BoE Demands More From UK Banks Over Cyber Failures
(6 July 2018 - United Kingdom) The Bank of England (BoE) and Financial Conduct Authority (FCA) have criticised banks and investment providers for failing customers as a result of substandard cyber threat and technology mismanagement.
Senior officials from the UK’s financial services regulators warned that banks, investment providers and any other financial firms dealing with consumers must improve on preventative measures. Industry wide consultation will be completed by 5 October 2018.
Regulators are seeking to avoid another negative event as experienced by TSB customers in April this year transferred from Lloyds. Thousands of customers lost account access, gained unauthorised access to other customers accounts and at worst had data and funds stolen by scammers seeking to take advantage of the outage. Damaging cyberattacks have also plagued the NHS, Equifax and Ticketmaster since 2016. Measures considered to achieve sector wide compliance include financial firms stress testing worst case scenarios, known as ‘impact tolerance’ tests, admitting when their ability to run a reasonable service for customers would collapse.
Banks may also have to rank how vital a service is to customers and put in place intolerance thresholds to ensure they can continue to deliver it, even in the event of disruptions such as IT updates or hacks. Regulators have suggested they may take more active measures to punish companies that fail to communicate disruption to customers adequately, holding boards and executives to account in the event that service disruption causes significant harm to consumers.
In a paper published jointly by the BoE Prudential Regulation Authority, FCA and Financial Stability Board, the regulators warned that “A resilient financial system is one that can absorb shocks rather than contribute to them. The financial sector needs an approach to operational risk management that includes preventative measures and the capabilities – in terms of people, processes and organisational culture – to adapt and recover when things go wrong. As recent high-profile disruptive events have shown, the speed and effectiveness of communications with the people most affected, including customers, is an important part of any firm’s or financial market infrastructure’s overall response to an operational disruption.”