View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Policy
October 29, 2019

Give Financial Services “Sharper Teeth” Over IT Outages: Treasury Committee

"Government should urgently consider how best to regulate cloud service providers. Regulating them as critical infrastructure, while complex, may be necessary"

By CBR Staff Writer

The frequency and severity of financial services IT failures is “unacceptable” MPs warned today, calling for regulators to be given expanded powers to ensure improvements are being made by businesses across the sector.

“Firms are not doing enough to mitigate the operational risks that they face from their own legacy technology” the Treasury Committee agreed in a new report, highlighting bungled change management as a leading cause of recent outages.

Businesses may be cutting corners to reduce change management cost, they warned: “Poor change management is one of the primary causes of IT failures… It is important that firms have strong and well- rehearsed change management procedures. We are concerned that time and cost pressures may cause firms to cut corners when implementing change programmes, for example by compressing testing schedules.”

Guy Warren, CEO, ITRS Group, told Computer Business Review in an emailed comment: “Operational resilience has deteriorated over the last few years as the number of digital channels and volumes of transactions have increased, with very little pause for thought.

“Retail banks have failed to keep pace with the investment in technology and process to ensure acceptable levels of performance and availability. First you had the technology used by the bank’s teller, then ATMs and call centres came in, more recently banking websites, and now mobile banking. Instead of a clean shift between each phase of technology, it’s been layered one on top of the other, so that new technology and channels are running in tandem with legacy technology. The resulting impact for consumers ranges from inconvenience to increased vulnerability to outages and fraud.”

The Treasury Committee has called for the Senior Managers Regime (which requires firms to have a ‘statement of responsibilities’ saying what senior managers are responsible and accountable for) to be expanded to include financial market fnfrastructure firms, i.e payment system providers.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“To ensure accountability for failures, regulators must have teeth and be seen to have teeth”, they noted in the report, published today.

Financial Services IT Failures: “Regulate the Cloud”

With many financial services companies moving applications to the cloud, the Treasury Committee raised growing concerns about “concentration risk” during the inquiry.

“This market is already highly concentrated and there is probably nothing the Government or Regulators can do to reduce this concentration in the short or medium term,” the report notes, bu “the consequences of a major operational incident at a large cloud service provider could be significant, and not just limited to the financial services sector. The case for the regulation of these providers to ensure high standards of operational resilience is therefore considerable.

“The Government should urgently consider how best to regulate cloud service providers. Regulating them as critical infrastructure, while complex, may be necessary.”

The committee is not the only entity to have raised that prospect recently.

The Bank of England said in June that it plans to publish a new supervisory statement describing the Prudential Regulation Authority (PRA)’s modernised policy framework on outsourcing arrangements, “including a focus on cloud technology, and setting out conditions that can help give firms assurance on its use,” amid concerns over concentration risk and lack of substitutability.

Read this: Best Practices for NIS Directive Compliance

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.