The Bank of England and the Financial Conduct Authority have informed financial service firms that they have till the 5 of October to report on how they plan to respond to risks such as cybersecurity attacks.
In a report produced jointly by the Financial Conduct Authority (FCA) and the Bank of England (BoE), they highlight that: “A resilient financial system is one that can absorb shocks rather than contribute to them,” and that “Dealing with cyber risk is one important element of operational resilience.”
“The financial sector needs an approach to operational risk management that includes preventative measures and the capabilities – in terms of people, processes and organisational culture – to adapt and recover when things go wrong.”
The report highlights the impact the fast pace of change technology is having and cites the “hostile cyber environment” as a key concern: “Additional challenges occur where firms operate internationally or outsource a significant level of activities to third parties.”
The (BoE) Financial Policy Committee (FPC) conducts stress tests on finical institutes using previous macroeconomic data to calibrate a systems resilience to shock. However the report points out that no data history exists for cyber events.
“So the FPC will rely on the independent judgement of experts, such as the National Cyber Security Centre, to assist calibration of the stress scenarios, drawing on up-to-date intelligence,” the report notes.
Legacy Concerns
Dan Sloshberg, Director Product Marketing at Mimecast informed us that: “WannaCry was a wakeup call and highlighted the disruptive power and scale cyber-attacks can have on our critical national infrastructure.”
“Organisations can also learn from the new NIS Directive. This legislation clearly signals the move away from pure protection-based cybersecurity thinking. Robust business continuity strategies have never been more important to ensure organisations can continue to operate during an attack and get back up on their feet quickly afterwards.”
Mark Cresswell, CEO of LzLabs told Computer Businees Review in an emailed statement that: “Yesterday’s discussion paper from the Bank of England and the FCA exemplifies how technology embodies both the problem and the solution when it comes to the operational resilience of Britain’s banks.”
“Section 4.20 echoes the calls of many that the financial sector relies too heavily on a limited number of technology providers. This is most prevalent when it comes to the legacy mainframe computers which still occupy the heart of many institutions’ IT systems.”
“In today’s worsening climate of operational problems for the sector, the reliance on ageing proprietary technology is perhaps the biggest threat to operational resilience. The limited pool of skilled individuals able to keep these systems running has dried up, with no one to take their place.”
“True technological innovation in the sector creates opportunities for increased efficiency and the enablement of better risk management. This can only truly be achieved when financial institutions are able to fully embrace modern, open technologies, and remove the shackles of legacy IT systems,” he added.