Most organisations that process payments must be authorised and/or registered with the relevant National Competent Authority (<a href="/glossarycollection/national-competent-authority" style="color:#48277C;" target="_blank" title="National Competent Authority"><u>NCA</u></a>). They are also obliged to implement financial crime prevention strategies and controls as discussed in the Financial Conduct Authority (<a href="/glossarycollection/financial-conduct-authority" style="color:#48277C;" target="_blank" title="Financial Conduct Authority"><u>FCA</u></a>) thematic reviews and the Regulatory Technical Standards (<a href="/glossarycollection/regulatory-technical-standards" style="color:#48277C;" target="_blank" title="Regulatory Technical Standards"><u>RTS</u></a>).<br/><br/>

As well as suffering the financial penalty of fraud losses, [comment: a recent KMPG global fraud survey reported over half of respondents had fraud loss recovery rates of less that 25%], organisations without a clear strategy and related fraud controls risk substantial fines from the regulator.<br/><br/>

The FCA fined Tesco bank over £16m for their 2016 cyber attack. Please click <a href="https://www.fca.org.uk/news/press-releases/fca-fines-tesco-bank-failures-2016-cyber-attack" style="color:#48277C;"><u>here</u></a> to access their press release.