The world’s financial institutions should be well prepared for disruption, whether a digital outage, a mass default or a cyber-attack, says the Bank of England
The UK’s central bank, the Bank of England has published a discussion paper encouraging banks and other organs of the financial markets infrastructure, to assume that operational disruptions will occur.
The discussion paper hopes to encourage dialogue and form best practice within the industry following a number of notable failures recently that led individuals and businesses without service, payment facilities or access to cash. Notably these included the collapse of Visa’s card payment system, which resulted in an estimated 5.2 million failed payments and the digital ‘meltdown’ saga at British bank TSB, which left 1.9 million customers frozen out of their own accounts.
Threadneedle Street’s paper is not a response to such events but its release is timely as the complexity and reliance of the world’s digital financial system increases along with both the number of actors in the space and the appetite and capability of nefarious agents.
The creation of a financial climate sensitive to the risks of cybersecurity has been seen as crucial by the Bank since 2013. This discussion paper hopes to initiate a culture of readied response present at board level. The term ‘impact tolerance’ is used to describe the gauging of how safe or vulnerable a firm is to the compromising of its operation via myriad scenarios from malpractice via inefficient screening of loans to the advent of a large scale hack.
The recommendations in the paper suggest close work with the UK’s new cyber capability operations: “No such history exists for cyber event [testing]. So the FPC [Financial Policy Committee] will rely on the independent judgement of experts, such as the National Cyber Security Centre, to assist calibration of the stress scenarios, drawing on up-to-date intelligence.” The FPC’s own Systematic Risk Survey identified an increase of 11% in financial bodies identifying cyber as a key risk, up to 62% from 51% last year.
The paper also states: “The Bank recognises that it has its own part to play in building the operational resilience of the UK financial sector as operator of the CHAPS [Clearing House Automated Payment System] and RTGS [real time gross settlement] services. RTGS processes an average of over £600 billion worth of transactions every working day, of which approximately half is CHAPS settlement. Firms and FMIs rely on the Bank’s provision of these services to move sterling around the financial market and the real economy.”
As new sources of threat to global financial security continue to emerge, be that geopolitical, criminal or natural, the Bank of England hopes its discussion paper can be world leading in establishing consensus when it comes to mitigation through well tested processes: “A resilient financial system is one that can absorb shocks rather than contribute to them.”
“The global and interconnected nature of financial activity makes international engagement critically important. There is not currently an international framework supporting the regulation of financial services’ operational resilience, so we will share our insights with the global regulatory community.”