Financial Services Security

Compliance & Regulation

Essential Reading

FCA Cybersecurity Requirements

FCA fined Tesco Bank £16.4M in 2018 for failing to prevent a cyberattack — the largest cyber-related fine in UK financial services at the time.

DORA and UK Financial Services

DORA entered into force on 17 January 2025 — UK firms with EU operations or EU ICT providers are in scope from day one.

FCA Operational Resilience (PS21/3)

FCA and PRA require every regulated firm to set a specific impact tolerance for every important business service — expressed in time, volume, or financial terms.

Further Reading

PCI DSS v4.0 for UK Payment Firms

PCI DSS v3.2.1 was retired in March 2024 — v4.0 is now the only valid version, with additional future-dated requirements taking effect in March 2025.

Cyber Essentials for Financial Services

NCSC recommends Cyber Essentials for all UK organisations handling sensitive personal or financial data — and insurers are increasingly making it a condition of cover.

Book a discovery call