Bank of England to push for enhanced operational resilience to cyber incidents at banks

Maria Nikolova

The Bank wants financial services firms to be able to demonstrate that they have concrete measures in place to deliver resilient services.

The Bank of England is setting the ground for new requirements concerning firms’ resilience to cyber incidents. This becomes clear from a speech given by Lyndon Nelson, Deputy CEO of the Bank of England’s Prudential Regulation Authority (PRA).

He concedes that there has been an increase in the number of operational incidents – be they caused by internal failures or from external attack. In terms of operational outages the financial sector in the UK has had RBS in 2012 which suffered a major outage in its Irish operations and more recently, of course, TSB. In between, there have been many short-term outages.

Given the circumstances, Lyndon Nelson underlined how important it is that regulators set out their expectations of firms in respect of their operational resilience. The Financial Policy Committee, for example, has been considering its tolerance for disruption to the key economic functions that the finance sector performs, he said. As part of this work, it is likely that the FPC will set a minimum level of service provision it expects for the delivery of key economic functions in the event of a severe but plausible operational disruption. The outlining of supervisory expectations may then be used as an input to guide firms’ actions in managing their own operational resilience.

Lyndon Nelson said he expects that these tolerances will use a combination of time, volume, market share and measures of interconnectedness.

“We have also been developing a suite of supervisory tools that can be used to assess firms’ resilience against our expectations and also inform the supervisory priorities we agree with firms”. Lyndon Nelson says.

He said the Bank was also trialling some other diagnostic tools.

Mr Nelson said the work will start with a Discussion Paper – joint with the Financial Conduct Authority. Although he would not elaborate on the details of the paper, he gave his perspective on these expectations.

“I would like our firms to be on a WAR footing: withstand; absorb; recover”, says Lyndon Nelson.

Firms will be expected to set their own tolerances for key business services. These tolerances will have to be in the form of clear metrics indicating when a disruption would represent a threat to a firm, to consumers or to financial stability. The Bank expects firms to test their tolerances and demonstrate to their supervisors that they have concrete measures in place to deliver resilient services.

In addition, firms will need to clearly define and regularly test their approaches to incident management. These should also include good communication plans both internally and externally.

And firms need to be able to recover from an operational incident. This requires viable, tested contingency plans for the resumption of critical functions.

Lyndon Nelson also made some remarks on the response to cyber incidents. The UK authorities have a response protocol called the Authorities Response Framework (ARF). It consists of the Treasury, FCA and the Bank. In cases of cyber events the National Cyber Security Centre is also a member. Any member can trigger the ARF and it has three response levels: monitor, engage and manage. A few years ago the ARF was rarely triggered, Nelson said, but more recently this has been increasing. This is partially due to the lowered barrier for triggering the mechanism but also because of the greater frequency of events.

Read this next

Digital Assets

Himalaya Exchange customers seek release of frozen funds from DOJ

FormerFeds, a corporate defense and litigation service provider, has filed a lawsuit against the U.S. Department of Justice (DOJ) on behalf of over three and a half thousand Himalaya Exchange customers.

Digital Assets

Nubank, Circle, and Talos join forces for crypto adoption in Brazil

Nubank, the Brazilian neobank backed by Warren Buffett’s Berkshire Hathaway and Softbank Group Corp, announced new partnerships with cryptocurrency firms Circle and Talos.

Metaverse Gaming NFT

Flare onboards Ankr, Figment, Restake, and NorthStake as validators

Flare, an EVM smart contract platform known for its focus on blockchain data utility, has announced a major step in its development. The platform has onboarded leading infrastructure providers, including Ankr, Figment, Restake, and NorthStake.

Digital Assets

Sui Joins DeFi Leaders, Topping $100M in Bridged USDC

Sui, the groundbreaking Layer 1 blockchain created by the technology experts who led Meta’s Diem blockchain initiative and created the Move smart contract language, continues its explosive ascent in decentralized finance (DeFi). This week, it surpassed $100 million in bridged USDC. 

Digital Assets

Poloniex hit by UK regulator, listed as ‘unauthorised’ exchange

The UK’s Financial Conduct Authority (FCA) has added the cryptocurrency exchange Poloniex to its warning list of non-authorized companies. Poloniex, which is based in Seychelles, has experienced four hacks in the last two months and is affiliated with entrepreneur Justin Sun.

Industry News

Exclusive Markets is Proudly ISO/IEC 27001:2013 Certified by MSECB for Unparalleled Commitment to Information Security

Exclusive Markets, a leading name in the FINTECH sector, proudly announces the attainment of ISO/IEC 27001:2013 Certification by the MSECB. This esteemed certification highlights Exclusive Markets’ persistent commitment to fortifying information security within its cutting-edge trading technology. 

Digital Assets

SEC is discussing ‘technical details’ of Bitcoin EFTs ahead of approval

Discussions between the U.S. Securities and Exchange Commission (SEC) and asset managers seeking to list Bitcoin exchange-traded funds (ETFs) have reportedly advanced to key technical details.

Digital Assets

Versatus Labs Reaches $50 Million Valuation Following $2.3 Million Seed Funding Round

Versatus Labs, a peer-to-peer web services protocol aiming to help Web2 developers transition to Web3, has completed a $2.3 million funding round at a $50 million valuation led by key investors in the Web3 space including NGC Ventures and Republic Crypto. The latest funding round aims to help the company develop the ‘world’s first stateless roll-up’, Versatus LASR. This follows Versatus Labs’ recent pivot from Layer 1 solutions to Ethereum scaling solutions. 

Digital Assets

Binance ex-chief’s sentencing looms as court accepts his guilty plea

A U.S. district judge has accepted a guilty plea from former Binance CEO Changpeng Zhao (CZ) on charges related to anti-money laundering violations. The plea was accepted by Judge Richard Jones in the U.S. District Court for the Western District of Washington in Seattle.