A Bank of England official warned on Monday (April 9) that the U.K.’s financial system is under cyberattack almost constantly, prompting regulators to soon roll out new standards for cybersecurity for financial firms.
City A.M. reported Sam Woods, a deputy governor of the Bank of England and the head of the Prudential Regulation Authority (PRA), said the PRA will publish new standards to which financial firms will need to adhere. Woods noted the new standards will be out before the end of the first half of 2018, which means they could appear as early as this summer. However, the actual timing of when the guidelines will be released has not yet been finalized.
According to Woods, “setting out clearly the level of operational resilience we expect of firms and how we will make sure it is delivered is a top priority for the PRA,” reported the newspaper. The business plan also enables the reallocation of resources from “lower risk supervisory activity” to Brexit readiness.
While the Royal Bank of Scotland, Lloyds and Barclays — the three biggest banks in the U.S. — already face more cybersecurity requirements than any other industry, Bank of England plans to run another cyber-reliance test this year, saying more needs to be done.
“Nowhere in the world is there an overarching prudential standard for operational resilience,” Woods said, according to the report. He noted the open banking regulations, which are new for 2018, will create more challenges since banks will have to provide their customer data to third parties if their clients consent to data sharing. Woods stated the Bank of England will have three levels of cyber-risks tolerance, depending on if a data breach would hurt customers, the solvency of the financial services company and financial stability.