Banks, regulators accused of leaving customers at mercy of cyber criminals
In a letter published last week, Andrew Tyrie, who heads the Treasury Committee, called for “vigorous action” from both regulators and banks to remedy cyber security weaknesses within the sector.
The Conservative MP has urged Andrew Bailey, head of the Financial Conduct Authority (FCA) and Sam Woods, deputy governor of the Bank of England and CEO of the Prudential Regulation Authority (PRA), to do more to bolster IT security in financial services in light of major IT lapses.
“Interruptions to the continuity of bank payments services are unacceptably common. It also seems highly plausible that criminals are stealing money from the banks and their customers by electronic means,” Tyrie wrote.
“Bearing in mind that the banks' main job is to look after their customers' money, and make it available to them, this is not a happy state of affairs.”
Tyrie cited a KPMG survey that found 12 percent of bank CEOs did not know if their institution had been hacked.
“Given the great importance of cyber-security and continuity of service to banks and their customers, it is indefensible that some CEOs are unaware of such matters,” Tyrie wrote.
The lack of awareness was even higher among lower level executives according to the KPMG survey, with some 47 percent of banking executive vice presidents and managing directors reporting that they don’t know if their bank’s cyber security had been compromised, and 72 percent of senior vice presidents and directors saying they were unaware.
Commenting on the correspondence, Tyrie said, “Banks continue to suffer failures and breaches of their IT systems, exposing millions of customers to uncertainty, disruption and sometimes distress. We can’t carry on like this.
“Customers remain more exposed than necessary to the risks of IT failures, including delays in paying bills and an inability to obtain access to their own money.”
The FCA found a dramatic leap in cyber-attacks against financial service providers in the past two years, with 75 attacks reported so far in 2016, compared with just five in all of 2014.
This year’s high-profile cyber-heists include February’s Bangladesh Central Bank scam, in which hackers managed to steal some $81 million through SWIFT, a network used by about 11,000 institutions to transfer large amounts of cash.