CUBE RegNews:
13^th November

Latest SARs newsletter from UK’s FIU

The UK’s National Crime Agency has published its latest SARs Reporter Booklet for November. 

The newsletter, aimed at those with responsibility for reporting suspicious activities, provides useful case studies around fraud and money laundering and a reminder of the various SARs codes. 

Bank of England launches next phase of the system-wide exploratory scenario

The Bank of England has launched a severe stress test for the UK financial system, involving more than 50 financial market participants. The test, known as the System-Wide Exploratory Scenario (SWES) launched in June 2023, is designed to assess the resilience of the system to a severe but plausible shock. The SWES scenario includes a ten-day shock to rates and risky asset prices, which is faster, wider ranging, and more persistent than those seen in recent periods of market instability. The scenario also incorporates many elements from recent market events, such as the March 2020 ‘dash for cash’ and September/October 2022 LDI episode. 

The Bank is asking SWES participants to consider the impact of this hypothetical stress scenario, including how it would impact their business, and what actions they would take in response. The Bank will then assess the system-wide consequences of these actions. 

The exercise is not a test of the resilience of the individual firms participating. Published materials will not provide information on any individual firms. 

The Bank expects to publish a final report on the SWES by end 2024. 

ASIC publishes cyber survey and recommendations

The Australian Securities and Investments Commission (ASIC) has published its cyber pulse survey 2023 (survey) to better understand the cyber maturity of regulated organisations in the ongoing heightened threat environment. 

The key findings from the survey are: 

• 44% of respondents do not manage third-party or supply chain risk. 
• 58% have limited or no capability to protect confidential information adequately 
• 33% do not have a cyber incident response plan 
• 20% have not adopted a cyber security standard. 

More generally, the survey showed that small organisations lagged behind in supply chain risk management, data security, and consequence management. 

The survey cites eight recommendations for small firms to help improve their cyber security. 

1. Creating, implementing and managing a whitelist of approved applications.  
2. Implementing a process to regularly update and patch systems, software and applications. 
3. Disabling macros in Microsoft Office applications unless specifically required. Training employees not to enable macros in unsolicited email attachments or documents.  
4. User application hardening by ensuring web browsers are configured securely to block malicious content. Only using necessary browser extensions and keeping them updated.  
5. Restricting administrative privileges to those who need them.  
6. Setting up automatic updates for patching operating systems.  
7. Using strong, unique passwords and enabling multifactor authentication.  
8. Conducting daily backups of critical data and isolating backups from your network. 

The SFC will continue to monitor the market developments and the conduct of LCs in relation to IPO activities, and will take appropriate regulatory actions if necessary.