UK politicians have rounded on the nation’s banks over an “unacceptable” level of IT crashes and outages, calling on regulators to take action to improve operational resilience across the sector and to consider the implementation of new rules on cloud service providers.
The publication of the report by the powerful Treasury Select Committee follows a a series of high-profile disruptions to financial services firms, including TSB, Visa and Barclays.
With bank branches and cash machines disappearing, customers are increasingly expected to rely on online banking services, the Committee notes.
“These services, however, have been significantly disrupted due to IT failures, harming customers left without access to their financial services,” states the report. “While completely uninterrupted access to banking services is not achievable, prolonged IT failures should not be tolerated. The current level and frequency of disruption and consumer harm is unacceptable.”
The Committee has made a number of recommendation, including an increase in levies paid by banks to cover regulatory costs in order to ensure that the country’s top three regulatory bodies are sufficiently staffed.
The report describes the lack of consistent and accurate recording of data on such incidents as concerning and insists that regulators cannot allow firms to set their own tolerance for disruption too high, nor alow bank management to use excuses about the costs and difficulty of upgrading legacy systems as a reason for not undertaking remedial work.
“We have yet to see a successful enforcement case under the Senior Managers Regime against an individual following an IT failure, which may be evidence of an ineffective enforcement regime,” the report notes. “If future incidents occur without sanction, Parliament should consider whether the regulators’ enforcement powers are fit for purpose.”
The Committee has further called into question bank reliance on third party cloud providers, warning of potential concentration risks.
“The consequences of a major operational incident at a large cloud service provider, such as Microsoft, Google or Amazon, could be significant,” states the report. “There is, therefore, a considerable case for the regulation of these cloud service providers to ensure high standards of operational resilience.”
Steve Baker MP, the Treasury Committee’s lead member for the inquiry, says: “For too long, financial institutions issue hollow words after their systems have failed, which is of no help to customers left cashless and cut-off.
“And for too long, we have waited for a comprehensive account of what happened during the TSB IT failure. Our inquiry into Service Disruption at TSB remains open, and I’ve no doubt that the Committee will want to examine Slaughter and May’s report and the progress of the regulators’ investigation.”
TSB suffered a high-profile IT failure last year which left customers unable to access their accounts for many weeks, following the introduction of a new system.