(Adds comment rules are an international opportunity)
By Huw Jones
LONDON, March 29 (Reuters) - Banks and other financial firms
in Britain must set out by March 2022 how quickly critical parts
of their business could recover from IT glitches, cyber attacks
or other disruptions, and how to minimise the impact, the Bank
of England said on Monday.
The BoE's Prudential Regulation Authority (PRA), in
conjunction with the Financial Conduct Authority, set out
ground-breaking rules on operational resilience after glitches
at TSB in 2019 and at other banks left millions of customers
locked out of their online accounts and facing delayed payments.
Andrew Husband, a financial services partner at consultants
KPMG, said the rules were an international opportunity.
"At a time when Brexit is focusing minds on the future of
financial services, this is an area of regulatory policy that
provides an opportunity for UK financial services to gain
competitive advantage on the global stage," Husband said.
Each regulated firm must draw up plans that set out where
disruption could hit customers and broader financial stability,
and how long it would take to resume normal service.
Each will decide how long a specific part of its business
would take to recover and the time allowed should reflect its
importance to customers and overall stability.
"The speed at which vulnerabilities are remediated should be
commensurate with the potential impact that a disruption would
cause, and will be an area of supervisory focus," the BoE said.
The BoE said firms were not expected to have fully fleshed
out and tested plans by March 2022, but must show by March 2025
that they can recover within the "impact tolerances" that have
been set.
"The PRA expects firms to update their mapping annually at a
minimum, or following significant change if sooner," the BoE
said.
A senior manager in each firm will be directly responsible
for operational resilience plans, with boards required to
approve the tolerances that have been set.
(Reporting by Huw Jones; editing by Barbara Lewis)