Following recent IT failures at UK banks, the Treasury Committee has published letters to the PRA and FCA. These letters state that IT risks should be accorded the same status as credit, financial and conduct risk, on the grounds that they are an equally serious threat to consumers and overall financial stability. He calls for:
- Greater IT experience in the banks at board levels.
- Greater resources to be devoted to modernising, managing and securing banks’ IT infrastructures. The Treasury suggests systems should be simplified to a degree that makes them easier to manage.
- Legal, regulatory, structural and cultural changes to the way that banks manage their cyber-security risks. In particular, the Treasury calls for formation of a group, presumably composed of representatives of the PRA, FCA, other government bodies and external auditors, with the primary task of ensuring banks develop more resilient IT systems. This group should make regular reports to the Chancellor and to Parliament. The Treasury suggests that the PRA may be best suited to lead this group.