Speaking to the Treasury Select Committee today in the IT failures in the financial services sector session, Prudential Regulation Authority (PRA) spokesman Lyndon Nelson said technology itself was not the issue but ‘driving change’ might be.
Nelson, the PRA’s deputy CEO and executive director, regulatory operations and supervisory risks specialist, said: “If you’re a large retail bank in the UK dealing with legacy systems you are probably for competitive reasons thinking they’ve just added that feature in that app and we have to do the same.
“The question IT officers are thinking is how many times in a week can we change an app without it [the system] falling over?”
The pressure is on businesses managing these changes if their strategy depends on their banking app reflecting the latest features and they will need to work with a change organisation that can cope with that, he added.
“But the tech itself isn’t causing the issue,” said Nelson, responding to the question from Labour MP for Wirral South, Alison McGovern.
Later, a Nottinghamshire Labour MP, John Mann asked the panel if the regulator currently felt the state had the resources to cope with a state-sponsored cyber attack and if it would be forced to rely on third-parties to deal with the complexities of the issue.
Alison Barker, director of specialist supervision, Financial Conduct Authority said the regulator has established it can cope with at least 10 simultaneous incidents, adding that larger UK firms were much better prepared than they were two years ago.
Mann said if the regulator felt under-resourced it must ask for help now as MPs are ready to offer it and would not want to find out there was more that could have been done after the fact.
The PRA spokesman said the nature of the threats meant it could never offer complete assurance.