MPs to scrutinise cause of bank 'IT failures'

Out-Law News | 23 Nov 2018 | 4:22 pm | 1 min. read

A new UK inquiry will look into the common causes of bank IT problems and their impact on consumers.

The inquiry, to be led by a prominent committee of MPs, will look at a wide range of issues, including the reliance on legacy IT systems, the impact of outsourcing, and IT risks which stem from mergers and acquisitions. Its opening follows a number of incidences of IT outages within the banking sector in recent months.

Nicky Morgan, chair of the Treasury Committee, said: "The number of IT failures at banks and other financial institutions in recent years is astonishing. Millions of customers have been affected by the uncertainty and disruption caused by failures of banking IT systems. Measly apologies and hollow words from financial services institutions will not suffice when consumers aren’t able to access their own money and face delays in paying bills."

"As bank branches close and customers are ushered towards online services, the availability of those services is vital. The Committee has launched this inquiry to consider the causes and consequences of these failures, and will examine what industry and regulators are doing to promote operational resilience," she said.

The Committee said banks and other stakeholders will be able to provide written submissions to its inquiry up to Friday 18 January 2019.

Evidence is invited on the frequency of operational incidents and how their prevalence might change in future "as consumers and firms come to rely more heavily on technology".

The Committee also said it is keen to identify "the common causes of operational incidents in the financial services sector", whether there are any 'single points of failure' or other sources of concentration risk in the sector, and on "the incidence of multiple old legacy systems and the nature of their connectivity, and the impact of retrofitting web based/mobile systems to legacy systems".

According to its statement, the inquiry will also look at what lessons can be learned from recent outages and whether regulators are equipped to "ensure firms are adequately guarding against service disruptions" and "to hold appropriate parties to account".

The Committee said it would consider how outages are approached in other jurisdictions and what should constitute "an appropriate level of tolerance for operational disruptions".

Banks in the UK are obliged to publically disclose how often they have had to report major operational and security incidents. In the summer, the Bank of England revealed that new minimum requirements on the level of service that banks must provide could be mandated.