No enterprise has ever wanted unplanned downtime of their services; and that is especially true in the financial services industry. Over the last two years, there have been multiple banking system failures in the UK market that have hit the headlines. Some have been that major that they have actually seen customers actively switching to competitor banks, after enduring days of not being able to access their accounts.
In July 2018, the Bank of England (BoE), Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) published a discussion paper to share their thinking on the need for operational resiliency within the sector, as well as invite feedback from the industry. The context of their paper is that operational disruptions have the potential to harm consumers and other market participants, threaten the viability of firms, and ultimately cause instability in the UK financial system. The intent is that they will look to form regulation and legislation to build up the financial services industry’s operational resilience.
Operational resilience is defined by the BoE/PRA/FCA as “the ability of firms, financial market infrastructure and the system as a whole to prevent, respond to, recover and learn from operational disruptions”.
However, ensuring operational resiliency isn’t easy for any financial services organisations;
- often they will have a complex systems landscape – multiple integration points and interwoven dependencies, both within their own organisations and with multiple third party providers
- they are seeing an increase in cyber-attacks – both frequency and sophistication
- they are operating in a market where there are cost pressures
- keeping pace – both with technology and skills is a challenge
All of this when customers are expecting services to be:
- always available, no matter what time or day of the week
- for transactions to happen instantly
And with new technological disruptions (AI, DLT, FinTechs) constantly emerging, and organisations trying to become digital and leverage the power of hybrid cloud.
Quote by Nick Strange, Director Supervisory Risk Specialists, Bank of England, as part of a speech to the 21st Annual Operational Risk Europe Conference in London in May 2018
As the Boston Consulting Group outlined late last year, a key element of understanding an banks operational resiliency is to understand the services that are provided – what systems, technology, data, facilities and people underpin and deliver them. Once the services are understood, then it is important to understand the criticality of those services – which ones are mission critical and would cause the most disruption to both customers and the wider UK economy if they suffered an unplanned interruption? It is then key to ensure that these mission critical services have the resiliency that is required; can the application cope with failure? Is the underpinning infrastructure resiliently deployed? How is change (both functional and maintenance) deployed and managed?
As banks continue their transformation into digital businesses, the reliance on data to make decisions, to serve customers and to run the business grows; this is even more key in financial services, when you consider the vast amount of data they hold about all of us – whether as individuals or corporates. This data needs to be always available. To help financial services organisations ensure that their mission critical data is always available, HPE announced a new intelligent storage platform that manages itself for every mission-critical application of today and tomorrow. HPE Primera, unlocks the agility of the cloud so banks can innovate without compromise, whilst building upon proven resiliency. Powered by HPE InfoSight, HPE Primera delivers instance access to data with storage that can be set up in minutes, upgrades transparently and is backed by a 100% availability guarantee.
It’s worth noting that the BoE/PRA/FCA are not just looking to form policy and trust the industry to implement and adhere to it. For a number of years they have “stress tested” the larger UK banks to ensure that against certain scenarios they have sufficient capital to continue to lend to the real economy. They are looking to build on that experience to pilot cyber stress testing; in particular in 2019 they are looking to test the impact tolerance for payments in a hypothetical scenario where a banks IT systems supporting their payments function become unavailable. In the future, they may look to test a data integrity scenario (more on this, and the cyber threat, in a future blog).
To conclude, whilst technology isn’t the only factor that helps ensure operational resiliency, it is a fundamental enabler. As the financial services industry continues to transform to become digital, opportunities exist to harness this change to ensure operational resiliency going forward – whether it is leveraging the hybrid cloud to remove point of failure, AI to pro-actively detect issues to prevent unplanned outages, or harnessing new platforms designed to cope with the challenges of delivering digital services both today and tomorrow. If I have struck a chord; and you want to take a closer look at HPE I’ve left a link here for you to investigate or make contact: http://www.hpe.com/uk/primera
Chris Ibbitson
Hewlett Packard Enterprise
Chris_Ibbitson
Chris is a Chief Technologist for HPE, focused on the Financial Services industry. Before joining HPE, Chris has worked at both a Global Systems Integrator, as well as at a Global Bank in a variety of senior architectural roles.
