Bank of England deadline for banks to report on operational and security incidents looms

British banks have been asked by the Bank of England and Financial Conduct Authority (FCA) to complete reports on their exposure to, and plans to manage, IT outages and cyberattacks by the 5th October.

This follows rules enforced in July requiring business and personal account providers to report major operational and security incidents and share their plans to mitigate against these risks. The increased regulation comes in the wake of high-profile cyberattacks and major technology glitches experienced by banks.

Nick Hammond, Lead Advisor for Financial Services at World Wide Technology, comments: “We are seeing an unprecedented amount of change from financial institutions who need to improve the operational efficiency, resilience and compliance of systems whilst also reducing the vast cost of running them.

“The nature of the complex systems means that one wrong change can have a very severe effect, and because you are doing so many changes the likelihood of getting it wrong increases.”

Hammond continues: “A lot of the underlying systems are vastly complex and whilst modernising them is not impossible, it is extremely difficult. The underlying systems may be decades old with multiple parts added to them over time.

“Because of the way they have been put together over time, it can be very difficult for financial institutions to understand which parts of their systems are linked into and dependent on each other – and therefore what the domino effect will be if something goes wrong.

“Banks are focused on protecting their critical applications, such as their online banking or interbank payments services. To do so, they must first rationalise the way these applications interact and share data within the system, removing unnecessary dependencies which can make the effects of an outage or cyber breach far worse. This requires deep infrastructural expertise.

“The stakes are incredibly high for financial services firms if assets or sensitive information are exposed, and most firms are focussing a lot of resource on how they will tackle these risks. Once a greater level of infrastructure visibility and rationalisation has been achieved, solutions which enable greater financial stability and better protection for consumers can be established.”