Financial firms must be ready for the prospect of crippling disruptions such as cyberattacks, power outages and other breakdowns, policymakers in the U.K. are demanding.
The U.K.’s key regulators — the Financial Conduct Authority (FCA), the Prudential Regulation Authority and the Bank of England — published a trio of co-ordinated consultation papers on new requirements that aim to strengthen operational resilience in the financial sector.
Under the proposals, financial firms and industry infrastructure would be required to ensure their resilience in the face of major operational disruptions, including events that are out of firms’ control.
The regulators’ concerns ranged from self-inflicted systems failures and cyberattacks to major external events, such as power failures or telecom breakdowns.
“Operational disruptions and the unavailability of important business services that firms provide have the potential to cause wide-reaching harm to consumers and market integrity, threaten the viability of firms and cause instability in the financial system,” the regulators said.
The proposals include obligations to identify critical systems, set disruption limits and establish processes to address “severe but plausible” scenarios.
“It is in the public interest that a resilient financial system is able to supply the most important services with minimal interruption even during severe operational events. The proposed new requirements are aimed at achieving this outcome,” said Andrew Bailey, CEO of the FCA.
“Disruptive events can have a high impact on consumers and businesses, so firms and [financial market infrastructures] need to know where the risks to their service delivery lie and to make sure that they are prepared for any service disruption by testing their planned response,” he said.
The deadline for feedback on the consultation papers is April 3, 2020.