Bank of England to push for enhanced operational resilience to cyber incidents at banks

Maria Nikolova

The Bank wants financial services firms to be able to demonstrate that they have concrete measures in place to deliver resilient services.

The Bank of England is setting the ground for new requirements concerning firms’ resilience to cyber incidents. This becomes clear from a speech given by Lyndon Nelson, Deputy CEO of the Bank of England’s Prudential Regulation Authority (PRA).

He concedes that there has been an increase in the number of operational incidents – be they caused by internal failures or from external attack. In terms of operational outages the financial sector in the UK has had RBS in 2012 which suffered a major outage in its Irish operations and more recently, of course, TSB. In between, there have been many short-term outages.

Given the circumstances, Lyndon Nelson underlined how important it is that regulators set out their expectations of firms in respect of their operational resilience. The Financial Policy Committee, for example, has been considering its tolerance for disruption to the key economic functions that the finance sector performs, he said. As part of this work, it is likely that the FPC will set a minimum level of service provision it expects for the delivery of key economic functions in the event of a severe but plausible operational disruption. The outlining of supervisory expectations may then be used as an input to guide firms’ actions in managing their own operational resilience.

Lyndon Nelson said he expects that these tolerances will use a combination of time, volume, market share and measures of interconnectedness.

“We have also been developing a suite of supervisory tools that can be used to assess firms’ resilience against our expectations and also inform the supervisory priorities we agree with firms”. Lyndon Nelson says.

He said the Bank was also trialling some other diagnostic tools.

Mr Nelson said the work will start with a Discussion Paper – joint with the Financial Conduct Authority. Although he would not elaborate on the details of the paper, he gave his perspective on these expectations.

“I would like our firms to be on a WAR footing: withstand; absorb; recover”, says Lyndon Nelson.

Firms will be expected to set their own tolerances for key business services. These tolerances will have to be in the form of clear metrics indicating when a disruption would represent a threat to a firm, to consumers or to financial stability. The Bank expects firms to test their tolerances and demonstrate to their supervisors that they have concrete measures in place to deliver resilient services.

In addition, firms will need to clearly define and regularly test their approaches to incident management. These should also include good communication plans both internally and externally.

And firms need to be able to recover from an operational incident. This requires viable, tested contingency plans for the resumption of critical functions.

Lyndon Nelson also made some remarks on the response to cyber incidents. The UK authorities have a response protocol called the Authorities Response Framework (ARF). It consists of the Treasury, FCA and the Bank. In cases of cyber events the National Cyber Security Centre is also a member. Any member can trigger the ARF and it has three response levels: monitor, engage and manage. A few years ago the ARF was rarely triggered, Nelson said, but more recently this has been increasing. This is partially due to the lowered barrier for triggering the mechanism but also because of the greater frequency of events.

Read this next

Metaverse Gaming NFT

DCentral Miami brings together all of Web3, NFT, DeFi, Metaverse

The world’s biggest Web3 meeting entitled DCENTRAL Miami is set to take place November 28-29, featuring a lineup of some of the biggest and most influential names in the blockchain space.

Digital Assets

Crypto ban expands across UK banks as Starling joins ‎crackdown

UK digital bank Starling has banned ‎all customer payments related to cryptocurrencies, another blow for the crypto traders ‎who recently saw a sizable number of banks deciding not to ‎finance the wobbly asset class.‎


Markets Direct at FIA EXPO 2022: Traders know what they want from brokers

The FIA Expo 2022, one of the most prestigious events within the global derivatives trading industry, took place in Chicago on 14 & 15 November.


FIA Expo 2022: TNS addresses public cloud limitations with hybrid infrastructure

November is the month of the FIA Expo, one of the largest futures and options conferences in the world, bringing together regulators, exchanges, software vendors, and brokers in one place: the Sheraton Grand Chicago Riverwalk. 

Retail FX

Italy’s regulator blacks out Finance CapitalFX, MFCapitalFX

Italy’s Commissione Nazionale per le Società e la Borsa (CONSOB) has shut down new websites in an ongoing clampdown against firms it accuses of illegally promoting investment products in the country.

Retail FX

Suspected leader of Honk Kong ramp-and-dump scam appears in court

A leader of a sophisticated ramp-and-dump scheme made his first court appearance in a Hong Kong court today, charged with market manipulation and various criminal offences. The case stems from an earlier joint operation of Hong Kong’s financial watchdog, the Securities and Futures Commission (SFC), and the local police. 

Institutional FX

Cboe’s James Arrante discusses growing demand for fixed income, FX algo

We caught up with James Arrante, senior director of FX & US treasuries product and business management at Cboe Global Markets, to uncover emerging trends in the FX and fixed income markets and learn more about the bourse operator’s recent initiatives.

Retail FX

Eurotrader acquires UK broker Petra Asset Management

Eurotrader Group has formally entered into the UK market with the acquisition of FCA-regulated broker, previously named Petra Asset Management Ltd. The new entity operates under the brand name Eurotrade Capital Ltd.

Inside View, Retail FX

The Game of Chess Continues – OPEC, China and the Oil Market

Over the past decade, the US has been complaining about the amount of power which the BRIC group, and specifically China, has on the global economy. BRIC stands for Brazil, Russia, India and China; these were the world’s fastest growing economies. Only in the past 10 months, the US has turned their attention toward OPEC due to the prices of fuel. Nevertheless, China seems to have a strong influence even over the price of crude oil.