The Bank of England has teamed up with other regulators to offer UK banks a little advice on sorting out their woeful IT systems.
BoE, Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) have come up with a shared policy summary and consultation to strengthen resilience in the financial sector.
The Old Lady of Threadneedle Street warns that banks and Financial Market Infrastructures (FMIs) are expected to take responsibility for their resilience.
The bank calls for transparency rather than obfuscation: "If disruption occurs firms are expected to communicate clearly, for example providing customers with advice about alternative means of accessing the service." Good luck with that.
The regulators suggest that under the proposals companies and FMIs would be expected to:
- Identify their important business services that if disrupted could cause harm to consumers or market integrity, threaten the viability of firms or cause instability in the financial system;
- set impact tolerances for each important business service, which quantify the maximum tolerable level of disruption they would tolerate;
- identify and document the people, processes, technology, facilities and information that support their important business services; and
- take actions to be able to remain within their impact tolerances through a range of severe but plausible disruption scenarios.
You might have hoped they'd be doing this already, but given the recent record of UK banks' IT – the latest incident being last week – you would probably be wrong. TSB also had problems last month just after the publication of a damning report into their failures last summer.
The regulators' intervention follows similar criticism from the Treasury Committee.
To complement this announcement, the PRA is opening a consultation on "outsourcing and third-party risk management" to ensure that banks can continue to be confident in the resilience of their services even if outsourced to a cloud provider. The consultation runs until 3 April.
In summer, the Treasury Committee heard about banks' increasing reliance on the big three cloud providers and the potential risk this could bring.
The Bank of England report summary is here. ®
Sponsored: Ransomware has gone nuclear