Why customers will be the real winners when it comes to operational resilience plans
By Ewen Fleming, Financial Services Partner, Johnston Carmichael
The Covid-19 pandemic has highlighted how many of us could become financially vulnerable at short notice, with more people than usual facing significant difficulties over the last 18 months.
At the height of lockdown 5.1 million workers across the UK were on furlough, while others were on reduced hours or lost their jobs.
Rising energy costs have compounded matters, increasing household bills and contributing to price rises for every day goods.
More than ever, it is vital that people can access money in their bank accounts when they need to. Inability to access cash or credit could cause serious distress and discomfort for those who are already struggling; it could mean no heating or food, and in worst case scenarios jeopardise the roof over their heads.
That is why new regulations relating to operational resilience coming into force on 31 March 2022 will be a welcome step forward for many.
The Financial Conduct Authority (FCA) wants the Financial Services industry to be resilient, cope with issues and recover the services quickly to ensure no customer detriment, particularly those who are most vulnerable. The regulator has transitioned from a ‘risk-based’ approach to a ‘harm-based’ approach, focusing on those areas which customers are most reliant on.
Companies have been instructed to identify their important business services, carry out mapping and scenario testing, and identify any vulnerabilities. Earlier this month, Lloyds Bank, Halifax, and Bank of Scotland all experienced online outages – locking thousands of customers out of digital accounts and apps. The three banks combined are responsible for the finances of a collective 18 million customers across the UK, which shows the scale of the potential issue.
Research from BAE systems earlier this year further revealed that three-quarters of banks and insurers had experienced a rise in cyber attacks since the pandemic began, while 26 per cent said budgets within IT security had been slashed. If huge tech companies like Facebook, WhatsApp and Instagram can go down for hours, then it shows just how vulnerable all businesses are to online disruption.
The new rules are essentially to stop the end-consumer suffering serious adverse effects from any system outages. Consider the case of being denied access to your salary because the bank’s website or app is down; the consequences could be damaging in any circumstance, but severe for those embarking on significant transactions such as purchasing a new house - no access to sufficient funds could delay the sale or leave the buyer with a cost to pay.
Operational resilience is now a significant high priority area for the FCA and firms face less than six months to get their preparatory work in place by the end of March 2022. The regulators have taken a phased approach in implementing the operational resilience requirements, which acknowledges the substantial work many firms will need to undertake and verify by the final deadline of 31 March 2025.
Acknowledging this transition, the FCA has noted that the first deadline of 31/3/22 only needs to be met to “a level of sophistication necessary to accurately identify their important business services, set impact tolerances and identify any vulnerabilities in firm’s existing operational resilience”.
One thing is for sure: it is an imperative both for the FCA and for our most vulnerable in society that firms take these vital steps to ensure companies are compliant with regulation and fulfil their responsibilities for their customers. These steps will restore trust in financial services and make firms allies in tough times, providing umbrellas for rainy days and not just when the sun shines.
The author is a retail banking and wealth management professional. Ewen started his career at Royal Bank of Scotland (RBS) where he undertook a number of senior roles covering Retail, SME and Wealth before moving on to Santander UK and ultimately becoming a well-established business consultant to the sector. He is a Fellow of the Chartered Banker Institute and lead partner within Johnston Carmichael’s Financial Services Consulting business line.