UK Banks Could Test New Global Measures To Prevent Cyber Attacks

Sam Woods, the Deputy Governor for the Bank of England (BoE) said in an interview this week that banks in the United Kingdom could become the first banks in the world to be subjected to tests that seek to combat cyber attacks.

The BoE in recent years has subjected some of the major banks in the country such as Lloyds Bank, Barclays, Royal Bank of Scotland and HSBC to cyber resilience tests. However Woods believes that this is not enough as cyber criminals have shown in recent times that their hacking skills have vastly improved and financial institutions continue to be one of their major targets.

Tesco Bank faced a major hack in late 2016 as cyber criminals infiltrated the banking system and robbed £2.5 million from nearly 9,000 customers. The cyber attack on Tesco Bank was further proof that even when robust security measures and technology is being used, cyber criminals were still finding ways to infiltrate the system. The BoE wants to ensure that UK banks have enough capital to reimburse its customers as in the case of Tesco Bank where cyber criminals stole money out of customer accounts due to a Tesco Bank system breach.

Woods stated that BoE’s emergency response system was trigged 6 times in the last 12 months and that has further emphasized the fact that UK regulators must act quickly and put in place robust measures to address these hacks. The Deputy Governor thinks a three tie level of tolerance should be put in place to make the banking system more resilient.

The first level of tolerance is low level and aimed at protecting consumers. This should be governed by the Financial Conduct Authority (FCA). The second level of tolerance will examine if the solvency of the company being hacked was good enough. This will be overseen by BoE’s Prudential Regulation Authority. The third level of tolerance would look at monitoring threats to greater financial stability and will be monitored by BoE’s Financial Policy Committee.

Woods stated that the entire exercise would be extremely challenging and expects it to be addressed at the PRA and FPC by the end of this year or early next year. In a statement, Woods said

The reason I am cautious is because this is really an entirely new field of work. It is a greenfield site in regulatory terms. So as we go through it, I think it is possible we have to have several runs at it to get it right because we don’t want to agree something, impose something and then decide that it was really down the wrong track.

---