News

British banks must explain their IT outage back up plans

The Bank of England and Financial Conduct Authority want systems to be up and running within two days if an outage occurs

6 Jul 2018

The Bank of England and the Financial Conduct Authority have given UK financial institutions three months to put together a report explaining how they anticipate responding to cyber attacks and minimising risk should there be an IT breakdown.

Banking businesses will have until 5 October to compile their action plans and present their findings to the two organisations. The move has been spurred on by a number of faults in recent months relating to consumer banks, including outages at TSB that left thousands of customers unable to use their online banking facility and with payments provider Visa.

"Operational disruption can impact financial stability, threaten the viability of individual firms and financial market infrastructures, or cause harm to consumers and other market participants in the financial system," FCA Chief Executive Andrew Bailey and BoE Deputy Governor Jon Cunliffe said, reported Reuters.

The problem lies with financial organisations attempting to switch from legacy architecture to more modern systems. This digital transformation can cause hiccups along the way, especially when moving from on-premise architecture to the cloud, for example.

The Bank of England and Financial Conduct Authority want banks and insurance firms to have back up strategies, just in case an outage occurs, stating any financial organisation's systems must be up and running within two days of its failure.

The regulators want to introduce penalties for businesses that fail to do this, including higher capital levels, the sanctioning of executives (that they believe should be responsible for ensuring business tech strategy is watertight) and demanding businesses invest more in their IT systems to resist future attacks.