News
UK Finance wants to avoid ‘rushed’ solutions to oversight of banks’ IT failures
UK Finance chief executive Stephen Jones has warned that banks’ ability to protect customers could be impacted by “rushed mandatory change programmes” implemented to combat disruptive IT failures.
Responding to the Commons Select Committee report on UK banking IT failures, Jones said the industry was already working with regulators to make sure it was prepared for major disruptions.
However, the Select Committee report suggested that levies on banks ought to rise so that regulators can hire the staff they need to tackle outages.
Steve Baker MP, lead member of the Treasury Committee for the inquiry, said: “The number of IT failures that have occurred in the financial services sector, including TSB, Visa and Barclays, and the harm caused to consumers is unacceptable.
“For too long, financial institutions issue hollow words after their systems have failed, which is of no help to customers left cashless and cut-off.
“And for too long we have waited for a comprehensive account of what happened during the TSB IT failure,” he added.
Market Moves: Understanding UK Housing Trends
Introducing the first in our video series “Market Moves: Understanding UK Housing Trends” The
Sponsored by Halifax Intermediaries
Rush to judgement
However Jones (pictured) warned against rushing into actions that could result in detrimental outcomes for customers.
He said: “The industry conducts sector-wide exercises with regulators to ensure it is prepared to respond effectively to any major disruptions or events.
“UK Finance continues to engage with government over how coordination between regulatory authorities could be improved, seeking to avoid overlapped or rushed mandatory change programmes that impact firms’ ability to protect their customers,” Jones added.
Legacy systems
The report concluded that the current level of IT failures in financial services is unacceptable and called for regulators to act to improve operational resilience.
“While the role of regulators in supervising operational resiliences is still developing, they must ensure that their approach is agile to adapt to changing risks,” the report said.
“If improvements in firms’ management of legacy systems are not forthcoming, the regulators must intervene to ensure that firms are not exposing customers to risks due to legacy IT systems,” it added.
Cloud outages
The report further pointed to risks associated with large cloud service providers and to the poor quality of banks’ communication with customers.
“The cloud service provider market stood out as a source of systemic risk. The consequences of a major operational incident at a large provider such as Microsoft, Google or Amazon could be significant. Therefore there is a considerable case for regulation of such providers.
“When incidents do occur, poor customer communications can exacerbate the situation,” it said.
The Commons Select Committee inquiry began on 23 November 2018 to focus on “common causes of incidents, how customers lose out and whether regulators have the skills to hold people to account”. It picked out Equifax, TSB, Visa, Barclays, Cashplus and RBS as particular offenders.