IT failures in the Financial Services Sector Contents

Contents

Summary

Introduction

1 IT incidents

The shift to digital services

The increasing focus on operational resilience

The prevalence of IT incidents

The number of IT incidents

The impact of IT incidents

Incident Reporting

2 The role of the Regulators

Regulatory approach

Impact tolerances

The Regulators’ incident management

Creating and enforcing accountability

Individual accountability

Firm-level enforcement

Regulatory burden and coordination

Regulatory resourcing and expertise

3 Common causes of IT incidents

Legacy systems

Level of change and change management

Outsourcing and third-party failure

Cyber risk

4 Emerging risks to operational resilience

Concentration risk

Financial Market Infrastructure (FMI)

Cloud service providers

Potential solutions to concentration risk

New technologies

Regulation of new technology firms

The wider financial services sector

5 Operational resilience and incident management

Firms’ management of operational resilience

Investment

Industry skills and experience

Industry collaboration

Collaboration and information sharing

Sector exercises

Firm’s Incident management

Best practice in incident management

Customer communications

Customer complaints and compensation

Conclusions and recommendations

Formal minutes

Witnesses

Published written evidence

List of reports from the Committee during the current Parliament




Published: 28 October 2019