UK regulators have put together a set of requirements designed to strengthen the operational resilience of financial services players.
The Bank of England, Prudential Regulation Authority and Financial Conduct Authority have published a shared policy summary and co-ordinated consultation papers designed to help prevent the kind of prolonged technology problems seen recently at TSB and others.
The policy proposals makes it clear that companies and Financial Market Infrastructures (FMIs) "are expected to take ownership of their operational resilience and that they will need to prioritise plans and investment choices based on their impacts on the public interest".
Specifically, firms and FMIs would need to:
- identify their important business services that if disrupted could cause harm to consumers or market integrity, threaten the viability of firms or cause instability in the financial system
- set impact tolerances for each important business service, which would quantify the maximum tolerable level of disruption they would tolerate
- identify and document the people, processes, technology, facilities and information that support their important business services
- take actions to be able to remain within their impact tolerances through a range of severe but plausible disruption scenarios
Andrew Bailey, chief executive, FCA, says: "It is in the public interest that a resilient financial system is able to supply the most important services with minimal interruption even during severe operational events. The proposed new requirements are aimed at achieving this outcome.
"Disruptive events can have a high impact on consumers and businesses so firms and FMIs need to know where the risks to their service delivery lie and to make sure that they are prepared for any service disruption by testing their planned response."
In a speech to industry players, Bailey's colleague, Megan Butler, offered a blunt warning: "This is not a box ticking exercise.
"This is not about what you are willing to, or think you can, ‘get away with’, because you think the worst is unlikely to happen. We need to know that you have planned for the worst and are able to continue to deliver your important business services when the worst does happen."