The Financial Conduct Authority (FCA) in UK is to assess the resilience of ageing IT systems used by British banks and building societies, after recent outages left customers unable to access funds.
High street banks continue to experience service disruption due to legacy IT, with Royal Bank of Scotland customers unable to pay with debit cards or withdraw cash in December, a year after a high profile outage which cost the lender £175 million to resolve.
The FCA will now join with the Prudential Regulation Authority and the Bank of England to assess how banks manage their exposure to IT risks, how engaged boards are with improving IT resilience, and whether they have the necessary expertise to challenge executives.
The review will follow up on a letter sent to the heads of major banks in 2012 by the FCA's predecessor, the FSA, requesting internal assessments of critical IT infrastructure. The regulators aim to find out what progress has been made since this time, and whether rules around system resiliency need to be tightened to prevent more outages.
The regulators will report back on findings in early 2015, the FCA said in a statement.
"To access and manage our money we depend on the banks' IT systems to be reliable. But IT outages continue, interrupting key banking services,"said Clive Adamson, FCA director of supervision.
"We want to make sure that the banks have resilient IT systems in place that are able to cope with consumer demand, so customers aren't left financially stranded or disadvantaged."
The FCA has already launched a separate investigation into RBS' infrastructure, after a failed upgrade to a CA7 batch processing systems in 2012 led to millions of customers being unable to access funds in their bank accounts. The investigation, launched in April 2013, could lead to an enforcement action against the bank.
Its latest review follows announcements by number of banks that they will invest in improving legacy environments, with RBS CEO Ross McEwan pledging to spend on upgrading IT after "decades" of underinvestment. Barclays has also recently outlined plans to address IT complexity, reducing the number of servers it owns by 6,000 since H1 2013, as well as decommissioning and retiring legacy applications.
According to Peter Roe, financial services analyst at TechMarketView, the point of the FCA review is unclear.
"The banks are well aware of the problems, and are doing all they can to alleviate the issues of legacy systems and insufficient capacity which are leading to the outages, so I am not sure the FCA is going to bring anything new to the table," said Peter Roe, financial services analyst at TechMarketView.
Sign up for Computerworld eNewsletters.