transparency Bill being made into law in the UK.