Parliamentary Committees and Public Enquiries
Regulators must act to reduce unacceptable number of IT failures in financial services sector, warns Treasury Committee
The current level and frequency of disruption and consumer harm is unacceptable
- Current level of financial services IT failures is unacceptable
- Regulators must act to improve operational resilience of financial services sector
- Financial sector levies should increase so regulators can hire experienced staff
- Regulators must use enforcement powers to ensure failures do not go unpunished
- Strong case for concentrated cloud services sector to be regulated
- Firms must resolve customer complaints and award compensation quickly
- Read the report summary
- Read the conclusions and recommendations
- Read the full report: IT Failures in the Financial Services Sector
The Treasury Committee has today published a unanimously-agreed report on IT Failures in the Financial Services Sector. The report was agreed when Catherine McKinnell MP was Interim Chair. Rt Hon. Mel Stride MP has since been elected as the Chair of the Treasury Committee. Steve Baker MP has been the Committee’s lead member for this inquiry and has therefore provided a quote below.
With bank branches and cash machines disappearing, customers are increasingly expected to rely on online banking services. These services, however, have been significantly disrupted due to IT failures, harming customers left without access to their financial services. While completely uninterrupted access to banking services is not achievable, prolonged IT failures should not be tolerated. The current level and frequency of disruption and consumer harm is unacceptable.
The Treasury Committee’s report has made a series of recommendations to overcome this and improve operational resilience, including ensuring accountability of individuals and firms, increasing financial sector levies to ensure that the regulators (which are the Financial Conduct Authority, Prudential Regulation Authority, and Bank of England) are sufficiently staffed, and ensuring that firms resolve complaints and award compensation quickly.
Key conclusions and recommendations
- As an increasing number of people rely on accessing their banking online, the resilience and availability of digital channels is brought into sharper focus. The ability of firms to prevent, adapt and respond to, and recover and learn from, operational incidents such as IT failures is known as operational resilience. The number of IT failures is increasing, with the impact ranging from inconvenience or harm to customers though to threats to a firm’s viability. However, the lack of consistent and accurate recording of data on such incidents is concerning.
- The regulators must intervene to improve the operational resilience of the financial services (FS) sector, as has been required recently with financial resilience. To do so, they must also ensure that they have the appropriate skills and experience. If this proves challenging, the regulators should increase the financial sector levies to ensure that they can hire the staff with the expertise and experience required. While the role of regulators in supervising operational resilience is still developing, they must ensure that their approach is agile to adapt to changing risks. They must maintain a very low tolerance for service disruption by providing guidance on what level of impact should be tolerated. The regulators cannot allow firms to set their own tolerance for disruption too high, to avoid lax operational resilience.
- The regulators must use the tools at their disposal to hold individuals and firms to account for their role in IT failures and poor operational resilience. The Senior Managers Regime should be expanded to include Financial Market Infrastructure firms, such as payment systems. To ensure accountability for failures, regulators must have teeth and be seen to have teeth. However, we have yet to see a successful enforcement case under the Senior Managers Regime against an individual following an IT failure, which may be evidence of an ineffective enforcement regime. If future incidents occur without sanction, Parliament should consider whether the regulators’ enforcement powers are fit for purpose. The regulators must provide us with the outcome of their investigation into the TSB IT failure as soon as possible.
- Firms are not doing enough to mitigate the operational risks that they face from their own legacy technology, which can often lead to IT incidents. Regulators must ensure that firms cannot use the cost or difficulty of upgrades as excuses to not make vital upgrades to legacy systems. Given the potential for short-sightedness by management teams, if improvements in firms’ management of legacy systems are not forthcoming, the regulators must intervene to ensure that firms are not exposing customers to risks due to legacy IT systems. When firms do embrace new technology, poor management of such change is one of the primary causes of IT failures. As time and cost pressures may cause firms to cut corners when implementing change programmes, the regulators must adopt a proactive approach to ensure that customers are protected.
- There are many cases where FS firms use the same third-party providers, such as cloud services. The regulators should highlight potential concentration risks and consider whether mitigating action is required. Where common providers are systemic, the Financial Policy Committee should consider recommending regulation to HM Treasury. The cloud service provider market stood out as such a source of systemic risk. The consequences of a major operational incident at a large cloud service provider, such as Microsoft, Google or Amazon, could be significant. There is, therefore, a considerable case for the regulation of these cloud service providers to ensure high standards of operational resilience.
- As the impact on customers when IT failures occur can be harmful, firms are right to adopt a ‘when not if’ approach, ensuring that they have robust procedures in place in the event of an incident. When incidents do occur, poor customer communications can exacerbate the situation. Clear, timely and accurate communications must ensure that customers are aware of the incident and that they receive advise on remediation timelines and alternative access. When customers complain, the time taken for some customers to hear an answer is shocking and unacceptable. Firms must resolve complaints and award any compensation quickly.
Commenting on the Report, Steve Baker MP, the Treasury Committee’s lead member for this inquiry, said:
“The number of IT failures that have occurred in the financial services sector, including TSB, Visa and Barclays, and the harm caused to consumers is unacceptable.
“The Committee, therefore, launched this inquiry to look ‘under the bonnet’ at what’s causing the proliferation of such incidents, and what the regulators can do to prevent and mitigate their impacts.
“The regulators must take action to improve the operational resilience of financial services sector firms. They should increase the financial sector levies if greater resources are required, ensure individuals and firms are held to account for their role in IT failures, and ensure that firms resolve customer complaints and award compensation quickly.
“For too long, financial institutions issue hollow words after their systems have failed, which is of no help to customers left cashless and cut-off.
“And for too long, we have waited for a comprehensive account of what happened during the TSB IT failure. Our inquiry into Service Disruption at TSB remains open, and I’ve no doubt that the Committee will want to examine Slaughter and May’s report and the progress of the regulators’ investigation.”
“The Committee has made a series of recommendations to the Government and regulators on how the impact of IT failures can be prevented and mitigated to ensure that consumers are protected.”
Latest News from
Parliamentary Committees and Public Enquiries
Public service broadcasters are essential and need to be supported, says Lords Committee06/11/2019 13:20:00
The Communications and Digital Committee warns that public service broadcasters (PSBs) need to be better supported to ensure that they can continue to produce high-quality drama and documentaries which reflect and examine UK culture. In return, the broadcasters need to adapt to ensure that they serve and reflect all audiences.
Implications of Withdrawal Agreement Bill examined06/11/2019 12:20:00
The Constitution Committee publishes an interim report on the constitutional issues in the Government’s Withdrawal Agreement Bill. The bill is of the highest constitutional significance, given its intended effect of implementing a Brexit deal.
NHS property services set up to fail06/11/2019 11:25:00
NHS Property Services Limited has made progress in tackling some of the issues that it inherited when it was set up. However, it has struggled to get its tenants to sign rental agreements for the properties they occupy, and it is unacceptable that 70% of its tenants still do not have rental agreements in place.
Churn and political interference hampering major project delivery, says PACAC report05/11/2019 16:47:00
Political pressures and staff turnover can significantly impact the Government’s ability to successfully deliver major infrastructure projects, finds an interim report published
Court reforms slow to check impact of changes05/11/2019 14:25:00
HM Courts & Tribunals Service (HMCTS) has again fallen behind on critical reforms. HMCTS is now 3 years into its ambitious £1.2 billion programme to modernise the courts, which plan to change the way people access justice by digitising paper-based services, moving some types of cases online, introducing virtual hearings, closing courts and centralising customer services.
Committee calls for measures to help avoid next corporate collapse05/11/2019 11:25:00
The Business, Energy and Industrial Strategy (BEIS) Committee yesterday wrote to Andrea Leadsom (PDF 77 KB), the Secretary of State for the Department for Business, Energy and Industrial Strategy, with a series of recommendations on corporate governance, executive pay and bonuses, and audit reform following its recent public evidence sessions examining the collapse of Thomas Cook.
UK electoral law poses "serious and unnecessary risks"04/11/2019 14:25:00
Current UK electoral law poses serious and unnecessary risks for everybody involved, concludes Electoral Law: the urgent need for reform, a report published recently (01 November 2019) by the Public Administration and Constitutional Affairs Committee (PACAC).
More UK Government support critical to success of City and Growth Deals in Wales, say MPs01/11/2019 16:25:00
Deals are beneficial but the Government must provide adequate funding
Human rights of many people with a learning disability and/or autism are being breached in mental health hospitals01/11/2019 15:25:00
Committee calls for overhaul of inspections and changes to Mental Health Act to protect those detained from “horrific reality”. Number 10 unit with Cabinet level leadership required to urgently drive forward reform.