No time for downtime in financial services

No enterprise has ever wanted unplanned downtime of their services; and that is especially true in the financial services industry.  Over the last two years, there have been multiple banking system failures in the UK market that have hit the headlines.  Some have been that major that they have actually seen customers actively switching to competitor banks, after enduring days of not being able to access their accounts.  

In July 2018, the Bank of England (BoE), Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) published a discussion paper to share their thinking on the need for operational resiliency within the sector, as well as invite feedback from the industry.  The context of their paper is that operational disruptions have the potential to harm consumers and other market participants, threaten the viability of firms, and ultimately cause instability in the UK financial system.   The intent is that they will look to form regulation and legislation to build up the financial services industry’s operational resilience.  

Operational resilience is defined by the BoE/PRA/FCA as “the ability of firms, financial market infrastructure and the system as a whole to prevent, respond to, recover and learn from operational disruptions”.  

However, ensuring operational resiliency isn’t easy for any financial services organisations; 

• often they will have a complex systems landscape – multiple integration points and interwoven dependencies, both within their own organisations and with multiple third party providers
• they are seeing an increase in cyber-attacks – both frequency and sophistication
• they are operating in a market where there are cost pressures
• keeping pace – both with technology and skills is a challenge

All of this when customers are expecting services to be: 

• always available, no matter what time or day of the week
• for transactions to happen instantly

And with new technological disruptions (AI, DLT, FinTechs) constantly emerging, and organisations trying to become digital and leverage the power of hybrid cloud. 

“Enhancing the operational resilience of the financial sector is a priority for us all: it won’t completely stop bad things happening, but it will make us better at weathering their impacts.” Nick Strange, Director Supervisory Risk Specialists, Bank of England

As the Boston Consulting Group outlined, a key element of understanding an banks operational resiliency is to understand the services that are provided – what systems, technology, data, facilities and people underpin and deliver them.  Once the services are understood, then it is important to understand the criticality of those services – which ones are mission critical and would cause the most disruption to both customers and the wider UK economy if they suffered an unplanned interruption?  It is then key to ensure that these mission critical services have the resiliency that is required; can the application cope with failure?  Is the underpinning infrastructure resiliently deployed?   How is change (both functional and maintenance) deployed and managed?

As banks continue their transformation into digital businesses, the reliance on data to make decisions, to serve customers and to run the business grows;  this is even more key in financial services, when you consider the vast amount of data they hold about all of us – whether as individuals or corporates.  This data needs to be always available 

It’s worth noting that the BoE/PRA/FCA are not just looking to form policy and trust the industry to implement and adhere to it.  For a number of years they have “stress tested” the larger UK banks to ensure that against certain scenarios they have sufficient capital to continue to lend to the real economy.  They are looking to build on that experience to pilot cyber stress testing; in particular in 2019 they are looked to test the impact tolerance for payments in a hypothetical scenario where a banks IT systems supporting their payments function become unavailable.  In the future, they are also looking to test a data integrity scenario – a scenario that is not only troubling the UK regulators, but many others too.    

To conclude, whilst technology isn’t the only factor that helps ensure operational resiliency, it is a fundamental enabler.  As the financial services industry continues to transform to become digital, opportunities exist to harness this change to ensure operational resiliency going forward – whether it is leveraging the hybrid cloud to remove point of failure, AI to pro-actively detect issues to prevent unplanned outages, or harnessing new platforms designed to cope with the challenges of delivering digital services both today and tomorrow.