Question to the HM Treasury:

To ask Her Majesty’s Government whether they have any plans to introduce legislation obliging financial companies to protect against cyberbreaches, money laundering and fraud.

The UK already has a comprehensive anti-money laundering and counter financing of terrorism regime. The international money laundering standards set by the Financial Action Task Force form the basis of EU legislation, which is incorporated into various pieces of UK law, predominantly the Money Laundering Regulations (2007) and the Proceeds of Crime Act (2002), both of which apply to financial institutions.

The UK Government has no plans to introduce legislation obliging financial companies to protect against fraud. The Financial Conduct Authority (FCA), which regulates most financial institutions, expects firms within its supervisory remit to establish, implement and maintain adequate policies and procedures to reduce the risk that they may be used for financial crime. This includes money laundering, anti-bribery and corruption, and fraud.

The Government works very closely with the financial sector through such initiatives as the CISP (Cyber Security Information Sharing Partnership) and CERT-UK (the UK’s national Computer Emergency Response Team), and has participated in cyber security exercises with the sector to test defences, such as the Waking Shark II exercise held earlier this year. In addition, the Treasury is working with the relevant Government agencies, the Bank of England (including the Prudential Regulation Authority) and the FCA to respond to the Financial Policy Committee’s recommendation to work with core parts of the UK financial sector to put in place a programme of work to improve and test resilience to cyber attack.