By Huw Jones
LONDON – British banks may need to remove outdated technology to meet more stringent recovery requirements for critical services by March 2025, a senior Bank of England official said on Wednesday.
Banks including HSBC, Lloyds, NatWest and Barclays have three years to show regulators that key services such as payments and online banking can recover from outages within an acceptable time to avoid damaging confidence in the financial system.
Duncan Mackinnon, an executive director at the Bank of England, told a City & Financial conference that the central bank would be “pushed hard” into what is an acceptable recovery time for basic services.
“If a company has a critical reliance on a particular IT system, and it is at a certain age and the number of people who understand it and the backup to those people and systems becomes more limited over time, so there’s a debate to be made. leave that legacy system, “Mackinnon said.
The Bank of England, which is leading the standrad setting for operational resilience, will refine how it assesses the costs and benefits of mandating system changes, MacKinnon said.
Banks are increasingly outsourcing services to third parties such as cloud providers, which are not regulated by the BoE. Industry officials said regulation of these third parties may be needed as part of the new drive.
“We can’t be stable on our own,” said Bharat Kapoor, head of operational risk and stability at the LCH unit of the London Stock Exchange.
Mackinnon said it is up to parliament to decide who is under its rules and in the meantime regulators will stick to the principle “you can outsource a service but not the responsibility”.
The new stability rules will have a far -reaching impact.
“A lot of companies here today will make some external statements on when you’re going to be carbon neutral, and most of your carbon will be done by third parties,” said Anna Mazzone, area vice president at ServiceNow.
(Reporting by Huw Jones; Editing by David Goodman)