Excerpts from speech by Andrew Bailey, chief executive of the FCA, delivered at our 2018 Annual Public Meeting on 11 September 2018.
Operational resilience and the consequences of its loss: this can take broadly two forms: cyber-risk, which involves the threat from outside actors seeking to disrupt firms and systems; and second, the risks that arise from the greater complexity of operational platforms in firms which can, as we have seen, lead to disruption for consumers. The impact of this type of risk is all the greater in an environment where consumers rely more on machines than human contact with firms. The FCA has an important role in these areas and we have increased our resources to reflect the risk.
On technological change and innovation: the second area is the impact of technological change and innovation. As I said earlier, the FCA is firmly a supporter of innovation, but we must balance this against the threats that come from some forms of innovation and the new issues they can pose. A good example of this is crypto assets. We are keen to see the potential of their underlying technology, and do not rule out roles for crypto assets themselves. But the risks are evident too: not least in the question of whether the consumers who use them understand the asset and price volatility they involve. We are working closely with the Treasury and Bank of England to assess these issues and come up with appropriate responses.
On data: the last broad operational risk I want to highlight concerns data. My assessment based on events over the last year or so is that data issues have been the fastest rising risk on our landscape. They take two forms. The first involves loss of personal data belonging to customers, whether caused by harmful actions such as cyber-attacks or due to mismanagement of data and negligence by firms. The second involves how firms use personal data, and whether this is consistent with our rules and principles. Of course, data issues are by no means restricted to financial services, and nor are they necessarily at their worst in our regulated world. But the heavy use of personal data to determine suitable products and services is inherent to financial services, so this issue is high up our agenda.