Regulators must punish traditional and challenger banks harsher to avoid IT failures, MP committee says

British lawmakers have had enough of banks’ IT problems and urge regulators to become stricter in the future, punishing those that fail to live up to expectations.

The Treasury Committee made the argument as it unveiled a report about on the IT failures of the financial services sector.

It noted that as more and more people are opting to go cashless, the onus is on traditional and challenger banks to ensure their customers are not cut off from their services.

However, the MPs in the committee believes these operators have failed too many times to live up to expectations, citing major incidents at TSB Bank and Visa over the past 18 months as two examples.

It noted that the Financial Conduct Authority (FCA) had reported that the number of reported incidents had increased by 187% in 2018. Of those incidents, 65% were from the retail banking sector, making it five times more common than outages caused in the wholesale financial markets.

On the back of this, the Treasury Committee is now urging the Bank of England, the FCA and the Prudential Regulation Authority to become stricter towards financial service providers, aiming to ensure their compliance as a result.

The committee recommended that the regulators use the tools at their disposal to hold banks and challenger banks alike responsible for their IT failures.

It also suggested that the Senior Managers and Certification Regime (SM&CR) should be expanded to also cover financial market infrastructure firms. SM&CR is a programme designed by the FCA to boost the trust in financial services by shifting the blame from companies as a whole and laying it at the feet of the senior managers responsible for the actions of the firm. SM&CR was extended in July to also cover solo-regulated firms.

The MPs stated that lawmakers might also want to look into strengthening the scheme to make more sanctions available for the regulators in the future if the SM&CR is deemed to be unfit for purpose. They noted that no individual has so far been held accountable for an IT failure.

Another key takeaway from the report was that the regulators should also not allow financial services firms to get away with failing to mitigate the risks caused by their own legacy systems, especially if they use the excuse that doing so would be too costly or too difficult.

Regulators are also advised to look into the risks of too many companies using the same third-party providers for their back-end systems as it could lead to potential concentration risk.

Commenting on the Report, Steve Bake, the Treasury Committee’s lead member for the inquiry, said, “The number of IT failures that have occurred in the financial services sector, including TSB, Visa and Barclays, and the harm caused to consumers is unacceptable.

“The Committee, therefore, launched this inquiry to look ‘under the bonnet’ at what’s causing the proliferation of such incidents and what the regulators can do to prevent and mitigate their impacts.

“The regulators must take action to improve the operational resilience of financial services sector firms. They should increase the financial sector levies if greater resources are required, ensure individuals and firms are held to account for their role in IT failures and ensure that firms resolve customer complaints and award compensation quickly.

“For too long, financial institutions issue hollow words after their systems have failed, which is of no help to customers left cashless and cut-off.

“And for too long, we have waited for a comprehensive account of what happened during the TSB IT failure. Our inquiry into Service Disruption at TSB remains open and I’ve no doubt that the Committee will want to examine Slaughter and May’s report and the progress of the regulators’ investigation.”

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.