MPs blast ‘unacceptable’ rise in online banking failures

Select committee also brandishes third-party cloud providers as a "source of systemic risk"

IT failure

The financial services industry is not doing enough to mitigate a rising volume of IT failures, spurred on by a reluctance to upgrade legacy technology, a parliamentary inquiry has found.

Regulators, such as the Financial Conduct Authority (FCA), are also not doing enough to clamp down on management failures within UK banks, which often use cost or difficulty as "excuses" not to make vital upgrades to legacy systems.

With online banking rising in popularity, the severity of system failures and service outages has also seen an "unacceptable" rise, according to findings published by the House of Commons' Treasury Select Committee.

The report concluded the impact of these failures range from an inconvenience to customer harm, and even threats to a business' viability. The lack of consistent and accurate recording of data on such incidents is also concerning.

"The number of IT failures that have occurred in the financial services sector, including TSB, Visa and Barclays, and the harm caused to consumers is unacceptable," said the inquiry's lead member Steve Baker MP.

"The regulators must take action to improve the operational resilience of financial services sector firms. They should increase the financial sector levies if greater resources are required, ensure individuals and firms are held to account for their role in IT failures, and ensure that firms resolve customer complaints and award compensation quickly.

"For too long, financial institutions issue hollow words after their systems have failed, which is of no help to customers left cashless and cut-off. And for too long, we have waited for a comprehensive account of what happened during the TSB IT failure."

MPs launched this inquiry to examine the cause behind such incidents, reasons for their frequency, and what regulators can do to mitigate the damage.

As the report identified, TSB's IT meltdown during 2018 is the most prominent example of an online banking outage in recent years.

The major incident, which lasted several days, was caused by a major transfer of 1.3 billion customer records to a new IT system. A post-mortem analysis by IBM subsequently showed the bank did not carry out rigorous enough testing.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

TSB has not been the only institution to have suffered banking outages, with figures compiled by the consumer watchdog Which? showing customers with major banks suffered outages 302 incidents in the last nine months of 2018. Another example of a prominent incident saw NatWest, RBS and Ulster Bank hit by website outages in August this year.

Beyond the work banks must do to ensure their systems are resilient, the MPs found that regulators must do far more to hold industry giants to account when failures do occur. Poor management and short-sightedness, for example, are key reasons why regulators must intervene to ensure banks aren't exposing customers to risk due to legacy systems.

When companies embrace new technology, poor management of the transitions required is one of the major causes of IT failure, the report added, with time and cost pressures leading banks to "cut corners".

Banks themselves, moreover, must adopt an attitude to ensure robust procedures are in place when incidents do occur, treating them not as a possibility but a probability.

Meanwhile, the use of third-party providers has also come under scrutiny, with the select committee urging regulators to highlight the risks of using services such as cloud providers.

The report highlighted Bank of England statistics that show a quarter of major banks, and a third of payment activity, is hosted on the public cloud. This means banks and regulators must think about the implications for concentrating operations in the hands of just a few platforms.

Advertisement - Article continues below

The risks to services of a major operational incident at cloud providers like Amazon Web Services (AWS) or Google Cloud Platform (GCP) could be significant, with the market posing a "systemic risk". There should, therefore, be a case for regulating these cloud service providers to ensure high standards of operational resilience.

The report listed a number of suggestions for mitigating the risk of concentration, but conceded the market is already saturated and there was "probably nothing the Government or Regulators can do" to reduce this in the short-term.

Some measures, such as establishing channels of communication with suppliers during an incident, and building applications that can substitute a critical supplier with another, could go towards mitigating damage.

"This call for regulation and financial levies is a step in the right direction towards holding banks accountable for their actions," said Ivanti's VP for EMEA Andy Baldin.

Advertisement
Advertisement - Article continues below

"Some calls to action have already been taken to restrict how long banking services are allowed to be down for without consequence, such as last year's initiative to restrict maximum outage time to two days. However, the stakes are constantly increasing and soon even this will become unacceptable.

"Banks must adopt new processes and tools that leverage the very best of the systems utilised in industries such as military and infrastructure. These systems have the capability to reduce the two-day maximum to a matter of minutes in the next few years - working towards a new model of virtually zero-downtime."

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/strategy/28047/what-is-digital-transformation
Business strategy

What is digital transformation?

7 Aug 2019
Visit/network-internet/34596/bt-unveils-barrage-of-new-business-services
Network & Internet

BT unveils barrage of new business services

9 Oct 2019
Visit/network-internet/33885/zyxel-nebula-control-center-2019-review-takes-all-the-pain-out-of-networking
Network & Internet

Zyxel Nebula Control Center 2019 review

21 Jun 2019
Visit/business-strategy/32994/cultural-resistance-not-tech-is-holding-innovation-back-oracle-research
Business strategy

Oracle: Cultural resistance, not tech, is holding innovation

13 Feb 2019

Most Popular

Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/hardware/354193/buy-it-to-grow-not-slow-your-business
Sponsored

Buy IT to grow, not slow, your business

25 Nov 2019