Bank’s resilience plans 'strong signal of intent'

A joint discussion paper from the Bank of England, Prudential Regulatory Authority and the Financial Conduct Authority on operational resilience is a strong signal that firms need to take action, throwing into sharp relief recent IT problems at TSB.

October 2018

The discussion paper, Building the UK financial sector’s operational resilience, sets out an approach to improving the operational resilience of firms and financial market infrastructures. It envisages that boards and senior management can achieve better standards of operational resilience through increased focus on setting, monitoring and testing specific impact tolerances for key business services, which define the amount of disruption that could be tolerated.

The challenges for operational resilience have become even more demanding given a hostile cyber environment and large-scale technological changes. As recent disruptive events at TSB illustrate, operational resilience is a vital part of protecting the UK’s financial system, institutions and consumers.

According to the paper, an operational disruption such as one caused by a cyber attack, failed outsourcing or technological change could impact financial stability by:

• posing a risk to the supply of vital services on which the real economy depends
• threatening the viability of individual firms and financial market intermediaries (FMI)
• causing harm to consumers and other market participants in the financial system

The paper reinforces the need for firms and FMIs to develop and improve response capabilities so that any wider impact of disruptive events is contained. The speed and effectiveness of communication with the people and institutions most affected, in particular customers, should be at the forefront of every firm’s response.

Andrew Husband, KPMG’s head of operational resilience said the paper was “a deliberately encouraging discussion but, make no mistake, it is a strong signal of intent from the regulators that firms need to take action… Boards need to be fully accountable for all aspects of operational resilience and they will be held to account.”

David Strachan, partner and head of Deloitte’s EMEA Centre for Regulatory Strategy, agreed that boards needed to take greater responsibility for operational resilience, but warned that firms would need to prioritise investment towards mitigating the overall impact of a disruption on their key business services. “The more customers, the more primary current accounts, and the closer the disruption to end-of-day, the more important to regulators,” he said.

Liked this? Read these:

• One step at a time on interest rates, says Bank
• In good times and bad, Bank of England is here
• Bank of England: clouds on the horizon