263 total views, 1 views today
Major UK financial regulatory bodies — The Bank of England, Prudential Regulation Authority, and Financial Conduct Authority — have put out a shared policy summary aimed at preventing prolonged tech problems in the banking sector, Finextra reports.
The proposals state that companies and Financial Market Infrastructures (FMIs) “are expected to take ownership of their operational resilience and that they will need to prioritize plans and investment choices based on their impacts on the public interest.”
The policies outline four clear requirements firms and FMIs must follow to strengthen their IT resilience:
- Identify critical services. Financial institutions (FIs) must take note of which services would cause harm to consumers or to market integrity, threaten the viability of firms, or cause instability in the financial system if they were to be interrupted.
- Set tolerances. For each critical service FIs identify, they have to set limits that quantify the maximum level of disruption that those services could feasibly tolerate.
- Identify supporting entities. FIs also have to outline the people, processes, technology, and information that support their designated critical services.
- Act to remain within tolerances. FIs will be held responsible for taking action to stay within the tolerances they set through a range of severe but plausible disruption scenarios.
The regulators’ push comes at a time when outages are a persistent issue for banks. UK banks collectively experience five IT failures a week, per analysis from Which? cited by Finextra. A recent high-profile example was the one NatWest and RBS suffered on Black Friday, which disabled access to accounts and made customers unable to complete transactions. And in August, an event beyond banks’ control — an outage at US payments company TSYS — left customers of several UK banks, including RBS and Tesco Bank, unable to pay bills or access their account information.
As regulators pay more attention to outages and hold FI’s more responsible, the consequences of suffering an outage may become even graver. Outages — especially ones that occur at critical times like Black Friday — are already serious problems for banks. A critical consequence is that they anger customers — who may become more amenable to switching banks — which can damage brands and require resources to fix. And for neobanks that lack a physical branch presence, outages can cause even more damage, because customers have little recourse if they lose access to their accounts.
However, now that regulatory bodies are stepping in, things may get more severe, as regulators could decide that failure to abide by the guidelines they have laid down should be punishable by fines and greater governmental scrutiny, adding new punitive dimensions to an already harrowing problem.