Tyrie: Reform banks’ IT to protect the public
Andrew Tyrie, Member of Parliament and chairman of the UK’s Treasury Select Committee has issued a public letter to the head of the UK’s financial regulators arguing that three reforms are needed, without which ”the public will remain more exposed than necessary to the risk of bank failure.”
Sent to Andrew Bailey, deputy governor for Prudential regulation at the Bank of England (BoE) and Tracy McDermott, the acting chief executive of the Financial Conduct Authority (FCA), the letter says that there is a lack of board-level IT expertise within banks with an over reliance on sub-committees and consultant, that more resources need to be put into modernising and managing bank IT resources, and that “legal, regulatory, structural and cultural changes are needed” in the way that banks manage cyber security risks.
Mr Tyrie’s concern about the exposure of the public to “delays in paying their bills, the inability to obtain access to their own funds and unauthorised access to their accounts” leads him to conclude that a new structure is needed to manage the process of reform as currently “no-one group seems to be directly responsible for understanding the risks carried.”
He recommends that a group be formed to manage the process and report back to the Chancellor of the Exchequer and Parliament with leadership provided by the BoE’s Prudential Regulatory Authority.
The publication of the letter coincides with the publication of correspondence between senior bank executives and the Treasury Select Committee, based on enquiries from the Committee about IT outages throughout 2015. In one of the letters to Ross McEwan, group chief executive of RBS, Tyrie highlighted the need for the responsibility for IT risks to be established under the Senior Managers Regime, a regulation coming into force in 2016 which required clear delineation of responsibility.
Reported by Dan Barnes