Global Trustee and Fiduciary Services Bite-Sized Issue 11 2024

7 QUICK LINKS CULTURE CRYPTOASSETS ELTIFS EMIR FINANCIAL STABILITY BOARD FINTECH MIFID II/MIFIR OPERATIONAL RESILIENCE SUSTAINABILITY T+1 ASIA/PACIFIC EUROPE LUXEMBOURG NORTH AMERICA UNITED KINGDOM Global Trustee and Fiduciary Services Bite-Sized | Issue 11 | 2024 OPERATIONAL RESILIENCE FCAWebpage on CrowdStrike Outage: Lessons for Operational Resilience On 31 October 2025, the Financial Conduct Authority (FCA) published a new webpage, ‘CrowdStrike outage: lessons for operational resilience.’ The FCA says this contains its insights, observations and key lessons from how firms responded to the CrowdStrike outage and their preparedness to respond to future incidents. In its update, the FCA says it outlines the FCA’s key lessons following this incident, including examples of how firms’ compliance with PS21/3 allowed them to respond effectively, and areas firms should strengthen. FCA’s general observations following the outage The FCA says that by investing in operational resilience and following its operational resilience rules, firms were able to identify consumer and market impacts and prioritise their important business services. • Firms that had mapped their important business services, and the resources necessary to deliver these services, were able to prioritise getting key services back online to reduce the overall impact the incident had on their operations. • Firms benefitted from having tested scenarios that were severe but plausible, including those impacting multiple important business services at the same time. • Firms who had clearly defined and tested communications strategies were able to quickly and efficiently respond to, and communicate with, customers and stakeholders. Next steps • Firms should consider if their current testing scenarios are adequate and assure themselves that impact would be minimised during operational disruptions. The FCA’s detailed insights into how firms across the sector responded and next steps, included: • Observations on ensuring the resilience of infrastructure; • Observations on third-party management; and • Observations on incident response and communications. Link to FCAWebpage here FSB Consults on a Common Format for the Reporting of Operational Incidents On 17 October 2024, the FSB published for consultation a Format for Incident Reporting Exchange (FIRE), a common format for financial firms’ reporting of operational incidents, including cyber incidents. The FSB says that FIRE aims to promote convergence in reporting practices, to address operational challenges arising from reporting to multiple authorities, and to foster better communication within and across jurisdictions. The FSB says that, developed in consultation with the private sector, FIRE provides a set of common information items for reporting incidents. Its design maximises flexibility and interoperability. Authorities can choose the extent to which they adopt FIRE, leveraging its features and definitions to promote convergence and facilitate translation between existing frameworks. Similarly, financial institutions can use FIRE both in their reporting to financial authorities and in their relationships with service providers. The consultation package consists of (i) a ‘human-readable’ format, (ii) a structured data model of FIRE using the reporting-language-agnostic Data Point Model method, and (iii) a taxonomy in eXtensible Business Reporting Language (XBRL) as a sample machine-readable version of FIRE. Deadline for comments is 19 December 2024. Link to Consultation here