QA Financial Forum Chicago | 9 April 2024 | BOOK TICKETS
Search
Close this search box.

Bank of England Conducts Resilience Test of UK Financial Sector

25-07-2019-bank-of-england-photo-1600x1067-1569332168

The Bank of England, in partnership with HM Treasury and the FCA, among other institutions, has conducted a one-day exercise to test the financial sector’s resilience to a major cyber incident impacting the UK. The exercise is part of an ongoing biennial process to ensure the sector is prepared for any major disruption caused by a cyber-attack, the Bank of England said. It follows the publication in July of a discussion paper by the Bank of England and the FCA, which proposes a definition for operational resilience: “The ability of firms, FMIs and the system as a whole to prevent, adapt and respond to, recover and learn from, operational disruption.” The discussion paper largely focuses on the management by financial firms of operational risk and the building of operational resilience into business services. This process, the Bank of England proposes, could be achieved by reviewing systems, including software, on the basis of the business services they support. “A focus on business services could help drive specific and measurable activities, including investment, that increase operational resilience”, the discussion paper suggests. “Firms and FMIs could set target metrics for the continuity of important business services. Firms’ and FMIs’ ability to meet their target metrics could then be tested, enabling them to take action as necessary.” The paper also proposes criteria for an operationally resilient firm, which include: having a comprehensive understanding and mapping of the underlying systems and processes, including those systems and processes that have been outsourced; , knowledge of how the failure of an individual system or process would impact the provision of the business service and an understanding of how to replace an individual system or process in order to resume business as usual. However, the discussion paper, which closed for comments from firms in October, does not specifically mention software testing processes or the benchmarking of code quality. Some vendor firms are understood to have commented that these should be fundamental to the longer-term approach to operational resilience.