FS ‘under pressure’ following UK treasury report on IT failures

UK Parliament

The Treasury Committee said IT failures have caused “unacceptable harm”

Financial services companies in the UK are being put under pressure to show they can improve operational resilience, following a Treasury Committee report condemning the level of IT failures in banks.

The report, IT failures in the Financial Services sector, noted that with bank branches and cash machines disappearing, customers are increasingly expected to rely on online banking services, but these services have been disrupted by IT failures to a level and frequency which it calls ‘unacceptable’.

In response to the report, Michael Ruck, financial services partner at law firm TLT, said: “The financial services sector is under pressure to illustrate that it has identified how to improve its operational resilience, including which senior individuals are responsible for this. Similarly, when things do go wrong, firms will need to resolve complaints and award any compensation quickly.”

Speaking to IBS Intelligence, he noted that operational resilience has already been flagged by the FCA as one of its key priorities for 2019/2020, and given the Treasury Committee’s report, this focus will only intensify.

Complexities
The increased frequency of banking IT failures isn’t surprising given the soaring complexity of their IT environments, Michael Allen, VP and CTO EMEA at Dynatrace said.

“In addition to the rise of cloud computing and the explosion of mobile devices, the introduction of PSD2 and open banking means UK banks are connected to more third-party systems and services than ever before.

“As a result, today’s online banking applications run in hugely complex and dynamic environments built on thousands of systems, millions of lines of code and billions of dependencies,” Allen said.

The Dynatrace VP explained that research has found in one average transaction, processed by either web or a mobile application, is reliant on 37 different technology systems or components to reach the end-user – a complexity level which is beyond the human scale to manage and which leads to IT failures.

“Ultimately, throwing more manpower at the problem is never going to solve the issue. Instead, the banks must turn to artificial intelligence to provide real-time analytics of the topology of their banking systems, and actionable answers that allow IT teams to identify problems quickly and prevent them from having an impact on customers.”

“Like every organisation in every industry, banks must do more to ensure their IT systems are stable and the software that powers their online services works perfectly every time.”

Lower tolerance
TLT’s Ruck argued that more regulation may not be the right answer, but the committee’s recommendation to ensure that regulators have sufficient resources, along with recent examples of low tolerance for service disruptions is a “clear indication” that firms should expect greater focus in this area from regulators over the coming months.

He said: “The Committee interestingly refers to not yet having seen a successful enforcement case under the Senior Manager’s Regime (SMR) against an individual following an IT failure, which is a clear message to the regulators that this is something to achieve.

“Should the regulators continue to find this difficult I expect we will see further review of the SMR to consider changes to make taking such action easier, possibly returning to the consideration of a reverse burden of proof placing the onus on senior managers to show they took appropriate steps.”

Firms should be reviewing their legacy technology, manage new technology appropriately, identify concentration risks for third party providers, and ensure they have robust procedures in place in the event of any incident, Ruck said.

“The eye-watering fines, public loss of confidence and at least one resignation of a chief executive over operational outages and cyber-attacks means this can no longer be seen as an ‘IT issue’.”

‘Unacceptable harm’
When releasing the report, Steve Baker MP, the Treasury Committee’s lead member for this inquiry, said IT failures, including those at TSB, Visa and Barclays have caused ‘unacceptable harm’.

He said the regulators should increase the financial sector levies if greater resources are required, ensure individuals and firms are held to account for their role in IT failures, and ensure that firms resolve customer complaints and award compensation quickly.

“For too long, financial institutions issue hollow words after their systems have failed, which is of no help to customers left cashless and cut-off. And for too long, we have waited for a comprehensive account of what happened during the TSB IT failure. Our inquiry into Service Disruption at TSB remains open, and I’ve no doubt that the Committee will want to examine Slaughter and May’s report and the progress of the regulators’ investigation.”

Related Posts