UK regulators have released a shared policy summary on new requirements to strengthen operational resilience in the financial services sector.
The Bank of England, Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) have publicised the new policy proposals. If they are implemented, they will make it clear firms and financial market infrastructures (FMIs) take ownership for their operational resilience and they will need to prioritize plans and investments based on their impacts on public interest.
If disruption occurs, firms will need to communicate clearly, such as providing customers with advice about alternative ways of accessing the service.
Under the new rules, firms and FMIs would be expected to identify their important business services which could cause harm to customers or market integrity if they are disrupted.
It also requires them to establish tolerances for each important business service, identify and document the people, process, technology, facilities and information that support important services, and take actions to remain within impact tolerances by running various scenarios.
FCA chief executive Andrew Bailey said, “It is in the public interest that a resilient financial system is able to supply the most important services with minimal interruption even during severe operational events. The proposed new requirements are aimed at achieving this outcome.
“Disruptive events can have a high impact on consumers and businesses so firms and FMIs need to know where the risks to their service delivery lie and to make sure that they are prepared for any service disruption by testing their planned response.”
To compliment these proposals, the PRA has released a consultation paper on ‘Outsourcing and third-party risk management.’
Services going down impacts a lot of businesses and consumers. One of the common incidents involve mobile banking services. Last week, NatWest and RBS suffered an incident which left their digital banking processes down for the day, making Black Friday shoppers very disappointed.
The UK’s Treasury Committee recently made a call to regulators that rules and penalties around IT problems, like system outages, should be stricter.
Copyright © 2018 RegTech Analyst