In April the Financial Conduct Authority issued a Feedback Statement (FS19/2) on its Discussion Paper (DP18 /5) ‘A duty of care and potential alternative approaches’ affecting the financial services industry. The Feedback Statement reports on the outcomes of the consultation and summarises the views of those who responded to the consultation. This is a topic that has been on the regulatory agenda for several years, originally initiated by the Financial Services Consumer Panel (FSCP), but also considered by the Law Commission and the House of Lords Select Committee on Financial Exclusion, with varying degrees of support. The authors have assessed these reform proposals in an earlier blog post. Whilst it is difficult to draw any firm conclusions from this round of discussions as to the FCA’s future policy in this area, it does indicate how the FCA’s work on this topic is developing. (more…)
The regulation of banks is a difficult and high profile task. The banking industry is complex and plays a fundamental role in the UK’s economy. The financial crisis highlighted the importance of the UK having a regulatory regime that can maintain the health and stability of the banking sector. Banks provide payment and funding services that are central to the successful operation of the modern economy. Regulation therefore needs to ensure that the banking sector is healthy. This blog post will briefly outline the main developments in the UK’s regulatory approach in recent years, and will identify the key areas of concern facing the regulators. (more…)
By Dr Holly Powley, Lecturer in Law (University of Bristol Law School).
In the aftermath of the financial crisis, a debate has been raging about the culture of financial services institutions – both in terms of how individuals working with financial institutions conduct themselves, but also on attitudes towards risk-taking within these institutions. Given that banks are now considered to provide consumers with a service that is essential to the operation of the modern economy, this is an important debate.
However, those tasked with regulating and supervising the banking sector haven’t escaped this scrutiny either. If the UK is to avoid a future financial crisis of the magnitude experienced between 2007 and 2009, there also needs to be a culture change within the institutions tasked with overseeing the UK’s financial services sector. The regulatory bodies need to be capable of challenging themselves, their policies, and the institutions they are tasked with supervising: they need to question the status quo. This means a move away from the ‘light touch’ approach that encompassed the Financial Services Authority’s (FSA) regulatory philosophy, avoiding ‘box ticking’ and introducing the exercise of judgement when making decisions about the supervision and regulation of the banking sector. Before the financial crisis, regulators didn’t challenge the conventional wisdom. It was believed that markets were stable, and that institutions were unlikely to fail. There was very little focus on financial stability issues, a point reflected by the fact that (as highlighted in the report on HBOS’s failure) only one of 61 issues discussed by the FSA’s board in the build up to the crisis related to financial stability. The crisis itself highlighted the flaws in that approach. To avoid this in the future, regulators have to ask difficult questions of themselves, and of the regulated sector. (more…)
The day has arrived on which a cyber attack has succeeded in breaching a bank’s security with the result that customers’ money has been taken from their accounts. According to press reports the accounts of around 40,000 customers of Tesco Bank have been accessed and the bank has refunded £2.5 million to 9,000 who have had money removed.
Banks’ IT systems are an obvious target for cybercriminals. The fact that such systems contain both money and data on customers makes them extremely tempting. As banks have developed new channels for delivery of services, such as websites, mobile applications and social media, these have often been added, or linked, to existing out-dated systems. This increased complexity may mean that new avenues of attack are inadvertently created, and make it difficult for a bank to rapidly pinpoint the source of system risks and breaches. The increased use of distributed computing, with multiple systems running across multiple servers, can also create new system risks and simultaneously increase the number of staff requiring access. While external threats are increasing, it appears that industry insiders remain responsible for a significant share of bank fraud. How the Tesco cyber attack was carried out remains unclear, but the scale and speed of the transfer of funds suggests a degree of sophistication. (more…)