Barely a week goes by without news of a high-profile cyber attack, data breach or other IT operational failure. Over the last two years, incidents have occurred which have affected companies including British Airways, FIFA, Cathay Pacific, Facebook, Uber, T-mobile, Dixons Carphone, Yahoo, Deloitte, BUPA, Wonga and law firm Mossack Fonseca. Financial institutions have also been impacted, organisations including: TSB, NS&I, Tesco Personal Finance Plc, Visa, Barclays, Cashplus and Royal Bank of Scotland (RBS) have endured operational failures.

Operational disruption within financial institutions can impact financial stability and cause harm to consumers and other market participants. The operational risks facing financial institutions range from cyber attacks to other technology-related outages caused by system upgrades, human error or a failure in services outsourced to third parties.

In July 2018, the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) published a discussion paper entitled ‘Building the UK financial sector’s operational resilience’. Responses to the paper are currently being considered.

On 31 October 2018, the PRA published further commentary on ‘operational resilience’ setting out its approach to banking supervision. The PRA identified ‘operational resilience’ as one of four key areas for the PRA along with Brexit, the ringfencing of retail banks and the senior managers’ regime.

On 23 November 2018, the Treasury Select Committee announced that it was to launch a new inquiry into ‘operational resilience’ in the retail banking sector, calling for evidence on the common causes of operational incidents.

Jan-Mar 2019 issue

CMS Cameron Mckenna Nabarro Olswang LLP