/regulation & compliance

News and resources on regulation, compliance, legal and governance issues for banks and fintechs.
Bank of England sounds warning to banks over operational resilience

Bank of England sounds warning to banks over operational resilience

The Bank of England is expecting to have "challenging conversations" with banks about their operational resilience, a senior official has warned.

The UK's banks have been given a three-year deadline to build up their resilience to major disruptions to their business operations, with a keen focus on technology as both an enabler and a risk factor. The deadline was imposed following a spate of IT outages across the sector over the past two years.

Duncan Mackinnon, executive director for supervisory risk at the central bank says: "Many firms have further work to do to set impact tolerances to safety and soundness and financial stability. And it is important that boards and senior management engage closely on operational resilience to ensure this work gets done."

As an example, he cites widely varying response to an initial assessment exercise set by the central bank as part of its probe into bank stability.

"Where firms have set tolerances, there has often been a wide range of tolerances across different firms providing the same service," he says. "For example, Chaps payments impact tolerances for safety and soundness varied across some firms from two days to two weeks. We expect to have challenging conversations over the coming months on these variances. Firms will have to justify how they came to the conclusions they have, and demonstrate that the tolerance they have set will protect safety and soundness and financial stability."

Other important issues that firms need to address include building additional data centres for backup and recovery, reviewing and adapting outsourcing arrangements, and re-architecting or replacing legacy systems which have remained critical to the delivery of services despite their obsolescence

"We acknowledge these things are not easy. They will take time," says Mackinnon. "Firms should use the time they have now to address vulnerabilities and build capabilities. The longer firms take to map to the required level of sophistication and to run robust scenario tests, the shorter the period they will have to address their vulnerabilities and build resilience."

Comments: (1)

A Finextra member
A Finextra member 01 June, 2022, 10:43Be the first to give this comment the thumbs up 0 likes

These resiliens issues are only a small part of the tip of the iceberg. How is BofE managing the risk that a vast majority of all retail and corporate banking are dependent on internet based distribution of their services to the end users? How does BofE vet the resilience risk for the financial industry dependence on mobile phones and other communication devices and associated applications 100% designed and manufactured in far away countries with in some cases hostile intentions towards the UK and indeed the "Western World"?