U.K. regulators on Thursday (Dec. 5) called on banks and payment firms to set “impact tolerances” for important services after numerous IT failures last year, Reuters reported.
A glitch at TSB in April of 2018 left thousands of customers locked out of their accounts, with some reporting that they were able to access other people’s details. The problems prompted a parliamentary inquiry.
The Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) published a shared policy summary on new requirements to strengthen operational resilience in the financial services sector.
The regulators propose that banks, insurers, investment firms, exchanges and financial market infrastructure (FMI) firms like Visa set “impact tolerances” for important services. Firms will be required to provide a detailed backup plan in order to stay within these tolerances and avoid any interruptions to services.
“I will be asking your chairs and CEOs what strategic decisions and investment choices they are making to build operational resilience and to maintain the supply of important business services in the event of a major incident,” Megan Butler, executive director of supervision at the FCA, said in a speech to the financial sector.
The proposals also include requirements to map and test important business services to identify vulnerabilities in their operational resilience and drive change where it is needed. Firms are also expected to ensure that important business services remain within impact tolerances even when they rely on outsourcing or third-party providers, according to a joint press release issued by the Bank of England.
“Operational resilience is a vital part of firms’ safety and soundness and has become an important priority for the PRA,” Sam Woods, chief executive officer of the PRA and deputy governor for Prudential Regulation, said in the release. “Alongside this, our proposals on outsourcing and the cloud will steer firms to be resilient in their adoption of new technologies.”
The TSB IT crash was blamed on moving the banking technology to a new platform before it had been properly tested.