FCA tells financial firms to increase operational resilience after CrowdStrike chaos

Britain's financial watchdog has urged firms to strengthen their defences against major technology disruptions following the CrowdStrike incident that caused global chaos in July 2024.

The Financial Conduct Authority said issues linked to third-party providers were the leading cause of operational incidents reported to the regulator between 2022 and 2023. Financial firms have been given until March 2025 to prove they can maintain critical services during "severe but plausible scenarios" similar to the CrowdStrike crisis.

The July incident occurred when CrowdStrike released a faulty Falcon content update for Microsoft Windows devices, affecting 8.5 million systems worldwide. The disruption led to thousands of flight cancellations and impacted various sectors including banking, healthcare, and retail.

Delta Airlines is now suing CrowdStrike, claiming the computer outage cost the airline more than $500 million after approximately 7,000 flights were cancelled.

The regulator noted that firms with detailed mapping of third-party relationships were able to respond more effectively during the outage. Those with pre-defined communication plans and clear contractual responsibilities also managed the crisis better.

The FCA has called on companies to take several preventive steps, including improving third-party risk controls and ensuring contracts clearly outline responsibilities for service monitoring and incident notification.

In the UK, the incident highlighted the continued importance of cash availability, with Link, the cash machine provider, reporting a spike in withdrawals on the morning of the outage. The provider said the event demonstrated that society could not safely become cashless without ensuring the resilience of digital systems.

While the regulator observed "varying degrees of operational impact on regulated firms" from the CrowdStrike incident, it reported "minimal consumer harm." However, it emphasised that all firms, regardless of how they were affected, should learn from the incident to improve their ability to handle future disruptions.



Share Story:

Recent Stories


Sanctions evasion in an era of conflict: Optimising KYC and monitoring to tackle crime
The ongoing war in Ukraine and resulting sanctions on Russia, and the continuing geopolitical tensions have resulted in an unprecedented increase in parties added to sanctions lists.

Achieving operational resilience in the financial sector: Navigating DORA with confidence
Operational resilience has become crucial for financial institutions navigating today's digital landscape riddled with cyber risks and challenges. The EU's Digital Operational Resilience Act (DORA) provides a harmonised framework to address these complexities, but there are key factors that financial institutions must ensure they consider.

Legacy isn’t the enemy: what FSIs can do to keep their systems up and running
In this webinar we will examine some of the steps FSIs have already taken to rigorously monitor and test systems – both manually and with AI-powered automation – while satisfying the concerns of regulators and customers.

Optimising digital banking: Unifying communications for seamless CX
In the digital age, financial institutions risk falling behind their rivals if they fail to unite fragmented communications ecosystems to deliver seamless, personalised customer experiences.

This FStech webinar sponsored by Precisely explores vital strategies to optimise cross-channel messaging through omnichannel orchestration and real-time customer data access.