The Financial Conduct Authority (FCA) sees “no end in sight” to the rapid rise in the number of IT failures and cyber attacks on the financial services sector, the regulator’s head of supervision has warned.

In a speech given at Bloomberg’s London headquarters, Megan Butler, executive director of supervision over investment, wholesale and specialists at the regulator warned that she sees “no immediate end in sight” to the disruption caused by inadequate cyber defences.

In the year to October, firms reported a 138 per cent increase in technology outages to the FCA, alongside an 18 per cent increase in cyber incidents. “And all the trends that we’re seeing at the moment suggest an increasing threat to UK customers, and financial markets, from technology outages and cyber attacks,” she commented.

However,Butler was at pains to point out that the sudden spike in IT failures and hack attempts could be down to firms reporting incidents more robustly, stressing that the FCA does not take a “zero-failure” approach to the industry, preferring instead to test the ability of firms to recover and learn from operational disruptions.

“The true test of the resilience of UK finance is not the absence of incidents, it’s how well incidents are managed,” she said, noting that a third of firms the FCA surveyed did not carry out regular cyber assessments while nearly half of firms do not upgrade or retire old IT systems in time.

Butler outlined the FCA’s assessment of the progress made in managing the risks associated with new technology and cybercrime, based on a survey of nearly 300 firms for their technological maturity.

Her speech also touched upon the decline in the use of cash and warned that the FCA had been “deeply concerned” by the growing number of IT outages at banks related to system migration and platforming upgrades - most notably at digital bank TSB - which have caused disruption for customers.

“If your bank stops working, your life and business can be severely constrained,“ she said, noting that the FCA was worried that many firms seem “overly confident” about their ability to manage flagship IT change programmes and keep their systems up to date.

Turning her attentions to the rapid changes being wrought by new technologies, Butler predicted that as early as next year firms would have to start grappling with “synthetic humans” created by the increased adoption of artificial intelligence (AI) and machine learning.

“As we’re closing in on 2019, this seems a good point to mention that next year - according to the original Blade Runner film - the Earth will be dealing with synthetic humans,” she said.

“That prediction hasn’t aged particularly well (jokes about regulators aside) but it speaks to an important point. New technologies create threats that are extremely difficult to anticipate, and from a regulatory perspective, this is a fundamental challenge.”

She stressed that the FCA takes an optimistic view of innovation, and starts from the position that it has made a “fundamentally positive impact” on the finance industry, rather than viewing it as a disruptive development.

“It’s easy to be blasé about ‘everyday’ technologies like mobile banking, investment apps, fund transfer, wearable tech and contactless payment,” Butler told the audience. “But to a customer 20 years ago, they’d seem genuinely remarkable,” she added.

In a challenge to assumptions that regulators aim to stifle or control the fast growth of new technologies, Butler stressed that the FCA took the opposite approach and preferred applying their own technological solutions to address regulatory challenges.

“A traditional view of regulation is that it is a barrier to this kind of progress, this is emphatically not the case with the FCA. We use on our own technology to help model risk and detect issues like market abuse.”

She also said the regulator’s RegTech team was acting as an observer on a number of anti-money laundering projects run by firms including Santander and Deloitte and highlighted the value of new technologies to non-retail markets, such as the emergence of trading algorithms, blockchain technology, market infrastructure and neural networks.

Share Story: