UK regulators take aim at banks’ IT failures
UK regulators the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA) and the Bank of England (BoE) have published a joint consultation paper on operational resilience in financial services.
Proposals in the paper have set a series of requirements and expectations for firms to identify their important business services that, if disrupted, could cause harm to consumers or market integrity.
The proposals also impress on firms their need to set impact tolerances for each important business service and identify and document the people, processes, and technology that supports them.
“It is in the public interest that a resilient financial system is able to supply the most important services with minimal interruption even during severe operational events,” says Andrew Bailey, chief executive of the FCA.
“Disruptive events can have a high impact on consumers and businesses, so firms need to know where the risks to their service delivery lie and to make sure that they are prepared for any service disruption by testing their planned response.”
Megan Butler, executive director of supervision at the FCA, said in a speech this week that regulators will not accept operational failure which leave consumers “stuck on the phone for hours trying to speak to their bank […] facing uncertainty over whether they will be able to pay their rent on time because they cannot transfer their money.”
Butler added that the new proposals were not just a “box ticking exercise”. She warned that financial services firms should not be trying to see what they can “get away with” because they don’t think the worst is going to happen.
“We need to know that you have planned for the worst and are able to continue to deliver your important business services when the worst does happen.”
In late October the Treasury Select Committee called on regulators to hold banks to account for an “unacceptable” amount of IT failures.
A report into banking outages and the effects they have on customers, published by the group, featured recommendations including greater regulatory action, higher fines, and better data recording of failures.
The number of IT failures that have occurred in the financial services sector, including TSB, Visa and Barclays, and the harm caused to consumers is unacceptable,” Steve Baker MP, lead member for the Treasury’s inquiry, said at the time.