British financial companies have been given a three-month deadline by UK regulators, to show their operational resilience in the likelihood of a cyber-attack or IT breakdown.
After the failed IT upgrade at TSB and the recent blackout of the Visa network, the Bank of England and the Financial Conduct Authority demand that banks should report on their exposure to risk and contingency planning for disruptive blackouts.
In a joint statement, Andrew Bailey FCA chief and Jon Cunliffe BoE deputy governor, say: “Operational disruption can impact financial stability, threaten the viability of individual firms and financial market infrastructures, or cause harm to consumers and other market participants in the financial system.”
As banks continue to familiarise their IT processes to keep up with fierce fintech competitors, operational risks of a serious IT failure are becoming increasingly evident.
According to the regulators, banks should have backup plans in place, to fully recover within two working days. The is in complete contrast to the ongoing crisis at TSB, which continues to watch the bank and its customers more than a month after a new IT platform went off course.
Firms that fail to determine proper planning could suffer penalties, that could result in a requirement for sanctioning of executive leadership, a demand for more IT investment and a requirement for higher capital levels.
Following the publication of the bank of England’s Financial Stability Report, the discussion paper sets out plans to test the resilience of the bank to protect and recover from a cyber-attack on their payments systems.