Financial Services Security
Compliance & Regulation
Essential Reading
FCA Cybersecurity Requirements
FCA fined Tesco Bank £16.4M in 2018 for failing to prevent a cyberattack — the largest cyber-related fine in UK financial services at the time.
DORA and UK Financial Services
DORA entered into force on 17 January 2025 — UK firms with EU operations or EU ICT providers are in scope from day one.
FCA Operational Resilience (PS21/3)
FCA and PRA require every regulated firm to set a specific impact tolerance for every important business service — expressed in time, volume, or financial terms.
Further Reading
PCI DSS v4.0 for UK Payment Firms
PCI DSS v3.2.1 was retired in March 2024 — v4.0 is now the only valid version, with additional future-dated requirements taking effect in March 2025.
Cyber Essentials for Financial Services
NCSC recommends Cyber Essentials for all UK organisations handling sensitive personal or financial data — and insurers are increasingly making it a condition of cover.