The UK Treasury Committee has published a new report investigating the “unacceptable” IT failures in the country’s financial services sector.
Described as “unanimously-agreed,” the report presents a set of recommendations to overcome the current frequency of consumer harm. This follows high-profile disruptions which affected millions across the UK.
Steve Baker MP and the Treasury Committee’s lead member for this inquiry, stated: “The number of IT failures that have occurred in the financial services sector, including TSB, Visa and Barclays, and the harm caused to consumers is unacceptable.
“The Committee, therefore, launched this inquiry to look ‘under the bonnet’ at what’s causing the proliferation of such incidents, and what the regulators can do to prevent and mitigate their impacts.”
As society continues to become more digital-centric, the committee believes many financial services’ operational resilience is not meeting the standards necessary.
It pins responsibility on the three major UK-based regulators (Financial Conduct Authority, Prudential Regulation Authority, Bank of England) to intervene and provide further support to ensure each firm has a set level of expertise and experience.
This includes a possible increase in the financial levies on banks to ensure that the regulators are sufficiently funded and resourced.
Regulators are recommended to maintain a “very low tolerance” for service disruption by providing guidance on what level of impact should be tolerated, rather than allowing firms to set their own targets “to avoid lax operational resilience.”
Furthermore, the committee made clear that UK regulators “must use the tools at their disposal to hold individuals and firms to account” when faced with future IT failures.
The report read: “To ensure accountability for failures, regulators must have teeth and be seen to have teeth.
“However, we have yet to see a successful enforcement case under the Senior Managers Regime against an individual following an IT failure, which may be evidence of an ineffective enforcement regime.
“If future incidents occur without sanction, Parliament should consider whether the regulators’ enforcement powers are fit for purpose.”
The report requests an outcome to the TSB IT failure “as soon as possible,” following a system error by the firm which left up to 1.9m people without access to online banking services.
Baker described financial institutions responses to IT failures as “hollow words” and made clear the need for resolution surrounding TSB.
The committee stated firms cannot use the cost or difficulty of upgrading legacy infrastructures as viable excuses to not make vital upgrades.
Use of third-party providers, such as cloud services, was also raised in the report and MPs believe regulators should highlight potential risks.
“The cloud service provider market stood out as such a source of systemic risk. The consequences of a major operational incident at a large cloud service provider, such as Microsoft, Google or Amazon, could be significant,” the report noted.
“There is, therefore, a considerable case for the regulation of these cloud service providers to ensure high standards of operational resilience.
The final recommendation referred to communication between the financial firm and its customers.
It described the time taken for advice on problems surrounding IT failures as “shocking and unacceptable” and believes if the issue resides with themselves, firms “must” resolve complaints and award any compensation quickly.
Baker summarised: “The regulators must take action to improve the operational resilience of financial services sector firms.
“They should increase the financial sector levies if greater resources are required, ensure individuals and firms are held to account for their role in IT failures, and ensure that firms resolve customer complaints and award compensation quickly.”
“The Committee has made a series of recommendations to the Government and regulators on how the impact of IT failures can be prevented and mitigated to ensure that consumers are protected.”