-
Governance advisory
We guide boards and management teams in frameworks, team processes and leadership dynamics to deliver sustainable value.
-
Financial services advisory
Get market-driven expertise to achieve your goals in banking, insurance, capital markets, and investment management.
-
Business risk services
Our market-driven expertise helps firms keep growing and manage risk in an evolving regulatory landscape.
-
Risk
Meet risks with confidence and transform your business – we support you to manage risk and deliver on your goals.
-
Economic consulting
Bespoke guidance grounded in complex economic theory and practical sector insight to help you make the right decisions.
-
Government and public sector
Experience and expertise in delivering quality public sector advisory and audits.
-
Business consulting
Partnering with you to deliver sustainable business change that helps you realise your ambitions.
-
Transaction advisory services
Whether buying or selling, we help you get the deal done with our comprehensive range of transaction advisory services.
-
Financial accounting advisory services (FAAS)
Our FAAS team can support your finance function with the flexible resource they need to get results.
-
Corporate finance advisory
Building a business is never easy. We help you maximise the value of your business and find the right option.
-
Valuations
Help to understand or support the valuation of a business or asset.
-
Insolvency and global asset recovery
We provide asset tracing and seamless cross-border global recovery for clients.
-
Forensic and investigation services
Market-driven expertise in investigations, dispute resolution and digital forensics.
-
Restructuring
Our restructuring team help lenders, investors and management navigate contingency plans, restructuring and insolvency.
-
Transformation consulting
Is business transformation a priority for your organisation? Our expert insight and guidance can help you achieve it.
-
Pensions assurance
A tailored service that responds to evolving risks and regulations.
-
Accounting services
Optimise your growth with expert accounting services. Contact us today.
-
Royalty and intellectual property (IP) audits
Enhance IP asset protection with our royalty and IP audit services. Expertise in licensing, revenue detection, and compliance improvements.
-
Business consulting
Partnering with you to deliver sustainable business change that helps you realise your ambitions.
-
Corporate Simplification
Release value, reduce compliance complexity, and improve tax efficiency by streamlining your group structure.
-
Economic consulting
Bespoke guidance grounded in complex economic theory and practical sector insight to help you make the right decisions.
-
Financial accounting advisory services (FAAS)
Our FAAS team can support your finance function with the flexible resource they need to get results.
-
Governance advisory
We guide boards and management teams in frameworks, team processes and leadership dynamics to deliver sustainable value.
-
International
Unlock global opportunities with our local expertise and worldwide reach.
-
People advisory
Driving business performance through people strategy and culture.
-
Strategy Group
Successful business strategy is rooted in a clear understanding of the market, customer segmentation and how purchase decisions vary.
-
Respond: Data breach, incident response and computer forensics
Are you prepared for a cyber failure? We can help you avoid data breaches and offer support if the worst happens.
-
Comply: Cyber security regulation and compliance
Cyber security regulation and compliance is constantly evolving. Our team can support you through the digital landscape.
-
Protect: Cyber security strategy, testing and risk assessment
Cyber security threats are constantly evolving. We’ll work with you to develop and test robust people, process and technology defences to protect your data and information assets.
-
Corporate finance advisory
Building a business is never easy. We help you maximise the value of your business and find the right option.
-
Debt advisory
Working with borrowers and private equity financial sponsors on raising and refinancing debt. We can help you find the right lender and type of debt products.
-
Financial accounting advisory services (FAAS)
Our FAAS team can support your finance function with the flexible resource they need to get results.
-
Financial modelling services
Financial modelling that helps you wrestle with your most pressing business decisions.
-
Operational deal services
Enabling transaction goals through due diligence, integration, separation, and other complex change.
-
Our credentials
Search our transactions to see our experience in your sector and explore the deals advisory services we've delivered.
-
Transaction advisory services
Whether buying or selling, we help you get the deal done with our comprehensive range of transaction advisory services.
-
Valuations
Help to understand or support the valuation of a business or asset.
-
The ESG agenda
Shape your ESG agenda by identifying the right metrics, sustainable development and potential business value impact.
-
ESG driven business transition
Whatever your ESG strategy, we can support your organisation as it evolves while maximising efficiency and profitability.
-
ESG programme and change management
Do you have the right capabilities to drive the delivery of your ESG strategy to realise your targets?
-
ESG risk management
You must protect, comply, understand and influence to successfully manage the risk involved with ESG issues. We can help.
-
ESG strategy, risk and opportunity identification
We can help you clearly define your ESG Strategy, with the risks and opportunities identified and managed.
-
Create value through effective ESG communication
Building trust and engagement with your stakeholders on your ESG strategy.
-
ESG metrics, targets and disclosures
The pressure to report your ESG progress is growing. Do your targets measure up?
-
ESG governance, leadership and culture framework
Make the most of ESG opportunities by effectively embedding your strategy across your organisation.
-
ESG and non-financial assurance
Support your board to be confident in supplying robust information that withstands scrutiny.
-
Transition planning to net zero
Supporting your organisation in the transition to net zero.
-
Actuarial and insurance consulting
We consult extensively to the life insurance, general insurance, health insurance and pensions sectors.
-
Business risk services
Our market-driven expertise helps firms keep growing and manage risk in an evolving regulatory landscape.
-
Financial crime
Helping you fight financial crime in a constantly changing environment
-
Financial services business consulting
Leverage our diverse capabilities to manage challenges and take opportunities: from assurance to transformation
-
Financial services tax
Helping financial services firms navigate the global financial services and funds tax landscape.
-
Regulatory and compliance
Providing an exceptional level of regulatory and compliance to firms across the financial services industry.
-
Corporate intelligence
Corporate intelligence often involves cross-border complexities. Our experienced team can offer support.
-
Litigation support
Industry-wide litigation support and investigation services for lawyers and law firms.
-
Disputes advisory
Advising on quantum, accounting and financial issues in commercial disputes.
-
Forensic investigations and special situations
Do you need clarity in an uncertain situation? If you're accused of wrongdoing we can help you get the facts right.
-
Forensic data analytics
Our forensic data analytics team are helping businesses sift the truth from their data. See how we can help your firm.
-
Monitoring trustee and competition services
Monitoring trustee services to competition, financial and regulatory bodies.
-
Financial crime
Supporting your fight against financial crime in an ever-changing environment
-
Public sector advisory
To deliver excellent public services, local and central government need specialist support.
-
Public sector consulting
Helping public sector organisations maintain oversight of services and understand what's happening on the ground.
-
Public sector audit and assurance
As a leading UK auditor, we have unparalleled insights into the risks, challenges and opportunities that you face.
-
Contentious estates and family disputes
We manage complex and sensitive disputes through to resolution.
-
Digital Asset Recovery
Get guidance and technical expertise on digital finance and cryptoasset recovery from our dedicated crypto hub.
-
Grant Thornton Offshore
Grant Thornton Offshore is our one-stop global solution for insolvency, asset recovery, restructuring and forensics services.
-
Insolvency Act Portal
Case information and published reports on insolvency cases handled by Grant Thornton UK LLP.
-
Litigation support
Industry-wide litigation support and investigation services for lawyers and law firms.
-
Personal insolvency
We can support you to maximise personal insolvency recovery and seek appropriate debt relief.
-
South Asia business group
Supporting your growth in the UK-India economic corridor and beyond.
-
US business group
Optimise your trans-Atlantic operations with local knowledge and global reach.
-
Japan business group
Bridging the commercial and cultural divide and supporting your ambitions across Japan and the UK.
-
Africa business group
Connecting you to the right local teams in the UK, Africa, and the relevant offshore centres.
-
China-Britain business group
Supporting your operations across the China – UK economic corridor.
-
Asset based lending advisory
Helping lenders, their clients and other stakeholders navigate the complexities of ABL.
-
Contingency planning and administrations
In times of financial difficulty, it is vital that directors explore all the options that are available to them, including having a robust ‘Plan B’.
-
Corporate restructuring
Corporate restructuring can be a difficult time. Let our team make the process simple and as stress-free as possible.
-
Creditor and lender advisory
Whether you're a creditor or lender, complex restructurings depend on pragmatic commercial advice
-
Debt advisory
Our debt advisory team can find the right lender to help you in restructuring. Find out how our experts can support you.
-
Financial services restructuring and insolvency
Financial services restructuring and insolvency is a competitive marketplace. Our team can help you navigate this space.
-
Pensions advisory services
DB pension-schemes need a balanced approach that manages risk for trustees and sponsors in an uncertain economy.
-
Restructuring and insolvency tax
Tax will often be crucial in a plan to restructure a distressed business. Our team can guide you through the process.
-
Restructuring Plans
Market leading experience in advising companies and creditors in Restructuring Plan processes.
-
Controls advisory
Build a robust internal control environment in a changing world.
-
Data assurance and analytics
Enhancing your data processes, tools and internal capabilities to help you make decisions on managing risk and controls.
-
Enterprise risk management
Understand and embrace enterprise risk management – we help you develop and connect risk thinking to your objectives.
-
Internal audit services
Internal audit services that deliver the value and impact they should.
-
Managing risk and realising ESG opportunities
Assess and assure risk and opportunities across ESG with an expert, commercial and pragmatic approach.
-
Project, programme, and portfolio assurance
Successfully delivering projects and programmes include preparing for the wider impact on your business.
-
Service organisation controls report
Independent assurance provides confidence to your customers in relation to your services and control environment.
-
Supplier and contract assurance
Clarity around key supplier relationships: focusing on risk, cost, and operational performance.
-
Technology risk services
IT internal audits and technology risk assurance projects that help you manage your technology risks effectively.
-
Capital allowances (tax depreciation)
Advisory and tools to help you realise opportunities in capital allowances.
-
Corporate tax
Helping companies manage corporate tax affairs: delivering actionable guidance to take opportunities and mitigate risk.
-
Employer solutions
We will help you deliver value through your employees, offering pragmatic employer solutions to increasing costs.
-
Indirect tax
Businesses face complex ever changing VAT regimes, guidance and legislation. We can help you navigate these challenges.
-
International tax
Real-world international tax advice to help you navigate a changing global tax landscape.
-
Our approach to tax
We advise clients on tax law in the UK and, where relevant, other jurisdictions.
-
Private tax
Tax experts for entrepreneurs, families and private business. For now and the long term.
-
Real estate tax
Stay ahead of real estate tax changes with holistic, tax-efficient solutions.
-
Research and development tax incentives
We can help you prepare optimised and robust research and development tax claims.
-
Tax dispute resolution
We make it simple to stay compliant and avoid HMRC tax disputes
-
Tax risk management
We work with you to develop effective tax risk management strategies.
-
Skills and training
Get the right support to deliver corporate and vocational training that leads the way in an expanding market.
-
Private education
Insight and guidance for all businesses in the private education sector: from early years to higher education and edtech.
-
Facilities management and property services
Get insight and strategic support to take opportunities that protect resilience and drive UK and international growth.
-
Recruitment
Helping recruitment companies take opportunities to achieve their goals in a market where talent and skills are key.
-
Food and beverage (F&B)
We can help you find the right ingredients for growth in your food and beverage business.
-
Travel, tourism and leisure
Tap into our range of support for travel, tourism and leisure businesses in this period of challenge and change.
-
Retail, e-commerce and consumer products
With multiple challenges and opportunities in the fast-evolving retail sector, make sure you are ready for them.
-
Banking
Our expertise and insight can help you respond positively to long term and emerging issues in the banking sector.
-
Capital markets
2020 is a demanding year for capital markets. Working with you, we're architecting the future of the sector.
-
Insurance
Our experienced expert team brings you technical expertise and insight to guide you through insurance sector challenges.
-
Investment management
Embracing innovation and shaping business models for long-term success.
-
Pensions
Pension provision is an essential issue for employers, and the role of the trustee is becoming increasingly challenging.
-
Payments advisory and assurance
Payment service providers need to respond to rapidly evolving technical innovations and increased regulatory scrutiny.
-
Central and devolved government
Helping central and devolved governments deliver change to improve our communities and grow our economies.
-
Infrastructure and transport
Delivering a successful transport or infrastructure project will require you to balance an often complex set of strategic issues.
-
Local government
Helping local government leverage technical and strategic expertise deliver their agendas and improve public services.
-
Regeneration development and housing
We provide commercial and strategic advice to assist your decision making in pursuing your objectives.
-
Health and social care
Sharing insight and knowledge to deliver transformation and improvement to health and social care services.
-
Charities
Supporting you to achieve positive change in the UK charity sector.
-
Education and skills
The education sector has rarely faced more risk or more opportunity to transform. You need to plan for the future.
-
Social housing
We are committed to helping change social housing for the better, and can help you make the most of every opportunity.
-
Technology
We work with dynamic technology companies of all sizes to help them succeed and grow internationally.
-
Telecommunications
Take all opportunities to realise your goals in telecommunications: from business refresh to international expansion.
-
Media
Media companies must stay agile to thrive in today’s highly competitive market – we’re here to support your ambitions.
The financial sector has always been a significant target for cyber criminals and the approaches continue to grow in sophistication. For example, last year’s Fakecalls trojan horse malware introduced a fake banking app with inbuilt telephone support that connected the user to a scam operator – despite showing a contact number for the bank. Similarly, the SharkBot trojan was in a range of Android apps, which secretly initiated banking transfers from the user’s phone. Not to mention the high number of cryptocurrency thefts, which continue to threaten investor security.
A risk to financial stability
These incidents are by no means isolated and can lead to expensive remediation work, as well as loss of trust and reputational damage. The average cost of a data breach in the financial sector is now around USD 4.45 million (£3.55 million), according to an IBM report, while a recent high-profile case saw the Financial Conduct Authority (FCA) fine a single firm £11.2 million. But taking a broader view, cyber and data breaches can also threaten the wider financial system and affect stability.
Elisabeth Stheeman, external member of the Bank of England Financial Policy Committee, stressed this in a recent speech at the London School of Economics, where she discussed the importance of good cyber security across the financial sector. Citing the Bank of England’s 2022 cyber stress test [173KB], she pointed out the wider impact of a cyber security incident and its potential effect on financial stability.
These concerns are by no means unique to the UK, and have been echoed in a range of international publications. For example, the Financial Stability Institute (FSI) [1.03 MB] recently highlighted that cyber security is a fundamental pillar of the financial sector and discussed the range of regulatory approaches under way. The US Federal Reserve Board has also flagged the importance of effective cyber security, with Ransomware-as-a-Service, poor authentication mechanisms, and third-party attacks as key threats to the resilience of the financial system.
Direct and indirect financial impacts
When looking at the impact of poor cyber security, it’s important to look at both direct and indirect impacts. For example, a cyber incident that materially disrupts a service that is vital to financial institutions, markets or market infrastructure would count as a direct impact. This includes specific events, such as the October 2016 Flash Crash, which was partly due to a rogue trading algorithm.
But these kinds of events can have a broader impact, leading to liquidity stress or financial losses (among others) with potential contagion across the wider market – indirectly affecting financial stability.
International approaches to regulating cyber risks
The FSI also reported on the range of regulatory approaches taking shape in different jurisdictions. Broadly speaking, these tend to follow two paths:
- Folding cyber risk into existing regulatory frameworks covering topics such as IT or operational resilience
- Creating new regulations to establish specific cyber requirements
Regardless of the approach, regulators are generally taking a non-prescriptive stance, proportionate to a firm’s size and business activities.
The FSI also noted a shift in regulatory outlooks between early first-generation cyber regulation and more recent second-generation cyber regulation. While the first generation aims to prevent cyber breaches, the second generation assumes that cyber incidents will happen and focuses on cyber resilience to restore services that could affect financial stability. This includes a greater focus on cyber strategy, incident reporting, resilience testing and intelligence sharing. But that doesn’t absolve firms of their responsibilities to take reasonable action to prevent these incidents from happening.
What are the UK's cyber security priorities?
In the UK, the Financial Policy Committee sees cyber security as the most pressing operational risk for the sector and a significant threat to financial stability. The recent Bank of England Systemic Risk survey reflects these concerns, with 80% of banks and financial institutions listing cyber security as a key risk – overtaking geopolitical risks from the previous iteration. However, these threats aren’t mutually exclusive and the National Cyber Security Centre (NCSC) highlights that geopolitics is a key driver behind current cyber threats – which may grow over the coming years.
While good cyber security is a must, it isn’t enough on its own and firms need to embed it within a robust cyber resilience framework. Last year’s cyber stress test underlined this point by assessing a hypothetical cyber incident that redirected payments at two specific firms. The results highlighted some key learnings for firms across the sector, regardless of their size:
- Effective contingency planning is essential – this relies on good data and adequate investment
- Firms need to consider mitigating actions – to reduce customer confusion, maintain public confidence and prevent contagion
- The industry needs firms to work with each other for prompt and co-ordinated decision-making
- Good communication is vital with timely, consistent and effective updates for a wide range of stakeholders including customers, the media and the regulators
Applying this feedback across the sector will help firms boost their cyber resilience and mitigate the risk of financial stability in the event of a cyber incident.
How are cyber approaches translating into regulation?
With a focus on cyber resilience, the UK is in its second generation of cyber security regulations and follows a cross-cutting approach. That makes it difficult to take a comprehensive look at cyber regulations as they are mostly embedded within a broader range of rules. Key initiatives include the following:
Operational resilience
The regulation has been in place for a few years now, but last year the Prudential Regulation Authority (PRA) and FCA launched a joint discussion paper (DP2/22) covering ‘Critical third parties to the UK financial sector’. The proposed regime would allow the Treasury to designate some third-party providers as critical, and give the regulators the power to take action against providers that aren’t meeting expectations. This is consistent with international approaches, such as the Digital Operational Resilience Act (DORA), which aims to boost digital resilience across five key areas including third-party risk.
NCSC supply chain security guidelines
While not a regulation, firms should also consider best practice guidance from the National Cyber Security Centre on supply chain security. This is sector-agnostic but will ultimately support operational resilience, and DP2/22 and DORA implementation.
Senior Managers and Certification Regime (SM&CR)
Cyber security is now typically an overall responsibility under the SM&CR, sitting under the chief operations (SMF24) role. To meet FCA expectations, the senior manager must demonstrate that they are taking reasonable steps to mitigate cyber risks and embed effective cyber resilience processes.
Firms must disclose material cyber incidents promptly to the FCA
This includes incidents where a firm has found malicious software or unauthorised system access, resulting in significant data loss, affecting a large number of people. Firms also need to report significant data breaches to the ICO within 72 hrs.
CBEST and CQUEST frameworks
These Bank of England cyber security assessment frameworks aim to improve the financial sector’s resilience to cyber-attacks. Applying to specific organisations and financial market infrastructure firms, CBEST reflects an intelligence-led approach to penetration testing to identify vulnerabilities and improve cyber security. CQUEST helps the regulators gauge the sector’s cyber risk and resilience capabilities.
Consumer Duty
One of the cross-cutting rules is for firms to avoid causing foreseeable harm to retail customers. Firms can cause foreseeable harm to customers through their actions and omissions. Whether harm is considered foreseeable would depend on whether a prudent firm acting reasonably would be able to predict or expect the ultimately harmful result of their action or omission in connection with the product or service. This includes preventing cyber incidents, and reducing their duration and impact.
Network and information systems (NIS) regulations compliance
This applies to medium and large operators of essential services and relevant digital service providers, and creates consistent standards for network and information systems. This is an EU regulation, transposed into UK law, but is now subject to post-Brexit divergence. NIS2 applies from October 2024 and broadens the requirements of the original regulation. It applies to in-scope EU firms and UK firms that conduct business in the EU. All other in-scope UK firms continue to follow NIS, with some amendments.
PSP annual risk assessments
Payment service providers (PSPs) must submit an annual operational and security risk assessment to the FCA, as part of the European Banking Authority (EBA) guidelines for operational and security risk.
There are also the FCA’s principles and the PRA's fundamental rules to consider. Applying to all firms within their respective remits, these rules include cyber security elements throughout, and firms need to think about their application in the context of broader challenges, such as third-party risk, cloud risk and concentration risk.
What financial services firms need to do now
You need to make sure your cyber security and cyber resilience processes are in line with regulatory expectations. To achieve this, cyber security teams need to work more closely with compliance to fully understand the PRA and FCA’s rules, and wider regulatory expectations – and crucially what they mean in practice. Mapping these expectations to the supporting cyber security activity will help safeguard these endeavours from process changes, and boost resilience in the long term.
Things to consider:
- How your cyber strategy and governance processes reflect the firm’s risk profile and risk appetite
- What measures are in place to prevent, monitor and report cyber incidents
- How to share intelligence across the wider market and stay up to date with latest developments
- How to measure and test cyber resilience, and apply lessons learned
- How to embed cyber security hygiene factors across the organisation to reduce risks from crystallising
- How to monitor third-party dependencies
- How to create effective cyber security training and create a robust cyber culture
These steps will improve a firm’s individual cyber security posture, helping to reduce the potential for a disruptive incident, while putting effective controls in place to reduce the cost, impact and reputational damage if the risk does materialise.
For more insight and guidance on cyber security and how it relates the regulatory landscape contact Manu Sharma.