FCA Focuses on Tech Resilience 17 May

FCA Focuses on Tech Resilience

By The Enforcd Team

Digital transformation is a phrase which has been thrown about pretty freely and while it has plenty of benefits for the financial sector, institutions can be forgiven for feeling a little nervous. They’ve seen plenty of people get it disastrously wrong over the past couple of years and now the regulators say they will be paying closer attention.

Risk and reward

The financial sector often looks as if it’s uncertain quite what to make of digital transformation. On the one hand, they can see all sorts of exciting opportunities from delivering faster services to customers to gaining much more oversight of their data, but on the other there are all sorts of risks.

Their data may be stolen by cyber criminals. Implementations may be botched, and they may find themselves running into all sorts of regulatory related risks. Technology can be a threat as well as a bonus.

There’s no shortage of examples to call upon. TSB is still under investigation after problems with the transition of its systems from its former owners to its new resulted in millions of people being shut out of their accounts.

When Aegon purchased CoFunds for £140 million, it had all sorts of problems merging it with its in-house platform resulting in long delays. Aviva’s platform, meanwhile, was unavailable for six long days in January after it moved to tech company FNZ.

On top of that the cyber criminals are circling like sharks. Digital transformation makes data more mobile, but also more vulnerable. The financial sector is the number one target for cyber criminals for the very reason that this is where the money is and the digitisation of finance opens up all sorts of promising opportunities.

In its Approach to Supervision, published this month, the FCA said it would be heightening its focus on technological resilience.

“Technology is fundamental to how we do business in a modern world. Our rules require firms to have appropriate systems and controls to manage and mitigate the risks of harm. These systems and controls help to ensure firms are resilient in the advent of a cyber-attack or a technology failure,” it stated.

The FCA said it will expect financial institutions to take greater care to protect customers from from harm. Companies would have to put in place effective processes to identify, monitor and report the risks to which they may be exposed in the event of cyber attacks. They will also need to ensure they were highly crisis resilient in that adequate measures were in place if anything should go wrong.

Tech implementation

The regulator’s move means that companies should double down on their efforts to manage digital transformation. This is a phenomenon which is here whether companies like it or not. Those who decide not to embrace technology will find themselves struggling to compete against those who have.

As such, they will need to manage their tech transition more effectively. That means taking ownership of the process, doing due-diligence on any third parties, building security and implementing crisis management measures if things go wrong.

For an example of what not to do, have a look at an ongoing case in which Hertz is suing Accenture for work which they failed to carry out on a new website. Firstly Hertz had no in-house expertise to manage the transition which left them running blind. Secondly, they appear to have chosen Accenture after a highly impressive demonstration. This suggests they failed to do much due diligence and were, instead, blown away by an exciting sales demonstration which they did not fully understand.

The financial world can learn from this. Having some level of in-house expertise will be extremely important and existing teams must take ownership of the product rather than handing it over to a third party. This retains control and oversight rather than placing all your eggs into one basket by giving the third party all the power.

Technology, then, can create all sorts of problems, but these are problems which will have to be overcome. The FCA’s statements show that the onus will be on financial services to ensure they are well equipped to survive digital transformations and that they have everything in place in case things do go wrong. That can help them avoid running down the same path as TSB.