British banks and other financial services firms were given three months on Thursday to explain how they can avoid damaging IT breakdowns and respond to the growing threat of cyber attacks. With technology-related disruption on the rise in the sector, the Bank of England and the Financial Conduct Authority told financial services firms to report back by Oct. 5 on their exposure to risks and how they would respond to outages.
The vulnerability of the banking system to technology failures has been highlighted recently by the inability of customers of bank TSB to access their online accounts and problems at payments firm Visa.
"Operational disruption can impact financial stability, threaten the viability of individual firms and financial market infrastructures, or cause harm to consumers and other market participants in the financial system," FCA Chief Executive Andrew Bailey and BoE Deputy Governor Jon Cunliffe said in a joint statement.
Financial firms such as banks and insurers will have to demonstrate to regulators that they have a plan for when crucial systems such as online banking or payment services are disrupted, either by systems failure or deliberate attack.
The regulators suggested two days as an acceptable limit for disruption to a business service in one scenario spelt out in a consultation paper published on Thursday.
Some customers of TSB bank were still unable to access online banking services over a month after its first outage in April, which followed a botched systems upgrade.
Regulators say the growing risk of disruption reflects in large part moves by financial firms to upgrade their computer systems to cope with the rise of tech-savvy competitors and growing consumer demand for instant services.