November 2, 2024 at 05:38AM
The UK’s Financial Conduct Authority (FCA) urges financial institutions to enhance resilience against IT failures, highlighted by CrowdStrike’s significant outage affecting major banks and services. Compliance with FCA’s PS21/3 rules is necessary by March 2025. Delta Air Lines is suing CrowdStrike for losses related to the incident, alleging negligence.
**Meeting Takeaways:**
1. **FCA Directive**: The UK’s Financial Conduct Authority (FCA) is encouraging financial institutions to better prepare for IT failures following the CrowdStrike incident in July 2024, which affected several major organizations.
2. **Cause of Disruption**: The FCA identified issues at unregulated third parties as a primary cause of operational disruption in the UK financial sector from 2022 to 2023.
3. **Incident Impact**: Major banks and trading houses, including JPMorgan Chase and the London Stock Exchange, experienced significant disruptions due to CrowdStrike’s software failure, which led to widespread system crashes.
4. **Operational Resilience**: The FCA stressed the importance of improving operational resilience in compliance with their rules (PS21/3), which require organizations to implement strong business continuity measures by March 2025.
5. **Response to Incident**: Institutions that had already complied with PS21/3 were better positioned to respond to the CrowdStrike outage, effectively prioritizing system recovery and managing their third-party dependencies.
6. **Technical Improvements**: Affected organizations were prompted to reassess their systems for single points of failure, test update procedures, and review change management processes, focusing on improving resilience against similar future incidents.
7. **Communication Preparedness**: The FCA recommended that firms prepare external communication templates to ensure timely updates to customers and stakeholders during incidents.
8. **Delta Air Lines Lawsuit**: Delta Air Lines has initiated legal action against CrowdStrike, claiming significant revenue losses due to the disruption and citing issues with aging IT infrastructure. CrowdStrike has filed a counter-suit alleging negligence on Delta’s part.
9. **Overall Recovery**: While the incident had a widespread impact on financial markets, most affected institutions recovered relatively quickly and have since focused on minimizing future risks.