The Bank of England has sought to minimise the impact of cyber attacks and IT glitches, urging banks and other British financial firms to set out by March 2022 how to jump back quickly. The BoE's Prudential Regulation Authority (PRA) in conjunction with the Financial Conduct Authority, set out ground-breaking rules on operational resilience after the 2019 TSB glitches and at other banks left millions of customers locked out of their online accounts and faced delayed payments.
The rules were an international opportunity, reveals financial services partner at KPMG, Andrew Husband in a report. He said, “At a time when Brexit is focusing minds on the future of financial services, this is an area of regulatory policy that provides an opportunity for UK financial services to gain competitive advantage on the global stage.”
The BoE has urged each regulated firm to draw up plans that set out where disruption could hit customers and broader financial stability, and how long it would take to resume normal service. “The speed at which vulnerabilities are remediated should be commensurate with the potential impact that a disruption would cause, and will be an area of supervisory focus.”
The BoE said firms were not expected to have fully fleshed out and tested plans by March 2022, but must show by March 2025 that they can recover within the “impact tolerances” that have been set.